摘要
高阶掩码是一种能够有效对抗侧信道攻击的防护技术.基于Ishai等提出的Ishai-Sahai-Wagner框架,出现了一系列行之有效的掩码设计方案,如门限实现方案、多项式掩码方案等.一般认为满足ISW框架的d阶掩码可以对抗d+1阶以下所有的侧信道攻击.2013年,Moradi等发现在一些设计上甚至测试过程中安全的掩码方案,在实际应用中可能会出现单变量泄露导致防护失效,这一发现对包括RP11等方案在内一系列时域分拆掩码方案的安全性提出了新的挑战.另一方面,尽管高阶掩码技术已提出多年,但目前对高阶掩码安全性的量化分析方案仍存在对计算能力、样本数量要求过高的不足.本文将在Moradi、Lomné等研究工作的基础上,对电路的记忆效应及单变量泄露的成因进行研究,给出电路记忆效应的统一化描述.同时,通过联立多个共享因子的差分功耗特征对高阶DPA攻击的所需曲线量进行预测,量化高阶掩码的安全性.与之前的高阶掩码安全性的分析方案相比,本方案在量化安全性的同时,大大降低了测试人员进行高阶分析的计算复杂度及数据复杂度.
The higher order mask is an efficient countermeasure against side channel analysis. Based on the Ishai-Sahai-Wagner framework proposed by Ishai et al., a series of practical masking schemes,such as the threshold implementation, polynomial masking scheme, etc. have been designed. It is generally accepted that a d-order masking scheme that satisfies the ISW framework can resist all the side-channel attacks below(d+1)-th order. In 2013, Moradi et al. found that the univariate leakage in some designs might cause a failure of the mask, which even looks secure during testing, and proposed a new challenge to the security of a series of time-domain split masking schemes including RP11. On the other hand, although the higher order masking technique has been proposed for many years, however,the quantitative analysis scheme for higher order mask security still has some disadvantages such as the high consumption on computing power and large number of samples. In this paper, on the basis of the research work by Moradi and Lomné et al., we study the causes of both the memory effect and univariate leakage, and propose a uniform description of the memory effect. Meanwhile, a method to estimate the number of the traces is proposed by combing the differential power traces of different shares, quantifying the higher order mask security. Compared with the previous quantization of higher order mask security, the new method mitigates the computational complexity and data complexity of higher order analysis significantly.
作者
唐明
王蓬勃
杨国峰
于艳艳
TANG Ming;WANG Peng-Bo;YANG Guo-Feng;YU Yan-Yan(MOE Key Laboratory of Aerospace Information Security and Trusted Computing,Wuhan University,Wuhan 430072,China;State Key Laboratory of Cryptology,Beijing 100878,China)
出处
《密码学报》
CSCD
2018年第4期411-420,共10页
Journal of Cryptologic Research
基金
国家自然科学基金(61472292)
面向智能电网新一代高速高等级安全芯片关键技术研究(526816160015)
湖北省技术创新专项(重大项目)“面向健康服务的可穿戴设备安全与隐私保护研究”(2018AAA046)~~
关键词
高阶掩码
高阶DPA
曲线量估计
单变量泄露
记忆效应
higher order mask
higher order DPA
estimation of number of traces
univariate leakage
memory effect
