A block password fault-tolerant algebraic bypass analysis method based on multi-inference utilization

Abstract

The invention provides a block password fault-tolerant algebraic bypass analysis method based on multi-inference utilization, which comprises the following steps of: when a key is known, constructinga power consumption track template corresponding to a Hamming weight candidate value in an encryption intermediate state according to a plurality of power consumption tracks in a block password encryption process executed by a controlled password chip; Executing a power consumption track in a block password encryption process by utilizing the power consumption track template and a password chip tobe attacked to obtain a Hamming weight multi-inference value set in an encryption intermediate state; Representing the block cipher algorithm and the Hamming weight multi-inference value set by usingan algebraic equation; And using an analyzer to solve the algebraic equation, and recovering the encrypted master key. It can be seen that for AES block password implementation on the microcontroller, the master key recovery can be achieved through one power consumption track. Moreover, a plurality of Hamming weight inference values corresponding to one power consumption track exist in the actualattack, so that the fault-tolerant capability of the algebraic bypass attack can be greatly improved by utilizing the plurality of inference values.

Description

technical field [0001] It relates to the field of communication and information security, and in particular relates to a fault-tolerant algebraic bypass analysis technology for keys of block ciphers. Background technique [0002] The design security of the cryptographic algorithm is not equivalent to the security of the cryptographic chip implementation. Due to the physical characteristics of the chip, additional information will be leaked, such as execution time, power consumption, electromagnetic radiation, running Bypass information such as faults can be used to infer the relevant value of the intermediate state (such as Hamming weight), and on this basis, secret information can be extracted at a relatively low cost. This type of attack is called a bypass attack. [0003] In actual attacks, due to the noise of the target cryptographic platform itself, test and measurement technology and instruments, an inference about the encryption intermediate state (such as Hamming hea...

AI Technical Summary

Problems solved by technology

[0003] In actual attacks, due to the noise of the target cryptographic platform itself, test and measurement technology and instruments, an inference about the encryption intermediate state (such as Hamming heavy information) obtained based on bypass leaks often has certain errors

Since the algebraic bypass attack needs to convert these inferences into strict algebraic equations and solve the key, a bit of error in the inference will make the equations unsolvable, resulting in the failure of the attack

Most of the existing algebraic side-channel attack research is carried out under the premise that Hamming is error-free, and there is a problem of poor fault tolerance

Images