[0032] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.
[0033] With the rapid development of information technology, the role of information security has become more and more important. One of the core technologies in the existing information security field is cryptography. From the various protocols of the computer network application layer to the various hardware devices in the communication system, cryptography plays a very important role. Existing encryption algorithms are mainly divided into two types: symmetric ciphers and public key ciphers. Among them, symmetric ciphers include encryption algorithms such as AES, 3-DES, and SMS4. Symmetric encryption is widely used in various devices due to its high security and simple implementation process. The implementation of cryptographic algorithms includes software and hardware implementation. Software implementation is applied to smart cards and embedded devices due to its good customizability; while hardware implementation is applied to various dedicated encryption chips due to its fast encryption and decryption speed. , Including FPGA, ASIC, etc. However, both the hardware and software implementations of encryption algorithms are subject to various security threats. Among them, side channel analysis is one of the existing important methods to threaten the security of encryption devices.
[0034] When an attacker uses side channel analysis technology to attack an encrypted device, he first needs to use special equipment such as electromagnetic probes to detect the side channel information of the encrypted device, and use an oscilloscope to collect and save the side channel information, and then use multiple side channels The analysis method analyzes this information, and finally achieves the purpose of recovering the correct secret key in the encryption device. When an attacker obtains the correct secret key of the encryption device, all the secret information of the encryption device will be leaked, completely destroying the security of the encryption device. Later, in order to improve the efficiency of side information analysis, scholars proposed various leakage models. However, the existing leakage models have power leakage analysis suitable for registers or buses. The power side channel analysis data of the combined circuit part is not accurate. In order to solve the above-mentioned problems, the present invention provides a method and device for constructing a flip count model. as the picture shows, figure 1 It is a schematic flowchart of a method for constructing a rollover counting model provided by an embodiment of the present invention. figure 1 , The method includes:
[0035] Step 101: Perform a simulation hierarchy model classification on a logic simulation tool used to analyze power consumption leakage in an encrypted device.
[0036] Specifically, the logic simulation tools required to construct a power leakage model include ISIM, ModelSim, etc. According to the different simulation tools selected by the analyst, the simulation classification is different.
[0037] Step 102: Divide the simulation level model into a model without burrs and a model with burrs.
[0038] Specifically, it is judged whether to count the glitch information in the circuit signal, so as to divide the simulation level model into a glitch-free model and a glitch-containing model. The glitch information refers to the unintended transition in the circuit due to the signal transmission delay. The glitch information is useless for the normal operation of the circuit, but it can be used as useful information when doing side channel analysis on the circuit.
[0039] Step 103: Determine that the simulation level model is a glitch-free model, and obtain the final simulation level model according to the simulation level model corresponding to the circuit type of the encryption device.
[0040] Specifically, after the judgment, it is determined that the simulation level model is a glitch-free model, and then the simulation level model is further divided according to the circuit type of the encryption device to obtain the final simulation level model. Among them, the circuit types of encryption devices include: SLCD (simple logical circuit design) or CLCD (complex logical circuit design). SLCD corresponds to the type of post-translation simulation model in the glitch-free model, and CLCD corresponds to the non-glitch-free model. The behavior simulation model type in the glitch model.
[0041] Step 104: Export the simulation data in the final simulation level model as a VCD file.
[0042] Specifically, the relevant circuit data, glitch information data, signal inversion and other simulation data in the final simulation level model are used as simulation results and exported as VCD files. Among them, the VCD file is used to describe all signal changes in the circuit. According to different circuit inputs, different numbers of signal inversions will be reflected in the VCD file. By counting the number of signal inversions at different inputs, the corresponding relationship between the circuit input and the number of signal inversions can be obtained.
[0043] Step 105: Analyze the flip information in the VCD file to obtain a flip count model.
[0044] Specifically, the signal of the flip transition in the VCD file is analyzed to obtain the flip count model, which is the final power consumption leakage model in the embodiment of the present invention.
[0045] The embodiment of the present invention constructs the obtained flip count leakage model through the model level required by the simulation, the description of the glitch information and the type of the actual encryption device circuit, so that the actual side channel power consumption analysis is more targeted and efficient higher.
[0046] Based on the content of the foregoing embodiment, as an optional embodiment: the simulation hierarchy model includes: a behavior simulation model, a post-translation simulation model, a post-mapping simulation model, and a post-wiring simulation model.
[0047] Specifically, when implementing a verilog design, three key steps are required: translation, mapping, and wiring. These steps are common methods in the industry. It should be noted that, in the embodiment of the present invention, behavior simulation is executed before translation in the verilog design. Post-translation simulation, post-mapping simulation, and post-wiring simulation are executed after translation, mapping, and wiring steps respectively.
[0048] The embodiment of the present invention classifies the simulation hierarchical model to make the subsequent leakage model more accurate.
[0049] Based on the content of the foregoing embodiment, as an optional embodiment: further includes:
[0050] If it is determined that the simulation level model is a model with glitches, the post-wiring simulation model is used as the final simulation level model.
[0051] Specifically, in the embodiment of the present invention, the post-mapping simulation model and the post-wiring simulation model belong to models containing glitches. When it is determined that the simulation level model is a glitch-containing model after judgment, the post-wiring simulation model is directly selected as the final simulation level model. This is because although it takes a long time for the simulation model to build the model after wiring, the model obtained by simulation after wiring has the highest accuracy.
[0052] According to the statistics of the glitch information, the embodiment of the present invention selects the wiring simulation model as the final simulation level model for the glitch-containing model, so that the accuracy of the constructed model can reach the highest.
[0053] Based on the content of the foregoing embodiment, as an optional embodiment: the circuit type includes: SLCD or CLCD.
[0054] Specifically, in the Verilog design, the line signal, input signal, and output signal are used as the basic units of jump calculation. Each element in the original design is represented as BLU, and the number of BLU inputs is limited. If a certain signal cannot be represented by one BLU output, multiple BLUs and additional output signals are required to represent it.
[0055] Define CLCD circuit and SLCD circuit: Let BLU(I n ,O) represents a BLU with n-bit input and one-bit output. Among them, I means Input, O means Output, and n is a natural number. y(y∈Y) represents the variable after the ASSIGN statement in the Verilog design, and Y is the set containing all y. at this time, among them Indicates that any logical operation x and y are both one-bit binary variables. At this time, SLCD and CLCD can be expressed as follows:
[0056]
[0057] If the circuit of the encryption device belongs to SLCD, the translated simulation model is selected as the glitch-free model; if the circuit of the encryption device belongs to CLCD, the behavioral simulation model is selected as the glitch-free model.
[0058] The embodiment of the present invention selects the corresponding simulation level model by confirming the circuit type of the encryption device, and then determines the flip count model used for the secondary side channel analysis, and improves the efficiency and accuracy of the obtained flip count model.
[0059] Based on the content of the above embodiment, as an optional embodiment: analyze the flip signal in the VCD file to obtain the flip count model, and then further include:
[0060] Perform side-channel analysis of power consumption on the measured power consumption curve according to the flip meter model.
[0061] Specifically, after obtaining the rollover count model for power leakage analysis, side channel analysis of power consumption is performed on the measured power consumption curve using methods such as correlation power analysis or mutual information power analysis. The embodiment of the present invention does not specifically limit the side channel analysis method of power consumption.
[0062] In the embodiment of the present invention, after the flip count model is obtained, the model is used for power consumption analysis of the actually measured power consumption curve, so that the actual side channel analysis is more targeted and more efficient.
[0063] According to another aspect of the present invention, an embodiment of the present invention also provides a device for constructing a flip count model, see figure 2 , figure 2 It is a block diagram of an apparatus for constructing a flip count model provided by an embodiment of the present invention. The device is used to construct the flip count model in the foregoing embodiments. Therefore, the descriptions and definitions in the method for constructing the rollover counting model in the foregoing embodiments can be used to understand the execution modules in the embodiments of the present invention.
[0064] As shown in the figure, the device includes:
[0065] The model classification module 201 is configured to classify the simulation level model of the logic simulation tool used to analyze the power consumption leakage in the encrypted device;
[0066] The glitch model determination module 202 is used to divide the simulation level model into a glitch-free model and a glitch-containing model;
[0067] The circuit type selection module 203 is used to determine that the simulation level model is a glitch-free model, and obtain the final simulation level model according to the simulation level model corresponding to the circuit type of the encryption device;
[0068] The VCD file obtaining module 204 is used to export the simulation data in the final simulation level model as a VCD file;
[0069] The flip count model determining module 205 is used to analyze the flip signal in the VCD file to obtain the flip count model.
[0070] The embodiment of the present invention constructs the obtained flip count leakage model through the model level required by the simulation, the description of the glitch information and the type of the actual encryption device circuit, so that the actual side channel power consumption analysis is more targeted and efficient higher.
[0071] Based on the content of the foregoing embodiment, as an optional embodiment: the simulation hierarchy model includes: a behavior simulation model, a post-translation simulation model, a post-mapping simulation model, and a post-wiring simulation model.
[0072] The embodiment of the present invention classifies the simulation hierarchical model to make the subsequent leakage model more accurate
[0073] Based on the content of the foregoing embodiment, as an optional embodiment: further includes:
[0074] The post-wiring simulation model determination module is used to determine that the simulation level model is a glitch-containing model, and the post-wiring simulation model is used as the final simulation level model.
[0075] According to the statistics of the glitch information, the embodiment of the present invention selects the wiring simulation model as the final simulation level model for the glitch-containing model, so that the accuracy of the constructed model can reach the highest.
[0076] Based on the content of the foregoing embodiment, as an optional embodiment: the circuit type includes: SLCD or CLCD.
[0077] The embodiment of the present invention selects the corresponding simulation level model by confirming the circuit type of the encryption device, and then determines the flip count model used for the secondary side channel analysis, and improves the efficiency and accuracy of the obtained flip count model.
[0078] Based on the content of the foregoing embodiment, as an optional embodiment: further includes:
[0079] The power analysis module is used for side channel analysis of power consumption on the measured power consumption curve according to the flip meter model.
[0080] In the embodiment of the present invention, after the flip count model is obtained, the model is used for power consumption analysis of the actually measured power consumption curve, so that the actual side channel analysis is more targeted and more efficient.
[0081] Based on the content of the foregoing embodiment, as an optional embodiment: the embodiment of the present invention provides a structural solution for constructing a rollover counting model, such as image 3 As shown, image 3 It is a schematic diagram of the overall structure of the flip counting model provided by the embodiment of the present invention.
[0082] The overall design diagram of the embodiment of the present invention mainly includes four major parts: model classification stage, model selection stage, model construction stage, and model implementation stage. Among them, the model classification stage passes the classified model into the model selection stage, and the model selection stage passes the selected model into the model construction stage. The model construction phase obtains the flip count model through calculation, and then uses the flip count model in the model implementation phase. Side channel power consumption analysis.
[0083] Figure 4 The basic process of the model classification stage is given. The figure contains two parts: the simulation level confirmation stage and the glitch information requirement confirmation stage. The operation process is as follows:
[0084] The tools needed to build the model are commonly used tools for logic simulation, including: ISIM, ModelSim, etc. According to the different simulation tools selected by the analyst, the simulation classification is different. For example, ISIM can be divided into four types: behavior simulation, post-translation simulation, post-mapping simulation, and post-wiring simulation. If the analyst needs to count the glitch information, he can continue to divide the simulation level into simulation without glitch and simulation with glitch. The model classification stage outputs the simulation level model classification supported by the simulation tool.
[0085] Figure 5 The basic process of the model selection phase is given. The figure contains two parts: the circuit type confirmation phase and the model confirmation phase. The operation process is as follows:
[0086] After passing in the available model classifications in the model selection stage, the circuit type confirmation stage confirms that the encryption device circuit belongs to SLCD or CLCD. The model confirmation stage selects the type of flip count model required for the secondary side channel analysis according to the type of the encryption device circuit. If the encryption device circuit belongs to SLCD, then select the translated flip count model as the glitch-free model; if the encryption device circuit belongs to CLCD, select the behavior flip count model as the glitch-free model. The model selection stage finally outputs the flip count model used in the secondary side channel analysis.
[0087] Image 6 The basic process of the model construction phase is given. The figure contains three parts: the logic simulation phase, the simulation data export phase and the model calculation phase. The operation process is as follows:
[0088] 1) The logic simulation stage is based on the logic simulation of the original circuit design using logic simulation tools.
[0089] 2) The simulation data export stage exports the simulation results as a VCD file.
[0090] 3) Analyze the VCD file in the model calculation stage, and obtain the calculated rollover count model.
[0091] After completing the above three steps, the accurate flip count model corresponding to the circuit design can be obtained for use in the subsequent model implementation stage.
[0092] Figure 7 The basic process of the model implementation phase is given. The operation process is as follows:
[0093] In the model implementation phase, the flip count model obtained in the construction phase is used to perform side-channel analysis on the measured power consumption curve through methods such as correlation power analysis or mutual information power analysis.
[0094] In the present invention, specific examples are used to illustrate the principles and implementation of the present invention. The description of the above examples is only used to help understand the method and core idea of the present invention; at the same time, for those of ordinary skill in the art, according to this The idea of the invention will change in the specific implementation and the scope of application. In summary, the content of this specification should not be construed as limiting the invention.