摘要
相关能量分析(Correlation Power Analysis,CPA)是主流的侧信道分析方法之一,其攻击成本较低廉,对密码设备有致命威胁。2020年,Bellizia等人提出了轻量级认证加密算法Spook,并声称算法抗侧信道攻击。但上述算法抵御CPA的能力有待分析。基于Spook算法结构及其S盒实现特点,提出了一种CPA攻击方法:利用汉明重量模型刻画其运行时的功耗特征,将S盒输出值映射为假设功耗,并与真实功耗计算相关性,恢复出密钥。实验表明:当S盒采用查找表时,通过采集Clyde-128部件泄露的789条能量迹,可在1分钟内捕获主密钥。当攻击Shadow-512部件时,可恢复部分内部敏感信息,并能求解出相应的128比特明文。另外还分别对比了S盒层采用查找表和切片技术实现时上述算法的安全性能。实验表明在无防护时Spook无法抵御CPA攻击。
Correlation power analysis(CPA)as one of the mainstream side-channel attacks,has a fatal threat to cipher devices because of its very low attacking cost.In 2020,Bellizia et al.proposed a sponge-based lightweight authenticated encryption algorithm,i.e.Spook.The designers claimed that the encryption algorithm is able to resist side-channel attacks.Actually,the ability of the encryption algorithm against CPA remains to be further checked.Based on the structure of the Spook algorithm and its S-box characteristics,a CPA attack method is proposed,where the Hamming weight model is used to describe the power consumption characteristics of its encryption operation.Moreover,the S-box output value to the hypothetical power consumption is checked,where the real power consumption is used to solve the correlation coefficient so that the secret key is determined.Experiments show that the master key of Spook cipher can be successfully recovered within one minute by attacking its Clyde-128 component,where 5650 traces are collected.On the other hand,when the opponent attacks its Shadow-512 component,it can recover part of the internal secret state information so that the corresponding 128-bit plaintext can be captured.Furthermore,the security performance of the encryption algorithm implemented by both the S-box using look-up table and bitslice method is also compared.These results indicate that the Spook cipher cannot resist CPA attack without using mask protection.
作者
潘力
韦永壮
PAN Li;WEI Yong-zhuang(Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin Guangxi 541004,China)
出处
《计算机仿真》
北大核心
2023年第8期294-301,共8页
Computer Simulation
基金
国家自然科学基金(61872103,62062026)
广西自然科学基金(2019GXNSFGA245004)。
关键词
相关能量分析
加密算法
侧信道攻击
汉明重量模型
Correlation power analysis
Encryption algorithm
Side-channel attack
Hamming weight model