针对AES-128算法的密钥优势模板攻击

doi:10.3969/j.issn.0372-2112.2020.10.018

电子学报 ›› 2020, Vol. 48 ›› Issue (10): 2003-2008.DOI: 10.3969/j.issn.0372-2112.2020.10.018

针对AES-128算法的密钥优势模板攻击

樊昊鹏^1,2, 袁庆军^1,2, 王向宇^1,2, 王永娟^1,2, 王涛^1,2

1. 战略支援部队信息工程大学, 河南郑州 450001;
2. 河南省网络密码技术重点实验室, 河南郑州 450001

收稿日期:2019-07-05 修回日期:2020-06-07 出版日期:2020-10-25
- 作者简介:
- 樊昊鹏 男,1997年4月出生,河南新密人.现为战略支援部队信息工程大学硕士研究生,主要研究方向为网络空间安全,侧信道分析技术.E-mail:fanhaopeng15gc@sina.com
  袁庆军 男,1993年出生,河北衡水人.硕士、讲师,研究方向为网络空间安全、侧信道分析技术.E-mail:gcxyuan@outlook.com
- 基金资助:
- 国家自然科学基金 (No.61872381）; 河南省网络密码技术重点实验室开放基金 (No.LNCT2019-S02）

Key Advantage Template Attack Against AES-128 Algorithm

FAN Hao-peng^1,2, YUAN Qing-jun^1,2, WANG Xiang-yu^1,2, WANG Yong-juan^1,2, WANG Tao^1,2

1. Information Engineering University, Zhengzhou, Henan 450001, China;
2. Henan Key Laboratory of Network Cryptography, Zhengzhou, Henan 450001, China

Received:2019-07-05 Revised:2020-06-07 Online:2020-10-25 Published:2020-10-25
- Supported by:
- National Natural Science Foundation of China (No.61872381); Open Fund of Henan Key Laboratory of Network Cryptography Technology (No.LNCT2019-S02)

摘要/Abstract

摘要： 模板攻击分为模板刻画和密钥恢复两个阶段.针对AES-128算法，模板攻击为每一字节密钥构建256个模板，当攻击者仅获得1000条左右的能量迹时将面临两个问题：一是模板刻画不具有适用性，二是无法恢复正确的密钥.针对这些问题，本文在模板刻画阶段为S盒输出值的汉明重量构建9个模板，利用Panda 2018数据集提供的600条能量迹进行建模；在密钥恢复阶段提出密钥优势叠加的方法，仅需约10条相同密钥加密所产生的能量迹即可有效区分正确密钥，降低了攻击的难度并提高了攻击的成功率.

关键词: 模板攻击, AES-128算法, 密钥优势, 汉明重量模型

Abstract: Template attack is divided into two stages: template description and key recovery. For AES-128 algorithm, when the attacker only got 1000 energy traces, he would face two problems: one was that the template description would not be applicable, the other was that the correct key would not be recovered. To solve these problems, this paper constructed 9 templates for Hamming weight of S-box output value in the template description stage, and used 600 energy traces provided by panda 2018 data set to build the model; in the key recovery stage, this paper proposed the method of key advantage superposition, which only needed about 10 energy traces encrypted to distinguish the correct key. This method reduces the number of energy traces required in the template description stage and key recovery stage, lowered the difficulty of template attack, and improved the success rate of template attack.

Key words: template attack, AES-128 algorithm, key advantage, Hamming weight model

中图分类号:

TN918.1

樊昊鹏, 袁庆军, 王向宇, 等. 针对AES-128算法的密钥优势模板攻击[J]. 电子学报, 2020, 48(10): 2003-2008.

FAN Hao-peng, YUAN Qing-jun, WANG Xiang-yu, et al. Key Advantage Template Attack Against AES-128 Algorithm[J]. Acta Electronica Sinica, 2020, 48(10): 2003-2008.

参考文献

[1] Kocher P C.Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems[A].Annual International Cryptology Conference[C].Berlin,Heidelberg:Springer,1996.104-113.
[2] Chari S,Rao J R,Rohatgi P.Template attacks[A].International Workshop on Cryptographic Hardware and Embedded Systems[C].Berlin,Heidelberg:Springer,2002.13-28.
[3] Rechberger C,Oswald E.Practical template attacks[A].International Workshop on Information Security Applications[C].Berlin,Heidelberg:Springer,2004.440-456.
[4] Agrawal D,Rao J R,Rohatgi P,et al.Templates as master keys[A].International Workshop on Cryptographic Hardware and Embedded Systems[C].Berlin,Heidelberg:Springer,2005.15-29.
[5] Archambeau C,Peeters E,Standaert F X,et al.Template attacks in principal subspaces[A].Proceedings of the 8th International Conference on Cryptographic Hardware and Embedded Systems[C].USA:ACM,2006.1-14.
[6] DENG Gao-ming,ZHANG Peng,ZHAO Qiang.Formal analysis for cipher chip's security against template attack[A].Proceedings of the 2009 First IEEE International Conference on Information Science and Engineering[C].USA:IEEE,2009.1741-1744.
[7] Gierlichs B,Lemke-Rust K,Paar C.Templates vs stochastic methods[A].International Workshop on Cryptographic Hardware and Embedded Systems[C].Berlin,Heidelberg:Springer,2006.15-29.
[8] Oswald D,Paar C.Breaking mifare DESFire MF3ICD40:power analysis and templates in the real world[A].International Workshop on Cryptographic Hardware and Embedded Systems[C].Berlin,Heidelberg:Springer,2011.207-222.
[9] WANG An,et al.Overcoming significant noise:correlation-template-induction attack[A].International Conference on Information Security Practice and Experience[C].Berlin,Heidelberg:Springer,2012.393-404.
[10] Lerman L,Medeiros S F,Veshchikov N,et al.Semi-supervised template attack[A].International Workshop on Constructive Side-Channel Analysis and Secure Design[C].Berlin,Heidelberg:Springer,2013.184-199.
[11] ZHANG H,FENG D,ZHOU Y.Mahalanobis Distance Similarity Measure Based Distinguisher for Template Attack[M].USA:John Wiley & Sons,Inc.2015.
[12] FAN G,ZHOU Y,ZHANG H,et al.Towards optimal leakage exploitation rate in template attacks[J].Security and Communication Networks,2016,9(16):3116-3126.
[13] Karimi N,Guilley S,Danger J L.Impact of aging on template attacks[A].Proceedings of the 2018 on Great Lakes Symposium on VLSI[C].USA:ACM,2018.455-458.
[14] ZHANG H,ZHOU Y.Template attack vs stochastic model:An empirical study on the performances of profiling attacks in real scenarios[J].Microprocessors and Microsystems,2019,66(4):43-54.
[15] ZHANG H.On the exact relationship between the success rate of template attack and different parameters[J].IEEE Transactions on Information Forensics and Security,2019,15(7):681-694.
[16] Batina L,Chmielewski ?,Papachristodoulou L,et al.Online template attacks[J].Journal of Cryptographic Engineering,2019,9(1):21-36.
[17] 樊昊鹏.Panda 2018数据集[OL].https://github.com/kistoday/Panda2018/tree/master/challeng1,2019-7-1.
[18] 崔琦,王思翔,段晓毅,等.一种AES算法的快速模板攻击方法[J].计算机应用研究,2017,34(6):1801-1804. CUI Qi,WANG Si-xiang,DUAN Xiao-yi,et al.A fast template attack method for AES algorithm[J].Computer Application Research,2017,34(6):1801-1804.(in Chinese)
[19] 欧长海,王竹,黄伟庆,等.基于汉明重量模型的密码设备放大模板攻击[J].密码学报,2015,2(5):477-486. OU Chang-hai,WANG Zhu,HUANG Wei-qing,et al.Amplification template attack of cryptographic device based on Hamming weight model[J].Journal of Cryptography,2015,2(5):477-486.(in Chinese)
[20] 刘飚,孙莹.基于公共协方差矩阵的实用模板攻击[J].计算机应用研究,2016,33(1):236-239. LIU Biao,SUN Ying.Practical template attack based on common covariance matrix[J].Computer Application Research,2016,33(1):236-239.(in Chinese)

针对AES-128算法的密钥优势模板攻击

Key Advantage Template Attack Against AES-128 Algorithm

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	尹安琪, 曲彤洲, 郭渊博, 汪定, 陈琳, 李勇飞. 格上基于密文标准语言的可证明安全两轮口令认证密钥交换协议[J]. 电子学报, 2022, 50(5): 1140-1149.
[2]	赵石磊, 杨晓秋, 刘志伟, 于斌, 黄海. 一种低复杂度的改进wNAF标量乘算法[J]. 电子学报, 2022, 50(4): 977-983.
[3]	杨继林, 王念平. 类CLEFIA动态密码结构抵抗差分密码分析能力评估[J]. 电子学报, 2021, 49(11): 2279-2283.
[4]	黄俊君, 关杰. 基于元胞自动机的S盒的性质与神经网络实现研究[J]. 电子学报, 2020, 48(12): 2462-2468.
[5]	魏铎, 高海英. 一种支持算术张成程序的密文策略属性加密方案[J]. 电子学报, 2020, 48(10): 1993-2002.
[6]	王念平. 一类分组密码变换簇抵抗线性密码分析的安全性评估[J]. 电子学报, 2020, 48(1): 137-142.
[7]	李航, 任炯炯, 陈少真. 减轮LEA密码算法的积分攻击[J]. 电子学报, 2020, 48(1): 17-27.
[8]	任炯炯, 张仕伟, 李曼曼, 陈少真. 基于SAT的ARX不可能差分和零相关区分器的自动化搜索[J]. 电子学报, 2019, 47(12): 2524-2532.
[9]	杨志耀, 卓泽朋, 崇金凤. 一类广义布尔函数的相关函数分析[J]. 电子学报, 2019, 47(12): 2556-2560.
[10]	王永, 赵毅, Jerry Gao, 陈燕. 基于分段Logistic映射的二维耦合映像格子模型的密码学相关特性分析[J]. 电子学报, 2019, 47(3): 657-663.
[11]	施泰荣, 关杰, 刘文哲. AEGIS算法的弱状态分析[J]. 电子学报, 2018, 46(9): 2102-2107.
[12]	杜蛟, 刘春红, 张恩, 尚玉婧, 董乐. 基于拉丁方的GF(p)上q元旋转对称弹性函数的新构造[J]. 电子学报, 2018, 46(9): 2173-2180.
[13]	李俊志, 关杰. 非线性反馈移存器型序列密码的完全性通用算法[J]. 电子学报, 2018, 46(9): 2075-2080.
[14]	王念平. 四分组类CLEFIA变换簇抵抗差分密码分析的安全性评估[J]. 电子学报, 2017, 45(10): 2528-2532.
[15]	付立仕, 崔霆, 金晨辉. 嵌套SP网络的New-Structure系列结构的零相关线性逼近与不可能差分性质研究[J]. 电子学报, 2017, 45(6): 1367-1374.