Timing and hamming weight attacks on minimal cost encryption scheme

The timing and Hamming weight attacks on the data encryption standard (DES) cryptosystem for minimal cost encryption scheme is presented in this article. In the attack, timing information on encryption processing is used to select and collect effective plaintexts for attack. Then the collected plaintexts are utilized to infer the expanded key differences of the secret key, from which most bits of the expanded secret key are recovered. The remaining bits of the expanded secret key are deduced by the correlations between Hamming weight values of the input of the S-boxes in the first-round. Finally, from the linear relation of the encryption time and the secret key's Hamming weight, the entire 56 bits of the secret key are thoroughly recovered. Using the attack, the minimal cost encryption scheme can be broken with 223 known plaintexts and about 221 calculations at a success rate a＞99%. The attack has lower computing complexity, and the method is more effective than other previous methods.     

基于汉明重的LED代数旁路攻击研究

对CHES 2011会议提出的LED轻型分组密码抗代数旁路攻击能力进行了评估。给出了密码算法代数旁路攻击模型及LED密码代数方程表示方法;利用示波器采集微控制器ATMEGA324P上的LED实现功耗泄露,选取功耗特征较为明显的部分泄露点,基于 Pearson 相关系数方法推断加密中间状态汉明重;分别基于可满足性问题、伪布尔优化问题、线性编程问题给出了LED密码和汉明重泄露的3种代数方程表示方法;使用CryptoMinisat和SCIP 2种解析器对建立的代数方程求解恢复密钥,在已知明文、未知明密文、容错等场景下进行了大量的攻击实验。结果表明,LED易遭受代数旁路攻击,一条功耗曲线的1轮汉明重泄露分析即可恢复64 bit完整密钥。     

Fully Leakage-Resilient Signatures

A signature scheme is fully leakage resilient (Katz and Vaikuntanathan, ASIACRYPT’09) if it is existentially unforgeable under an adaptive chosen-message attack even in a setting where an adversary may obtain bounded (yet arbitrary) leakage information on all intermediate values that are used throughout the lifetime of the system. This is a strong and meaningful notion of security that captures a wide range of side-channel attacks. One of the main challenges in constructing fully leakage-resilient signature schemes is dealing with leakage that may depend on the random bits used by the signing algorithm, and constructions of such schemes are known only in the random-oracle model. Moreover, even in the random-oracle model, known schemes are only resilient to leakage of less than half the length of their signing key. In this paper we construct the first fully leakage-resilient signature schemes without random oracles. We present a scheme that is resilient to any leakage of length (1?o(1))L bits, where L is the length of the signing key. Our approach relies on generic cryptographic primitives, and at the same time admits rather efficient instantiations based on specific number-theoretic assumptions. In addition, we show that our approach extends to the continual-leakage model, recently introduced by Dodis, Haralambiev, Lopez-Alt and Wichs (FOCS’10), and by Brakerski, Tauman Kalai, Katz and Vaikuntanathan (FOCS’10). In this model the signing key is allowed to be refreshed, while its corresponding verification key remains fixed, and the amount of leakage is assumed to be bounded only in between any two successive key refreshes.     

基于Montgomery算法安全漏洞的SPA攻击算法

公钥密码体制的算法大多基于有限域的幂指数运算或者离散对数运算。而这些运算一般会采用Montgomery算法来降低运算的复杂度。针对Montgomery算法本身存在可被侧信道攻击利用的信息泄露问题,从理论和实际功耗数据2方面分析了Montgomery算法存在的安全漏洞,并基于该漏洞提出了对使用Montgomery算法实现的模幂运算进行简单能量分析（SPA, simple power analysis）攻击算法。利用该算法对实际模幂运算的能量曲线进行了功耗分析攻击。实验表明该攻击算法是行之有效的。     

Efficient Cache Attacks on AES, and Countermeasures

We describe several software side-channel attacks based on inter-process leakage through the state of the CPU’s memory cache. This leakage reveals memory access patterns, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups. The attacks allow an unprivileged process to attack other processes running in parallel on the same processor, despite partitioning methods such as memory protection, sandboxing, and virtualization. Some of our methods require only the ability to trigger services that perform encryption or MAC using the unknown key, such as encrypted disk partitions or secure network links. Moreover, we demonstrate an extremely strong type of attack, which requires knowledge of neither the specific plaintexts nor ciphertexts and works by merely monitoring the effect of the cryptographic process on the cache. We discuss in detail several attacks on AES and experimentally demonstrate their applicability to real systems, such as OpenSSL and Linux’s dm-crypt encrypted partitions (in the latter case, the full key was recovered after just 800 writes to the partition, taking 65 milliseconds). Finally, we discuss a variety of countermeasures which can be used to mitigate such attacks.     

Aiding Side-Channel Attacks on Cryptographic Software With Satisfiability-Based Analysis

Cryptographic algorithms, irrespective of their theoretical strength, can be broken through weaknesses in their implementations. The most successful of these attacks are side-channel attacks which exploit unintended information leakage, e.g., timing information, power consumption, etc., from the implementation to extract the secret key. We propose a novel framework for implementing side-channel attacks where the attack is modeled as a search problem which takes the leaked information as its input, and deduces the secret key by using a satisfiability solver, a powerful Boolean reasoning technique. This approach can substantially enhance the scope of side-channel attacks by allowing a potentially wide range of internal variables to be exploited (not just those that are trivially related to the key). The proposed technique is particularly suited for attacking cryptographic software implementations which may inadvertently expose the values of intermediate variables in their computations (even though, they are very careful in protecting secret keys through the use of on-chip key generation and storage). We demonstrate our attack on standard software implementations of three popular cryptographic algorithms: DES, 3DES, and AES. Our attack technique is automated and does not require mathematical expertise on the part of the attacker     

Multivariate High-Order Attacks of Shuffled Tables Recomputation

Masking schemes based on tables recomputation are classical countermeasures against high-order side-channel attacks. Still, they are known to be attackable at order d in the case the masking involves d shares. In this work, we mathematically show that an attack of order strictly greater than d can be more successful than an attack at order d. To do so, we leverage the idea presented by Tunstall, Whitnall and Oswald at FSE 2013: We exhibit attacks which exploit the multiple leakages linked to one mask during the recomputation of tables. Specifically, regarding first-order table recomputation, improved by a shuffled execution, we show that there is a window of opportunity, in terms of noise variance, where a novel highly multivariate third-order attack is more efficient than a classical bivariate second-order attack. Moreover, we show on the example of the high-order secure table computation presented by Coron at EUROCRYPT 2014 that the window of opportunity enlarges linearly with the security order d. These results extend that of the CHES ’15 eponymous paper. Here, we also investigate the case of degree one leakage models and formally show that the Hamming weight model is the less favorable to the attacker. Eventually, we validate our attack on a real ATMEL smartcard.     

Power analysis attack resilient block cipher implementation based on 1-of-4 data encoding

Side-channel attacks pose an inevitable challenge to the implementation of cryptographic algorithms, and it is important to mitigate them. This work identifies a novel data encoding technique based on 1-of-4 codes to resist differential power analysis attacks, which is the most investigated category of side-channel attacks. The four code words of the 1-of-4 codes, namely (0001, 0010, 1000, and 0100), are split into two sets: set-0 and set-1. Using a select signal, the data processed in hardware is switched between the two encoding sets alternately such that the Hamming weight and Hamming distance are equalized. As a case study, the proposed technique is validated for the NIST standard AES-128 cipher. The proposed technique resists differential power analysis performed using statistical methods, namely correlation, mutual information, difference of means, and Welch's t-test based on the Hamming weight and distance models. The experimental results show that the proposed countermeasure has an area overhead of 2.3× with no performance degradation comparatively.     

机密过程模型：一种量化机密泄漏的方法

In this paper, we propose a theoretical-in-formation Confidential Procedure Model (CPM) to quantify confidentiality ( or information leakage ). The advantages of the CPM model include the fol-lowing: 1) confidentiality loss is formalized as a dy-namic procedure, instead of a static function, and described via the “waterfall” diagram; 2) confiden-tiality loss is quantified in a relative manner, i. e., taken as a quantitative metric, the ratio of the condi-tional entropy being reserved after observing the entropy of the original full confidential information; 3) the optimal attacks including exhaustive attacks as well as all possible attacks that have (or have not even) been discovered, are taken into account when defining the novel concept of the confidential de-gree. To elucidate the proposed model, we analyze the information leakage in side-channel attacks and the anonymity of DC-net in a quantitative manner.     

Securing Encryption Systems With a Switched Capacitor Current Equalizer

Hardware encryption engines are essential components of secure systems. They are widely used in desktop applications such as the trusted platform module as well as in mobile applications where they offer high energy efficiency compared to their software implementation counterparts. Unfortunately, ASIC encryption engines leak side-channel information through their power supplies. This information can be used by attackers to reveal their secret keys with attacks such as differential power analysis. Dual-rail logic and noise addition circuits increase the security against these attacks, but they add higher than 3x overheads in area, power, and performance to unsecured encryption engines. In this work, we present a switched capacitor circuit that equalizes the current to isolate the critical encryption activity from the external supplies, eliminating the side-channel information leakage. The secure encryption system was implemented in a 0.13 ?m CMOS technology with 7.2% area and 33% power overheads and a 2 × performance degradation. The secret encryption key was not revealed after ten million side-channel attacks.     

An Image Authentication Method by Grouping Most Significant Bits

In 2011, Chan proposed an image authentication method by producing the parity check bits from pixels whose bits have been rearranged. Due to this rearrangement, the value of the most-significant bit of each tampered pixel can be determined according to its parity check bits. With the help of the most-significant bit of the pixel, the pixel can be recovered by selecting two possible (7, 4) Hamming code words. However, if the distance between two Hamming code words is within a certain range, incorrect selection may occur. Chan's method added one additional bit to indicate the correct one. It is trivial that this may degrade the quality of the authenticated image. In this paper, we group four most-significant bits into different groups to form a mapping codebook and the mapping codebook is used to produce authentication data instead of the (7, 4) Hamming code book. The experimental results show that the proposed method has a greater ability to recover tampered areas.     

密码算法旁路立方攻击改进与应用

立方攻击的预处理阶段复杂度随输出比特代数次数的增长呈指数级增长,寻找有效立方集合的难度也随之增加。该文对立方攻击中预处理阶段的算法做了改进,在立方集合搜索时,由随机搜索变为带目标的搜索,设计了一个新的目标搜索优化算法,优化了预处理阶段的计算复杂度,进而使离线阶段时间复杂度显著降低。将改进的立方攻击结合旁路方法应用在MIBS分组密码算法上,从旁路攻击的角度分析MIBS的算法特点,在第3轮选择了泄露位置,建立关于初始密钥和输出比特的超定的线性方程组,可以直接恢复33 bit密钥,利用二次检测恢复6 bit密钥。所需选择明文量221.64,时间复杂度225。该结果较现有结果有较大改进,恢复的密钥数增多,在线阶段的时间复杂度降低。     

Jetson Nano神经网络物理电磁泄漏安全研究

如果采用旁路攻击方法对神经网络结构、框架进行攻击,恢复出结构、权重等信息,会产生敏感信息的泄漏,因此,需要警惕神经网络计算设备在旁路攻击领域产生敏感信息泄露的潜在风险。本文基于Jetson Nano平台,针对神经网络及神经网络框架推理时产生的旁路电磁泄漏信号进行采集,设计了基于深度学习方法的旁路攻击算法,对旁路进行分析研究,并对两个维度的安全进行评估。研究表明,良好的网络转换策略能够提升网络分类识别准确率5%~12%。两种评估任务中,针对同一框架下不同结构的典型神经网络推理时,电磁泄漏的分类准确率达到97.21%;针对不同神经网络框架下同一种网络推理时,电磁泄漏的分类准确率达到100%。说明旁路电磁攻击方法对此类嵌入式图像处理器(GPU)计算平台中的深度学习算法隐私产生了威胁。     

扩展的代数侧信道攻击及其应用

Renauld等人提出的代数侧信道攻击是将代数攻击和侧信道攻击结合起来的一种对分组密码的攻击方法.目前的研究主要针对算法的8-bit实现平台,对于更大的如64-bit实现平台,未见文献讨论.为此,本文提出一种扩展的代数侧信道攻击,直接将侧信道信息表示为密钥的显式函数.相比于通常的代数侧信道攻击,所需泄露信息更少.作为应用,给出了对LBlock轻量级分组密码的扩展的代数侧信道攻击,结果如下:对于64-bit平台实现的LBlock,假设其1-3轮输出的Hamming重量可以准确获得,则利用35个已知明文,便可建立关于LBlock 80-bit主密钥的非线性方程组;在普通的PC机上,利用Magma数学软件v2.12-16求Groebner基,1分钟内可以求得80-bit主密钥.这是对LBlock的首个代数侧信道攻击,同时说明Renauld等人给出的对代数侧信道攻击的其中一个防范方法:"将实现方法从8-bit平台转移到更大的设备"是不够的.     

对两个基于混沌的序列密码算法的分析

本文指出"混沌非线性反馈密码序列的理论设计和有限精度实现"和"一类新型混沌反馈密码序列的理论设计"两文基于混沌设计的两个序列密码算法产生的乱数序列的前若干值对密钥的变化并不敏感,据此在已知混沌变换的条件下,可以利用已知明文采取先攻击高位密钥再攻击低位密钥的方法对这两个密码算法进行分割攻击.本文还提出了在正确密钥的分布已知条件下使平均计算复杂性达到最小的穷举攻击算法,并将它与分割攻击方法结合,提出了对上述两个密码算法的优化分割攻击方案,并分析了这两个攻击方案的计算复杂性和成功率.     

分组密码算法CTC的立方分析

立方攻击是在2009年欧洲密码年会上由Dinur和Shamir提出的一种新型密码分析方法,该方法旨在寻找密钥比特之间的线性关系。CTC(Courtois Toy Cipher)是N.Courtois设计的一种用于密码分析研究的分组密码算法,该算法的密钥长度、明文长度和迭代轮数都是可变的。文中利用立方攻击方法针对密钥长度为60bit的4轮CTC进行了分析,在选择明文攻击条件下,结合二次测试可恢复全部密钥,密钥恢复阶段仅需要不到2~10次加密算法。     

A Comprehensive FPGA-Based Assessment on Fault-Resistant AES against Correlation Power Analysis Attack

The secret key used in a cryptosystem can be retrieved by physical attacks such as side-channel analysis (SCA) and fault analysis (FA) attacks. Traditionally, countermeasures for different physical attacks are developed in a separate fashion. To lay a solid foundation for countermeasure development for the emerging combined attacks, it is imperative to thoroughly study how the countermeasure for one attack affects the efficiency of other attack. In this work, we use a FPGA-based platform to investigate whether and how the FA countermeasure can influence the efficiency of the correlation power analysis (CPA) attack. Unlike the previous work using simulations on the S-Box only, our assessments are based on the FPGA emulation of the entire AES. In addition to considering different error detection codes, we compare the key retrieval speed of the CPA attack in the scenarios of using different power models, redundancy types for fault detection, modules under fault protection, and practical FPGA synthesis optimization. Furthermore, we propose a new countermeasure that integrates dynamic masking and error deflection to simultaneously thwart CPA and FA attacks. Experimental results show that for 100,000 power traces, our method successfully prevents the key leakage while other methods leak at least five AES subkey bytes. Meanwhile, our simulation also confirms that the proposed method reduces the success rate of FA attacks by up to 90 % over the other methods.     

Differential Fault Attack on GIFT

GIFT,a lightweight block cipher proposed at CHES2017,has been widely cryptanalyzed this years.This paper studies the differential diffusion characteristics of round function of GIFT at first,and proposes a random nibble-based differential fault attack.The key recovery scheme is developed on the statistical properties we found for the differential distribution table of the S-box.A lot of experiments had been done and experimental results show that one round key can be retrieved with an average of 20.24 and 44.96 fault injections for GIFT-64 and GIFT-128 respectively.Further analysis shows that a certain number of fault injections recover most key bits.So we demonstrate an improved fault attack combined with the method of exhaustive search,which shows that the master key can be recovered by performing 216 and 217 computations and injecting 31 and 32 faults on an average for GIFT-64 and GIFT-128 respectively.     

对自同步混沌密码的分割攻击方法

本文分析了自同步混沌密码的信息泄漏规律,并据此提出了对自同步混沌密码的分割攻击方法.由于能够利用所有时刻的已知明文进行攻击,因而自同步混沌密码比同步混沌密码的抗分割攻击能力更弱.本文以Hong Zhou等提出的自同步混沌密码为例,完成了对密钥规模为64比特且以混沌映射的65次迭代为自同步映射的自同步密码的分割攻击.利用1万个已知明文,在主频为2.5GHz的Pentium-4 PC上,攻击的平均时间为25小时22分,成功率为0.86.     

Novel Technique in Linear Cryptanalysis

In this paper, we focus on a novel technique called the cube–linear attack, which is formed by combining cube attacks with linear attacks. It is designed to recover the secret information in a probabilistic polynomial and can reduce the data complexity required for a successful attack in specific circumstances. In addition to the different combination strategies of the two attacks, two cube–linear schemes are discussed. Applying our method of a cube–linear attack to a reduced‐round Trivium, as an example, we get better linear cryptanalysis results. More importantly, we believe that the improved linear cryptanalysis technique introduced in this paper can be extended to other ciphers.