CN104734845A - Side-channel attack protection method based on full-encryption algorithm pseudo-operation - Google Patents

Abstract

A side-channel attack protection method based on pseudo-operation of full encryption algorithm in the field of computer security technology, which uses m pseudo-keys and 1 real key to form a key sequence to perform multiple SMS4 encryption calculations, and participates in the real key The SMS4 encryption calculation result obtains the required ciphertext. The position of the real operation generated by the present invention is random, so that the attacker cannot align the power consumption curve, so that the attack cannot be realized. In addition, the use of pseudo-keys can interfere with side-channel attacks, making side-channel attacks ineffective. This solution is divided into full hardware implementation and software call implementation. For the software call implementation, the cryptographic circuit that cannot be modified by the hardware and has no side-channel attack protection can be implemented.

Description

Side-channel attack protection method based on pseudo-operation of full encryption algorithm

technical field

The invention relates to a technology in the field of computer security, in particular to a password circuit bypass attack protection method based on a pseudo-operation of a full encryption algorithm, which is applicable to algorithms such as SMS4.

Background technique

In reality, cryptographic systems are usually implemented with hardware or software in the form of hardware, such as: smart cards, RFID, cryptographic coprocessors, SoC cryptographic chips, cryptographic machines, etc. In the implementation environment of these cryptographic systems, attackers can observe and measure information such as energy consumption and electromagnetic radiation of cryptographic transformations, and it is possible to use these additional information to achieve more effective cryptographic deciphering than traditional mathematical analysis. People usually refer to the attack in this environment as "Side Channel Attack (Side Channel Attack)". In the method of side channel attack, it usually includes Simple Power Analysis (SPA) and Differential Power Analysis (DPA). The SPA attack uses a small amount of power consumption curve (corresponding to a small amount of plaintext) to directly reveal the key or sensitive information related to it by using the characteristics of the cryptographic algorithm and the characteristics reflected in the power consumption curve. The DPA attack is to record the power consumption curve of the cryptographic device when encrypting or decrypting a large amount of different data, and use the statistical method to recover the key in the cryptographic device from the power consumption curve.

The emergence of side-channel attack methods has constituted a great threat to many current chips. Therefore, correspondingly, many kinds of protection methods for side-channel attacks have emerged. The more commonly used protection techniques include hiding techniques and masking techniques. The goal of the concealment strategy is to de-correlate the power consumption of a cryptographic device with the operations performed by the device and the intermediate values processed. The masking technology is to randomize the message and the key, so that the relationship between the key and the power consumption cannot be established. Among the hiding techniques, there is hiding in the time dimension, which includes two hiding methods of randomly inserting pseudo-operations and out-of-order operations. Random insertion of pseudo-operations is to randomly insert some false operations before, after and during the execution of the cryptographic algorithm. This method can destroy the alignment of real operations, making the attack effect greatly reduced in the case of side-channel attacks. Out-of-order operation means that in some cryptographic algorithms, the execution order of specific operations can be changed arbitrarily, so randomness can be introduced by changing the execution order of these operations.

The disadvantage of the mask protection method is that the mask for nonlinear operations (such as S-box) will make the circuit area larger, the cost will be high, and the leakage cannot be completely protected. The concealment technology only reduces the signal-to-noise ratio of the leaked signal, but does not fundamentally protect against side-channel attacks. The combination of pseudo-operation and out-of-order operation we designed, on the one hand, hides the real key, and on the other hand, it also reduces the signal-to-noise ratio. In addition, it can also be used in combination with masking technology, which will not What conflicts arise.

SM4 is an encryption algorithm based on the national standard GM/T 0002‐2012 "SM4 Block Cipher Algorithm" (formerly SMS4 Block Cipher Algorithm). The extended algorithm adopts 32 rounds of nonlinear iterative structure. The structure of the decryption algorithm is the same as that of the encryption algorithm, except that the order in which the round keys are used is reversed, and the decryption round key is the reverse order of the encryption round key.

After searching the prior art, it was found that the Chinese Patent Document No. CN103546277A published (announcement) date 2014.01.29 disclosed a DPA attack and key recovery method and system of SM4 algorithm for smart cards. The method includes the following steps: Step 1, Perform DPA attack on the first 4 rounds of the SM4 algorithm encryption process to obtain the subkeys of the first 4 rounds; step 2, use the obtained 4 rounds of subkeys to restore the SM4 key. The method and system described in this technology can realize the DPA attack of the SM4 algorithm on the smart card, restore the SM4 encryption key, and verify the anti-attack capability of the SM4 algorithm on the smart card.

Chinese Patent Document No. CN103227717A Publication (Announcement) Date 2013.07.31, discloses an application of selective-or input of selection round key for side channel energy analysis of SM4 cipher algorithm, the core of which lies in the process of side channel energy analysis of SM4 cipher algorithm, Select the S-box or round function as the attack point to establish the Hamming distance model, and use the round key XOR input as the previous state v1 of the Hamming distance model. When attacking the S-box, the Hamming distance (HD(v1, v2) ) model's successor state v2 is the S-box output; when attacking the round function, the successor state v2 of the Hamming distance (HD(v1, v2)) model is the round function output/input.

Chinese Patent Document No. CN102546157A Publication (Announcement) Day 2012.07.04 discloses a random hybrid encryption system and its implementation method against energy analysis. The technical system consists of a pseudo-random sequence PN128 generation module, an S box update module, and a mask correction It consists of eleven parts: value generation module, plaintext input register, pseudo-random sequence PN64 generation module, gating circuit A, gating circuit B, SMS4 encryption module, AES encryption module, multiplexer, and ciphertext output register. For the first time, this technology proposes a random hybrid encryption system and its implementation method resistant to energy analysis. Through the pseudo-random sequence PN64, the plaintext is randomly encrypted with the AES or SMS4 algorithm based on the mask technology, and all the basic circuits in the algorithm hardware implementation The units are all realized by symmetrical circuits, which fundamentally eliminates simple and differential energy analysis. The encryption system has multiple working modes and is suitable for different scenarios. However, this technology cannot handle certain situations that require the use of a single algorithm such as the SMS4 algorithm. In addition, if we only consider the mixed protection of algorithms (without considering the mask), this protection cannot completely eliminate DPA attacks, because we The error of the guessing algorithm can be regarded as a kind of noise. Therefore, this protection scheme only reduces the signal-to-noise ratio and increases the difficulty of DPA attacks.

Chinese Patent Literature Nos. CN102412963A and CN102360414A respectively disclose a random sequence-based encryption method with misleading functions and a misleading encryption method that can modify pseudo-random sequences. This technology can obtain false keys, which can mislead cryptanalysis Or, this kind of misleading is determined by the inner key. In order to be able to mislead arbitrarily, a long random sequence is used to generate the subkey, and the long random sequence can be generated by quantum key distribution. Markup in the document is treated in a special way so that even though the specified markup may appear in the text, it is still not confusing. When encrypting, a keyword database is required. The inner encryption uses the database to expand the keywords, and the outer encryption adopts the traditional encryption method. This technology does not need the support of the database when decrypting, avoiding the problem of database synchronization. This technology has a certain use value in encryption applications on various occasions, especially in military affairs. However, this technology is aimed at the "soft grinding and hard foam" attack method, which is protected by misleading the readability of the decrypted plaintext. This method is ineffective against side channel attacks.

Sometimes the chip has been taped out, and the hardware cannot be modified at this time. It is necessary to consider how to achieve the purpose of protecting against side-channel attacks from the perspective of software calls.

Contents of the invention

Aiming at the above-mentioned deficiencies in the prior art, the present invention proposes a side-channel attack protection method based on a pseudo-operation of a full-encryption algorithm, and executes the algorithm through a pseudo-key to greatly increase the difficulty of cracking.

The present invention is achieved through the following technical solutions:

The present invention relates to a side-channel attack protection method based on a pseudo-operation of a full encryption algorithm. The entire calculation has performed multiple encryption algorithm operations. In these multiple encryption operations, the key used in the calculation of the SMS algorithm is from m selected from the key series consisting of 1 fake key and 1 real key. The entire operation has obtained multiple encryption results, and only one result is the real required ciphertext.

The key sequence is randomly selected from the key memory by a key random selection circuit (or software, i.e. software call mode, the same below) or selected from the key memory by the key memory randomly disrupting mechanism, specifically:

① Generate m fake keys and a real key, then use the key memory random scrambling mechanism to perform random scrambling, and record the location of the real key, or

② Determine the serial number K of the real key execution, and the other m pseudo-keys in the key sequence are selected from the key memory by the key random selection mechanism.

For the above two key sequence generation methods, only the first 32 bits of the fake key can be different from the real key, so as to save key storage space, and only need to meet the requirement of making the first round of round keys different. Can.

The SMS4 encryption calculation refers to: perform the round function iterative calculation of the encryption algorithm on the plaintext to be encrypted and each generated round key. The round function iteration number of SMS4 algorithm is 32 times.

After 32 round function iterative calculations, the calculation result of the real key is output as ciphertext.

The present invention relates to a system for realizing the above method, comprising: a round function circuit module of SMS4, a key selection mechanism module, (m+1) key storages, and a periodic round key generation circuit module of SMS4. Wherein: (m+1) key storages are connected with the key selection circuit and transmit true and false keys, the key generation circuit of SMS4 is connected with the round function circuit module of SMS4 and (m+1) round key storage The receptacle is connected and transmits the real round key.

technical effect

Compared with the prior art, the location where the real SMS4 operation is executed in the present invention is random, so that the attacker cannot align the power consumption curve, so that the attack cannot be realized. In addition, due to the use of the pseudo-key execution algorithm, when trying to attack the protection chip, it will interfere with side-channel attacks.

Description of drawings

Fig. 1 is the schematic flow chart of embodiment 1.

Fig. 2 is a schematic diagram of the logarithmic shuffling adopted in embodiment 1 for arranging true and false round keys. (where the subkey represents the first 32 bits of a 128-bit key)

Fig. 3 is the schematic flow chart of embodiment 2.

Fig. 4 is the schematic flow chart of embodiment 3.

Fig. 5 is a schematic flow chart of embodiment 4.

Detailed ways

The embodiments of the present invention are described in detail below. This embodiment is implemented on the premise of the technical solution of the present invention, and detailed implementation methods and specific operating procedures are provided, but the protection scope of the present invention is not limited to the following implementation example.

Example 1

As shown in FIG. 1, N=m+1 in this embodiment. N and m represent the execution times of the SMS4 algorithm and the number of pseudo-keys, respectively.

The implementation device of this embodiment includes: a round function generation module based on SMS4, 1 real key storage, m false key storages, a key storage random scrambling circuit, and a periodic round key generation circuit, wherein: SMS4 The round function is connected to the periodic round key generation circuit and transmitted, the key storage is connected to the key random scrambling circuit and transmitted, and the key random scrambling circuit is connected to the periodic round key generation circuit.

The SMS4-based round function generation module is: a normal SMS4 round function.

The one real key storage is: four 32-bit registers for storing 128-bit keys.

The m pseudo-key memories are: m 32-bit registers for storing m 32-bit pseudo-keys.

The random scrambling circuit of the round key memory is as follows: put the first 32 bits of the m false keys and the real key together and then use the random scrambling circuit of the key memory to randomly scramble, and record the real round key s position. And sequentially pass the 128-bit key composed of the 32 bits after the scrambling and the last 96 bits of the real key to the periodic round key generation circuit to generate the round key.

According to the above, the present embodiment refers to multiple executions (N times) of the SMS4 algorithm, wherein the key can be a real key or a false key to replace the first 32 bits of the real key, and this embodiment relates to the work of the above-mentioned device The process is as follows:

1. First, you need to save m pseudo-keys. These pseudo-keys need to have the following characteristics: Each byte corresponding to the pseudo-key is different. This is used to ensure that the first round of the SMS4 algorithm is calculated for a certain The round key of the S box is different.

2. At the beginning of each encryption, put the first 32 bits of the m pseudo-keys and the real key together, then use the key memory random scrambling circuit to perform random scrambling, and record the position of the real round key (that is, the real round key moment of key execution).

3. Then, according to the randomly scrambled 32-bit key and the last 96 bits of the real key, they are sent to the periodic round key generation circuit in turn, and the SMS4 algorithm is executed N times. The real result is stored in R1, and the pseudo-operation is stored in R2.

Before executing the round function, the periodic round key generation circuit must be executed once to generate the current round key.

4. Finally, take the result in R1 as the ciphertext.

Example 2

As shown in FIG. 3 , N>m in this embodiment. N and m represent the execution times of the SMS4 algorithm and the number of pseudo-keys, respectively.

The implementation device of this embodiment includes: a round function generation module based on SMS4, (m+1) key storages, a periodic round key generation circuit, and a round key random selection circuit, wherein: the round function module of SMS4 is related to the periodic The round key generating circuit is connected and transmitted, the periodic round function generating module is connected and transmitted with the key storage, and the pseudo key storage is connected and transmitted with the periodic key random selection circuit.

The random selection circuit of the key is as follows: the moment when the real key is first positioned to execute the SMS4 algorithm, and the selection of other false keys is randomly and repeatedly selected from the optional false key, and the last 96 of the real key is taken. The bits are combined together into a 128-bit key and transmitted to the periodic round key generation module.

The difference between this embodiment and Embodiment 1 lies in the selection method of the key. The method of key selection in this embodiment is to first locate the moment corresponding to the real round key to execute the SMS4 algorithm, and the selection of keys for other SMS4 executions using pseudo-keys is to randomly and repeatedly select from the optional pseudo-keys.

Example 3

Embodiment 3 is a software calling method, and the selection method of its key is the same as that of Embodiment 1.

The application scenario of Embodiment 3 is that the hardware implementation cannot be changed, and the side-channel attack protection solution with the same effect as Embodiment 1 is implemented through software calling.

Example 4

Embodiment 4 is a software calling method, and the selection method of its key is the same as that of Embodiment 2.

The application scenario of Embodiment 4 is that the hardware implementation cannot be changed, and a side-channel attack protection solution with the same effect as Embodiment 2 is implemented through software calling.

Effectiveness analysis

Description of SMS4 full-algorithm pseudo-operation side-channel attack protection scheme against DPA attack:

For the SMS4 implemented by hardware, due to the existence of key confusion, the intermediate value in the register of each round is related to the 32-bit round key. To carry out ordinary DPA attacks, the 32-bit round key must be guessed at the same time, which cannot be achieved under the current attack conditions. Therefore, the known DPA methods for SMS4 side-channel attacks implemented by this kind of hardware are all using selective in plain text.

The DPA attack method using the chosen plaintext method can only attack the SMS4 implementation from the first round. The above-mentioned embodiment adopts the pseudo-operation method, so that when the attacker is attacking the first round, for embodiment 1, theoretically speaking, the probability of obtaining the real key and the pseudo-key is the same. Therefore, real operations and fake operations cannot be distinguished, and the real key and the fake key are fully confused. In addition, when the number of pseudo-operations (that is, the security parameter) is equal to 255 (maximum), the attacker cannot obtain any key information from the DPA attack at all, thus resisting the attack on SMS4 hardware in theory and in practice. DPA. For Embodiment 2, m=N−1 may also be set. In this case, it is the same as Embodiment 1 in terms of probability, but there are differences in implementation. However, m can also be adjusted so that m<N–1. At this time, the probability of obtaining a false round key is greater than the probability of the real key, which creates a false impression for the attack.

Another protection scheme implicit in the scheme is random insertion of pseudo-operations. Since the location of the real round key is random, it is equivalent to using a random insertion pseudo-operation protection measure. Random insertion of dummy operations will cause real operations to fail to achieve alignment. In this embodiment, as long as the location where the actual operation is performed conforms to a random uniform distribution, then the possibility of the actual operation at that moment is only 1/N. This will greatly reduce the signal-to-noise ratio of side-channel attacks.

Another advantage of the protection scheme is that this method can be used to achieve protection for some chips that are known to be taped out without side-channel attack protection, because these protection measures do not need to modify the hardware, only need to call SMS4 multiple times Algorithm encryption process, and use different keys.

Claims (7)

1. A side-channel attack protection method based on pseudo-operation of full encryption algorithm, characterized in that, multiple SMS4 encryption calculations are performed with m pseudo-keys and 1 real key to form a key sequence, and the real key Participated in the SMS4 encryption calculation results to obtain the required ciphertext. 2. The method according to claim 1, wherein the key sequence is selected from the key memory through a key random selection mechanism or through a key memory random scrambling mechanism. 3. The method according to claim 1 or 2, wherein the key sequence is specifically obtained by any of the following methods: ① Generate m fake keys and a real round key, then use the key memory random scrambling circuit to perform random scrambling, and record the position of the real key, or ② Determine the serial number k of the real key execution, and the other m pseudo-keys in the key sequence are selected from the key memory through the key random selection circuit, or ③Generate m dummy keys and a real round key, then use software to randomly shuffle their order, and record the location of the real key, or ④ Determine the serial number k of the real key execution, and the other m pseudo-keys in the key sequence are selected from the key memory through the random selection method implemented by software. 4. The method according to claim 1, characterized in that, said SMS4 encryption calculation refers to: the plaintext to be encrypted and the key sequence are subjected to round function iterations successively through the round keys generated by the periodic round key generation module Calculate, and take the result of the real key execution as the ciphertext output. 5. The method according to claim 1, wherein said SMS4 encryption calculation refers to transmitting the plaintext to be encrypted and the key sequence to the hardware encryption circuit, and getting the result of the execution of the real key as the ciphertext output . 6. A system for realizing the method described in any preceding claim, comprising: SMS4 periodic round function circuit module, key selection circuit module, (m+1) round key registers, SMS4 round secret Key generation circuit module, wherein: (m+1) key storages are connected with the key selection circuit and transmit true and false round keys, the round key generation circuit of SMS4 and the round function circuit module of SMS4 and (m+ 1) Two key storages are connected and transmit true and false keys. 7. A system that realizes the method described in any of the preceding claims, the software call is characterized in that it includes: SMS4 algorithm circuit module, key selection circuit module, (m+1) round key registers, wherein: ( The m+1) key storages are connected with the key selection circuit and transmit the true and false round keys, and the SMS4 algorithm circuit module is connected with the (m+1) key storages and transmit the true and false keys.