基于Hamming weight和泄漏光子数的高级加密标准密码芯片光辐射分析攻击

Attack on the advanced encryption standard cipher chip based on the correspondence between Hamming weight and the number of emitted photons

通过研究密码芯片运行时的光辐射迹及其数据依赖性,建立了操作数汉明重量与泄漏光子数的对应关系,提出了一种简单有效的针对高级加密标准(AES)加密算法的密码芯片光辐射分析方法.根据密码芯片运行时的光泄漏特性,利用时间相关单光子计数技术搭建了光辐射分析攻击实验平台,在AES加密算法执行第一次的轮密钥加操作后和字节替换操作后分别进行光泄露信号采集,对基于操作数Hamming weight和AES密码芯片泄漏光子数对应关系的密钥分析攻击方法的有效性进行了实验验证,通过选择几组明文成功地破解了AES加密算法的密钥.实验结果表明,当密码芯片的泄露光子数与操作数的汉明重量呈近似线性关系时,该种光辐射密钥分析攻击方法对AES密码芯片的安全性构成了严重的威胁.

The security of information transmission is of paramount importance in all sectors of society,whether civilian or defence related.In ancient times the encryption of secret messages was mainly realized by physical or chemical means,but this was later supplemented by mathematical techniques.In parallel,the breaking of enemy codes has also been a subject of intense study.To date,the only known absolutely secure means of encryption is through quantum cryptography.However,this still has to be implemented by equipment that is vulnerable to various physical attacks,so it is important to study these methods of attack,both for legitimate users and for the surveillance of criminal activities.Today,nearly all transactions have to be realized through the computer and much effort has been devoted to cracking the software.However,little attention has been paid to the hardware,and it has only recently been realized that computer chips themselves can leak sensitive information,from which a code may even be deciphered.By studying the photonic emission and the data dependency of a cryptographic chip during operation,the correspondence between the Hamming weight of the operand and the number of photons emitted may be established,based on which a simple and effective method is proposed to crack the Advanced Encryption Standard（AES） cipher chip.An experimental platform has been set up for measuring and analyzing the leaked photonic emission using time-correlated single-photon counting.An AT89C52 microcontroller implementing the operation of the AES cipher algorithm is used as a cipher chip.The emitted photons are collected when the first Add Round Key and Sub Bytes of the AES encryption arithmetic are executed,and their respective numbers are found to have a linear relationship with the operand Hamming weight.The sources of noise affecting the photon emission trace have been analyzed,so that the measurement error and uncertainty can be reduced effectively.With the help of our Hamming weight simulation model,by selecting one or several groups of plain text and comparing the corresponding relationship between the Hamming weight of the intermediate values and the number of photons emitted by the cipher chip,the key of the AES encryption algorithm has been successfully recovered and cracked.This confirms the effectiveness of this method of attack,which can therefore pose a severe threat to the security of the AES cipher chip.For the next step in the future,our method will be optimized to narrow the search range,and also combined with other photonic emission analysis attacks（such as simple photonic emission analysis and differential photonic emission analysis） to improve the efficiency.A comparison and evaluation of the various methods will be made.At the same time,our current experimental configuration will be improved to obtain a better collection efficiency and signal-to-noise ratio.