摘要
AES算法已经被广泛的应用于商业密码领域,未加防护的AES算法可被DPA攻击.掩码是一种有效的抗DPA攻击防护措施,尤其是采用全掩码技术后,常规DPA无法对其成功实施攻击.本文提出了一种选择明文和二阶DPA的组合攻击方法(CSDCA),可成功实施对全掩码AES电路的侧信道攻击.首先利用选择明文的方式降低密钥遍历的空间,由128比特降至每8比特分组进行攻击;同时,选择初始轮的轮输出和第一轮的轮输出作为中间值,采用二阶DPA技术,去除掩码防护,从而成功攻击掩码防护.实验结果表明:对于采用SASEBO板仿真实现的全掩码AES算法,应用CSDCA方法后,采集6万条曲线一小时即可获得密钥.相比于传统的二阶DPA攻击,本方法攻击成功所需的曲线条数(攻击所需时间)可降低94%(由100万条降低至6万条);该方法与业界常用方法(毛刺DPA攻击)相比,曲线条数(攻击时间)可降低79%(由28万条降低至6万条).
The algorithm of AES has been widely used in industry, and unprotected AES algorithm is vulnerable against DPA attack. For the security of AES chip, designers usually use the masking technique as a countermeasure against DPA attack, especially the technique of whole data path masking, which is secure against traditional DPA. This paper proposed a Chosen plaintext and Second-order Differential power analysis Combination Attack(CSDCA). This method can reduce key space to a normal level that an adversary can derive the 8-bit key at a time. Then, take two values into account for removing mask which is second-order DPA, it can lunch a successful attack on masked AES. Experiments show that, implementation of AES with whole data path masking using the SASEBO motherboard, by applying the CSDCA method, only 60,000 measurements are needed to get the AES key in an hour. Compared with the traditional second-order DPA, our CSDCA reduces the number of measurements down to about 94% for a successful attack. Moreover, compared with the common method in academic, CSDCA reduces the number of measurements down to about 79% for a successful attack.
出处
《密码学报》
2014年第6期525-536,共12页
Journal of Cryptologic Research
基金
质检公益性行业科研专项经费资助项目(201310033)
网域空间身份证eID管理技术及系统(2012AA01A403)
关键词
选择明文攻击
二阶DPA
AES
掩码
组合攻击
chosen plaintext attack
second-order DPA
AES
masking
combination attack key word
