摘要
SM4算法在2012年3月被作为密码行业标准公开以后,已经得到了广泛的应用.但与此同时,由于侧信道攻击的出现及利用,SM4算法在被用于智能卡等密码设备时,也面临着严重威胁.针对差分功耗分析攻击(DPA),虽然已经有部分掩码防御方案提出,但是均是使用有限域上的乘法及求逆运算代替S盒查表法,导致计算量比较大,设计复杂.一些掩码方案由于主要针对S盒变换进行设计,对算法的整体运算覆盖程度不足,也使得SM4算法并未得到全面的防护.本文提出的一种基于S盒查表方法的随机掩码方案,在无需知道和分析SM4算法的S盒的代数结构的情况下,通过对S盒进行一个随机的线性变换,同时结合多路径乘法掩码的特点,达到对算法运行中所有数据掩码的目的,从而抵御DPA攻击.最后本文分别从理论和实际进行攻击实验,得到了针对指定攻击点的具体分析结果.实验结果显示,相比于已有的掩码方案,本文的掩码方法资源消耗少,实现简单方便,代价小,能够有效消除运算时密钥或敏感数据与能量消耗之间的相关性,增强算法的安全性,抵御DPA攻击.
As an industrial cryptographic standard published in March 2012, SM4 has been widely used. However, in cryptographic devices such as smart cards, it is also under severe threat with the emergence and the utilization of the SCA(Side-Channel Attack). Although several countermeasures have been proposed to resist the attack of differential power analysis(DPA), they all use multiplication and inversion over a finite field instead of S-box look-up tables, leading to complex computational cost and complicated design. As some masking countermeasures are mainly aimed at transformation of S-Boxes, SM4 is not under full protection because of the insufficient coverage of these schemes. Without knowing and analyzing the algebraic structure of SM4's S-Box, this paper proposes a random masking scheme based on the S-box look-up table implementation by using a method of linear transformation to S-box with a random number. The scheme could make all routines and all intermediate data of SM4 being masked to resist the attack of DPA, combined with the characteristics of multi-path multiplicative masking method. Finally, the paper utilizes attack experiments both in theory and practice, and gets the analysis results in detail. The experiment results show that, compared with the existing masking schemes, the proposed scheme reduces the consumption of resource and the implementation is easy and costless. The proposed scheme could effectively eliminate the correlation between the key or sensitive data and the energy consumption, increase the algorithm's security and the resistance against the DPA attack.
出处
《密码学报》
CSCD
2016年第1期79-90,共12页
Journal of Cryptologic Research
