相关能量分析中的后向检错方案

Backward Error Detection Method in Correlation Power Analysis

侧信道分析技术经过20多年的发展,凭借其强大的分析能力及广阔的应用范围,业已成为密码学界研究的热点.而相关能量分析技术则是侧信道分析领域最常用也是最有效的分析方式.本文针对相关能量分析方法无法确认出错的子密钥位置的缺陷,设计了一种后向检错方案,以AES算法为例对算法流程进行了介绍.本方案利用AES算法列混合输出处的能量波形与对应中间值汉明重量的线性关系,通过计算此相关系数,划定阈值的方式,以达到判别出错的密钥字节所在的列混合位置,减小搜索空间的效果,并在密钥枚举过程中,对当前候选子密钥的正确性做出判断,最终构建了一种能够将四个列混合分而治之,四组子密钥分别恢复的密钥搜索方式.实验证明,即使单个字节密钥猜测准确率下降到70%,传统相关能量分析方法几乎无法恢复密钥时,后向检错方案仍能达到60%以上的成功率,成功地将达到相同成功率的波形条数需求减少了30%.

After more than 20 years of development, the side-channel analysis technology has become a hotspot in the field of cryptography with its powerful analysis capabilities and broad applications.The correlation power analysis is the most commonly used and effective analysis method in the field of side-channel analysis. This paper proposes a backward error detection method to overcome the deficiency of the correlation power analysis method that cannot confirm the position of the error bytes in a key guess. This method uses the linear relationship between the energy waveform at the output of MixColumn in the AES algorithm and the corresponding intermediate value. By computing this correlation coefficient, the threshold can be determined, and the wrong key byte in the MixColumn can be located. The proposed method can reduce the search space and judge the correctness of the current candidate subkey during the key enumeration process. This method identifies the wrong key position and constructs a key search scheme that can recover the four sets of sub-keys grouped by MixColumns using a divide-and-conquer strategy. Experiments show that even the accuracy rate of single-byte key guessing drops to 70% when the traditional correlation energy analysis method can hardly recover the key, the backward error detection method can still achieve a success rate higher than 60%. The number of required power traces is reduced by 30% while the same success rate can still be reached.