期刊文献+

轻量级认证加密算法Spook的相关能量分析

Correlation Power Analysis of Lightweight Authenticated Encryption Algorithm Spook
下载PDF
导出
摘要 相关能量分析(Correlation Power Analysis,CPA)是主流的侧信道分析方法之一,其攻击成本较低廉,对密码设备有致命威胁。2020年,Bellizia等人提出了轻量级认证加密算法Spook,并声称算法抗侧信道攻击。但上述算法抵御CPA的能力有待分析。基于Spook算法结构及其S盒实现特点,提出了一种CPA攻击方法:利用汉明重量模型刻画其运行时的功耗特征,将S盒输出值映射为假设功耗,并与真实功耗计算相关性,恢复出密钥。实验表明:当S盒采用查找表时,通过采集Clyde-128部件泄露的789条能量迹,可在1分钟内捕获主密钥。当攻击Shadow-512部件时,可恢复部分内部敏感信息,并能求解出相应的128比特明文。另外还分别对比了S盒层采用查找表和切片技术实现时上述算法的安全性能。实验表明在无防护时Spook无法抵御CPA攻击。 Correlation power analysis(CPA)as one of the mainstream side-channel attacks,has a fatal threat to cipher devices because of its very low attacking cost.In 2020,Bellizia et al.proposed a sponge-based lightweight authenticated encryption algorithm,i.e.Spook.The designers claimed that the encryption algorithm is able to resist side-channel attacks.Actually,the ability of the encryption algorithm against CPA remains to be further checked.Based on the structure of the Spook algorithm and its S-box characteristics,a CPA attack method is proposed,where the Hamming weight model is used to describe the power consumption characteristics of its encryption operation.Moreover,the S-box output value to the hypothetical power consumption is checked,where the real power consumption is used to solve the correlation coefficient so that the secret key is determined.Experiments show that the master key of Spook cipher can be successfully recovered within one minute by attacking its Clyde-128 component,where 5650 traces are collected.On the other hand,when the opponent attacks its Shadow-512 component,it can recover part of the internal secret state information so that the corresponding 128-bit plaintext can be captured.Furthermore,the security performance of the encryption algorithm implemented by both the S-box using look-up table and bitslice method is also compared.These results indicate that the Spook cipher cannot resist CPA attack without using mask protection.
作者 潘力 韦永壮 PAN Li;WEI Yong-zhuang(Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin Guangxi 541004,China)
出处 《计算机仿真》 北大核心 2023年第8期294-301,共8页 Computer Simulation
基金 国家自然科学基金(61872103,62062026) 广西自然科学基金(2019GXNSFGA245004)。
关键词 相关能量分析 加密算法 侧信道攻击 汉明重量模型 Correlation power analysis Encryption algorithm Side-channel attack Hamming weight model
  • 相关文献

参考文献5

二级参考文献13

  • 1贾方庆.系统漏洞挖掘技术探讨[J].保密科学技术,2011(1):60-64. 被引量:2
  • 2中国信息安全评测中心.信息安全积极防御技术[M].北京:航空工业出版社.2009:144.
  • 3Paul Kocher,Joshua Jaffe,Benjamin Jun.Differential Power Analysis. Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology . 1999
  • 4GIERLICHS B,BATINA L,TUYLS P.Mutual information analysis a universal differential side-channel attack. Journal of Cryptology . 2010
  • 5LINGE Y,DUMAS C.LAMBERT-LACROIX S.Maximal Information Coefficient Analysis. Cryptology e Print Archive:Report 2014 /012 . 2014
  • 6BATINA L,HOGENBOOM J et al.Getting more from PCA:first results of using principal component analysis for extensive power analysis. Topics in Cryptology–CT-RSA 2012 . 2012
  • 7BRIER E,CLAVIER C,OLIVIER F.Correlation power analysis with a leakage model. Cryptographic Hardware Embedded SystemCHES 2004 . 2004
  • 8GIERLICHS B,BATINA L,TUYLS P,et al.Mutual information analysis. CHES 2008 . 2008
  • 9Suresh Chari,Josyula R Rao,Pankaj Rohatgi.Template Attacks. Cryptographic Hardwareand Embedded Systems . 2002
  • 10VEYRAT-CHARVILLON N,STANDAERT F X.Mutual information analysis:how,when and why. Cryptographic Hardware and Embedded Sys-tems-CHES 2009 . 2009

共引文献6

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部