基于Montgomery算法安全漏洞的SPA攻击算法

公钥密码体制的算法大多基于有限域的幂指数运算或者离散对数运算。而这些运算一般会采用Montgomery算法来降低运算的复杂度。针对Montgomery算法本身存在可被侧信道攻击利用的信息泄露问题,从理论和实际功耗数据2方面分析了Montgomery算法存在的安全漏洞,并基于该漏洞提出了对使用Montgomery算法实现的模幂运算进行简单能量分析（SPA, simple power analysis）攻击算法。利用该算法对实际模幂运算的能量曲线进行了功耗分析攻击。实验表明该攻击算法是行之有效的。     

高安全高性能RSA协处理器的设计与实现

为保证智能电网中的数据安全,防止电力通信过程中的数据被篡改,安全芯片的应用必不可少,而RSA算法是安全芯片中应用最广泛的公钥算法之一。RSA算法复杂度高,硬件实现功耗较大,在设计的过程中常常无法完全兼顾性能、功耗、安全性等各个方面。文章设计了一种高性能、能抵抗常见侧信道攻击及EMA电磁攻击的高安全RSA协处理器。提出的随机存储模幂算法真伪运算结果的防护策略,增强了协处理器抵抗侧信道攻击、差分功耗攻击以及EMA电磁攻击的能力。通过两个层级的算法优化来提升协处理器性能,并通过结合CIOS平方算法和Karatsuba算法的改进的Montgomery模乘算法,使得1 024位带防护的RSA算法在UMC 55 nm工艺下的面积为4.8万门@30 MHz,功耗为4.62 mW@30 MHz, FPGA开发板上进行API测试的性能为709.3 kbit/s。     

侧信道攻击方法综述

侧信道攻击主要通过采集密码算法在运行过程中所产生的时间、功耗、电磁等“侧信息”,对这些信息泄露进行分析运算从而破解密钥。文章首先分类总结了常见的侧信道攻击方法,其次以RSA公钥密码算法为例,从攻击目标、攻击步骤、攻击手段等方面阐述了其基于模幂运算的计时攻击原理,最后在此基础上分析总结了抗侧信道攻击的防护策略,并给出了一些安全建议。通过以上分类总结,举例验证,为接下来的侧信道攻击研究提供有价值的参考。     

FPGA密码芯片改进掩码防护方法研究

功耗攻击已对密码芯片物理安全性构成严峻威胁,对其攻击和防御的研究是密码旁路分析的热点问题。文中给出了一种DES伪随机掩码算法的设计和实现方法,分析了算法抗功耗攻击的安全性。结果表明:一般的DES伪随机掩码算法只能抵抗一阶差分功耗攻击,不能有效防御二阶差分功耗攻击。为抵御二阶DPA攻击,采用掩码方法对DES掩码算法结构进行了改进,在理论上具有抗DPA攻击的能力。     

抗功耗攻击的RSA协处理器

RSA是当今被公认为最成熟且应用最广泛的非对称加密算法。最近几年来,大量的文献表明传统的RSA加密算法缺乏包含,很容易遭受侧信道攻击的威胁,特别是功耗分析攻击。本文提出一种抗功耗攻击的RSA协处理器,选择指数随机化掩盖和添加伪操作的方法,能够有效地抵抗简单功耗分析和差分功耗分析攻击;通过结合CSA加法器和两层Karatsuba乘法器实现的基256免减Montgomery模乘器,能够在不消耗过多面积的基础上提高RSA的运算速度。结果表明,本处理器能够在ASIC和FPGA上实现RSA加解密功能。同时,在SMIC 130nm工艺和100MHz时钟频率下进行DC综合,综合报告表明：1024位抗功耗攻击的RSA协处理器吞吐率达到110Kbps,面积约为310k门。     

一种基于奇异值分解的功耗轨迹筛选方法

功耗分析攻击是侧信道分析中针对密码设备最有效的分析手段之一,它利用密码设备消耗的功耗来分析密码设备的敏感信息.差分功耗分析是最早提出的功耗分析方法,也是目前最基本的分析方法之一.但是在实际使用差分功耗分析过程中,由于功耗轨迹存在噪声等因素,往往使得花了较多的功耗轨迹,差分功耗分析的效果一般,难以恢复出正确密钥.针对这个问题,本文提出了一种基于奇异值分解的选择功耗轨迹方法,这种方法可以选择一些质量好的功耗轨迹用于差分功耗分析,提高差分功耗分析的攻击效率.本文的实验验证了该方法的有效性,在同等分析条件下,对于我们自己采集的功耗数据,使用该方法情况下仅需124条功耗轨迹就可以达到80%的成功率,而普通差分功耗分析需要490条;对于DPA Contest 2008/2009提供的数据,使用该方法仅需53条功耗轨迹可以达到80%的成功率,而普通差分功耗分析需要195条.两个不同的实验对象都说明了该方法的有效性.     

抵御简单功耗分析的RSA模幂算法实现

通过分析加法链模幂算法,发现其不仅能提高RSA的加密速度,而且可以抵御SPA攻击.实验证明了加法链模幂算法可以抵御SPA攻击.将加法链模幂算法与RSA的SPA攻击常用防护方法进行对比,说明了加法链模幂算法的特点和优势.     

一种改进的CRT-RSA防御侧信道攻击算法

针对Ha等人提出的CRT-RSA防御算法进行了分析,指出其算法在使用中国剩余定理（CRT）的过程中仍然存在着降低计算效率的模逆运算.为了提高计算性能消除模逆运算,基于明文掩盖方法,提出了一种改进的安全CRT-RSA防御算法,并通过对改进算法的理论分析,证明该算法可抵抗现有已知的功耗攻击（SPA、DPA、RDA和（N-1）攻击）和故障攻击（FA）且不存在模逆运算,从而更加高效与实用.     

DES加密算法的差分电磁攻击实现

差分电磁攻击是一种针对密码算法的侧信道攻击方法.根据CMOS器件工作时产生发射辐射的原理,建立了针对DES加密算法的电磁侧信道攻击平台;对差分攻击方法和电磁辐射分析进行了说明;结合虚拟仪器技术,采用磁场探头对单片机的电磁辐射进行测量,获得了较好的信号;利用针对多CPU的优化算法,实现了在1000组样本量下快速破解DES加密算法,整个实验过程在半小时内完成.     

智能卡抗DPA的硬件解决方案研究

智能卡在执行算法过程中泄露功耗信息.差分功耗分析(DPA)者利用这些信息就可以分析出加密的密钥,其危害远大于传统的数学分析手段.目前有很多软件的手段来防止差分功耗分析,但这些方法相对比较复杂.本文针对硬件层次的几种防差分功耗分析的方法进行了分析研究.     

An improved SMM algorithm

A new fast algorithm to compute modular exponentiation for very large integers is proposed in this paper, which is an improvement of the fast RSA algorithm based on Symmetry of Modular Multiplication(SMM). The SMM algorithm obtains the speed improvement by conditional substitution on every basic operation to decrease the absolute value of product and the operation numbers of modular reductions. The proposed algorithm can get faster operation speed by decreasing the numbers of basic operations. Compared to conventional binary representation, a speed improvement of approximately 47.5% would be expected using the proposed algorithm.     

Fast,compact and symmetric modular exponentiation architecture by common-multiplicand Montgomery modular multiplications

In this paper, the primitive common-multiplicand Montgomery modular multiplication is developed for modular exponentiation. Together with Montgomery powering ladder, a fast, compact and symmetric modular exponentiation architecture is proposed for hardware implementation. The architecture consists of one group of processing elements along the central line and two symmetric groups of accumulation units on two sides. The central elements perform modular reductions, while the symmetric units on both sides accumulate the modular multiplication results. A feedforwarding architecture is employed to decrease the latency between processing elements, in parallel with the word-based accumulation units, which are also pipelined. Meanwhile, due to the symmetric architecture and Montgomery powering ladder, the modular exponentiation is immune from fault and simple power attacks. Implemented in FPGA platform, the performance of our proposed design outperforms most results so far in the literature.     

Recovering lost efficiency of exponentiation algorithms on smartcards

At the RSA cryptosystem implementation stage, a major security concern is resistance against so-called side-channel attacks. Solutions are known but they increase the overall complexity by a non-negligible factor (typically, a protected RSA exponentiation is 133% slower). For the first time, protected solutions are proposed that do not penalise the running time of an exponentiation     

Montgomery算法的研究与实现

分析了Montgomery算法，指出用改进的预计算Montgomery算法实现模幂运算的过程，分析并比较了两种实现模采和模幂乘算法。并分别用C^ 和Modeleim进行仿真，得出仿真测试结果。     

一种基于边信道原子的快速标量乘算法

Simple power analysis is the most devastating attack on the security of elliptic curve scalar multiplication and can probably retrieve the secret key. In this paper, we analyze the formulas of point doubling and addition on Jacobi-quartic Curve in projective coordination. In addition, a fast and secure side-channel atomic scalar multiplication algorithm is proposed using the side-channel atomic block. Compared with the previous methods, the new algorithm is more efficient. For 192 bits scalar using NAF recoding, the efficiency of the new algorithm is increased by about 6.7%~23% if S/M=0.8 or 12.7%~33.2% if S/M=0.6.     

A Systolic, High Speed Architecture for an RSA Cryptosystem

An architecture based on the RSA public key cryptography algorithm is presented. The circuit includes two components, one for modular squaring and one for modular multiplication. Each component is based on the Montgomery algorithm and implements the modular operations using two modified serial-parallel multipliers. A full modular exponentiation is completed every n(n + 3) clock cycles. All circuits are systolic, operate with 100% efficiency and their maximum combinational delay is equal to one gated Full-Adder. Thus, high-speed performance is achieved while the low cell hardware complexity enables an efficient VLSI implementation.     

一种基于CSA加法器的Montgomery模幂乘硬件实现算法

提出了一种改进的Montgomery模乘和模幂算法,该算法采用5-to-2 CSA加法器来实现Montgomery模乘算法中的超长大数加法。目前使用CSA加法器的其他模乘算法在模乘结果输出时均需要用CPA加法器来处理CSA加法器的输出结果,而本文提出的算法使得模乘运算的输入输出操作数均可采用保留进位形式,避免了进行超长操作数的CPA加法这一耗时的操作,因此显著减少了模乘运算所需时钟周期,提高了数据处理的时间效率,并加快了RSA模幂运算的速度。     

Securing Encryption Systems With a Switched Capacitor Current Equalizer

Hardware encryption engines are essential components of secure systems. They are widely used in desktop applications such as the trusted platform module as well as in mobile applications where they offer high energy efficiency compared to their software implementation counterparts. Unfortunately, ASIC encryption engines leak side-channel information through their power supplies. This information can be used by attackers to reveal their secret keys with attacks such as differential power analysis. Dual-rail logic and noise addition circuits increase the security against these attacks, but they add higher than 3x overheads in area, power, and performance to unsecured encryption engines. In this work, we present a switched capacitor circuit that equalizes the current to isolate the critical encryption activity from the external supplies, eliminating the side-channel information leakage. The secure encryption system was implemented in a 0.13 ?m CMOS technology with 7.2% area and 33% power overheads and a 2 × performance degradation. The secret encryption key was not revealed after ten million side-channel attacks.     

模幂运算的并行算法NSP

给出一种基于预处理计算的模幂运算并行算法NSP,在并行数据分布、并行运行方式等方面较以往的并行算法有更大的灵活性,在曙光-2000上进行了模拟实验,结果表明,由于平方-乘的运算量很少,该并行算法大大节约了模幂运算的时间。