Parallel crypto-devices for GF(p) elliptic curve multiplication resistant against side channel attacks

All elliptic curve cryptographic schemes are based on scalar multiplication of points, and hence its faster computation signifies faster operation. This paper proposes two different parallelization techniques to speedup the GF(p) elliptic curve multiplication in affine coordinates and the corresponding architectures. The proposed implementations are capable of resisting different side channel attacks based on time and power analysis. The 160, 192, 224 and 256 bits implementations of both the architectures have been synthesized and simulated for both FPGA and 0.13μ CMOS ASIC. The final designs have been prototyped on a Xilinx Virtex-4 xc4vlx200-12ff1513 FPGA board and performance analyzes carried out. The experimental result and performance comparison show better throughput of the proposed implementations as compared to existing reported architectures.     

基于旁路攻击的AES算法中间变量脆弱点

介绍了针对AES算法的旁路攻击过程, 指出了可行的SPA、DPA以及HDPA攻击方法, 在此基础上, 指出了AES算法面对旁路功耗攻击的脆弱点。其过程是：根据AES算法的实现流程, 查找出可能产生的中间变量, 通过对中间变量的分析, 将潜在的可以被旁路功耗攻击利用的中间变量定义为脆弱点。进一步指出了旁路功耗攻击是利用了AES算法实现过程中数据与密钥的相关性、时钟频率的可测性以及不同指令执行时功耗的差异性来攻破AES算法的。     

两类超奇异椭圆曲线的快速标量乘法

研究了特征为2和3的域上的超奇异椭圆曲线的快速标量乘法。该两类曲线适合建立可证明安全的密码体制,利用这两类曲线的复乘性质,结合Frobenius自同态和可以简单计算的自同态,给出了一种不用预计算的快速算法,相较IEEE1363标准算法,计算效率分别提高了4倍和3倍。     

一种用于加速椭圆曲线数量乘的Signed—Binary整数表示法

椭圆曲线公开加密系统已经得到了广泛的应用，其中最重要并且花费运行时间最多的运算就是计算数量乘。为了提高数量乘的运算度，本文提出了一种用于加速椭圆曲线数量乘的容易实现的Signed—Binary整数表示法，在不增加计算数量乘算法中预处理的复杂度的前提下，减少了点倍乘的次数，有效地提高了计算椭圆曲线点数量乘的速度。     

基于边带信道原子的安全快速椭圆曲线密码点乘算法

简单功耗分析对椭圆曲线点乘算法的安全性具有很大的威胁,在某种程度上可以恢复出密钥。提出一种抵抗简单功耗攻击的快速边带信道原子点乘算法。算法的倍点和点加运算采用形如S-A-N-A-M-N-A（平方-加法-逆运算-加法-乘法-逆运算-加法）的边带信道原子结构,其运算量为：在Jacobian坐标系下倍点运算量为5M+5S+15A,混加运算量为6M+6S+18A;在改进的Jacobian坐标系下,倍点运算量为4M+4S+12A,混加运算量为7M+7S+21A。在效率方面,新的点乘算法比以往的边带信道原子点乘算法的运算速度有较大提高。例如对于采用NAF编码的192bit的点乘算法,当S/M=0.8时,效率提高约7.8%~10%,当S/M=0.6时,提高约18%~20%。     

Differential fault analysis on Camellia

Camellia is a 128-bit block cipher published by NTT and Mitsubishi in 2000. On the basis of the byte-oriented model and the differential analysis principle, we propose a differential fault attack on the Camellia algorithm. Mathematical analysis and simulating experiments show that our attack can recover its 128-bit, 192-bit or 256-bit secret key by introducing 30 faulty ciphertexts. Thus our result in this study describes that Camellia is vulnerable to differential fault analysis. This work provides a new reference to the fault analysis of other block ciphers.     

基于滑动窗口技术的快速标量乘法

标量乘法是椭圆曲线密码体制的核心运算,它的有效实现是近年来信息安全领域研究的一个热点内容。借 助于标量的wMOH表示思想,利用混合坐标表示下直接计算2kQ+尸的策略,改进了基于滑动窗口技术的标量乘法 算法。分析表明,所得算法效率明显提升,并降低了存储需求,能有效提升ELL的实现效率。     

GF(2m)上椭圆曲线标量乘的硬件结构实现

基于Reyhani Masoleh提出的GF(2m)高斯正规基乘法实现了三拍非流水的正规基乘法器,并基于该乘法器实现了一种高性能López-Dahab标量乘硬件结构.Reyhani-Masoleh算法利用乘法矩阵的对称性降低了乘法的复杂度;而López-Dahab标量乘算法由于采用投影坐标,计算速度快且可以有效降低存储需求.基于Reyhani-Masoleh乘法器的López-Dahab标量乘结构可以有效利用两种算法的优势,可以达到目前最好的标量乘硬件结构的性能.     

Efficient elliptic curve scalar multiplication algorithms resistant to power analysis

This paper presents four algorithms for securing elliptic curve scalar multiplication against power analysis. The highest-weight binary form (HBF) of scalars and randomization are applied to resist power analysis. By using a special method to recode the scalars, the proposed algorithms do not suffer from simple power analysis (SPA). With the randomization of the secret scalar or base point, three of the four algorithms are secure against differential power analysis (DPA), refined power analysis (RPA) and zero-value point attacks (ZPA). The countermeasures are also immune to the doubling attack. Fast Shamir’s method is used in order to improve the efficiency of parallel scalar multiplication. Compared with previous countermeasures, the new countermeasures achieve higher security and do not impact overall performance.     

Differential fault analysis on the ARIA algorithm

The ARIA algorithm is a Korean Standard block cipher, which is optimized for lightweight environments. On the basis of the byte-oriented model and the differential analysis principle, we propose a differential fault attack on the ARIA algorithm. Mathematical analysis and simulating experiment show that our attack can recover its 128-bit secret key by introducing 45 faulty ciphertexts. Simultaneously, we also present a fault detection technique for protecting ARIA against this proposed analysis. We believe that our results in this study will also be beneficial to the analysis and protection of the same type of other iterated block ciphers.     

GF（3^m）椭圆曲线群快速算术运算研究

详细研究了GF(3m)上椭圆曲线基本算术运算,给出并证明GF(3m)上超奇异和非超奇异椭圆曲线仿射坐标系下点加、倍点、3倍点和3k倍点计算公式.提出高效3k倍点递归算法,在逆乘率较高时,其效率要优于逐次3倍点算法.在此基础上,提出一种新的变长滑动窗口wrNAF标量乘算法,其在保证较少点加法运算优点的同时可有效降低3倍点的计算量.     

Differential fault analysis on the contracting UFN structure, with application to SMS4 and MacGuffin

The contracting unbalanced Feistel networks (UFN) is a particular structure in the block ciphers, where the “left half” and the “right half” are not of equal size, and the size of the domain of one half is larger than that of the range. This paper studies the security of the contracting UFN structure against differential fault analysis (DFA). We propose two basic byte-oriented fault models and two corresponding attacking methods. Then we implement the attack on two instances of the contracting UFN structure, the block ciphers SMS4 and MacGuffin. The experiments require 20 and 4 faulty ciphertexts to recover the 128-bit secret key of SMS4 in the two fault models, respectively. Under similar hypothesis, MacGuffin is breakable with 355 and 165 faulty ciphertexts, respectively. So our work not only builds up a general model of DFA on the contracting UFN structure and ciphers, but also provides a new reference for fault analysis on other block ciphers.     

Differential power and electromagnetic attacks on a FPGA implementation of elliptic curve cryptosystems

This paper describes the first differential power and electromagnetic analysis attacks performed on a hardware implementation of an elliptic curve cryptosystem. In the same time we also compared the metrics used in differential power and electromagnetic radiation attacks. We describe the use of the Pearson correlation coefficient, the distance of mean test and the maximum likelihood test. For each metric the number of measurements needed to get a clear idea of the right guess of the key-bit is taken as indication of the strength of the metric.     

PRESENT相关功耗分析攻击研究

对PRESENT分组密码抗相关功耗分析能力进行了研究。基于汉明距离功耗模型,提出了一种针对PRESENT S盒的相关功耗分析方法,并通过仿真实验进行了验证。结果表明,未加防护措施的PRESENT硬件实现易遭受相关功耗分析威胁,5个样本的功耗曲线经分析即可恢复64位第一轮扩展密钥,将80位主密钥搜索空间降低到216,因此,PRESENT密码硬件实现需要对此类攻击进行防护。     

素数域椭圆曲线密码系统算法实现研究

针对素数域椭圆曲线密码系统的算法高速实现，分别讨论了对椭圆曲线上的点的加法和倍点运算。以及对点的标量乘法运算进行优化的技术，同时给出了测试比较结果，说明了所讨论的优化技术可以大大提高整个椭圆曲线密码系统的算法实现性能。     

二进制方法点乘的椭圆曲线密码故障攻击

研究椭圆曲线密码(ECC)算法及符号变换故障攻击原理,提出一种改进的符号变换故障攻击算法。该算法通过改变故障注入位置,减少故障对私钥的数值依赖,有效地解决原算法中出现的“零块失效”问题。采用改进算法对二进制方法点乘的ECC进行符号变换故障攻击,通过仿真实验验证该算法的可行性。     

椭圆曲线密码中抗功耗分析攻击的标量乘改进方案

椭圆曲线标量乘法运算是椭圆曲线密码(ECC)体制中最主要的计算过程,标量乘法的效率和安全性一直是研究的热点。针对椭圆曲线标量乘运算计算量大且易受功耗分析攻击的问题,提出了一种抗功耗分析攻击的快速滑动窗口算法,在雅可比和仿射混合坐标系下采用有符号滑动窗口算法实现椭圆曲线标量乘计算,并采用随机化密钥方法抵抗功耗分析攻击。与二进制展开法、密钥分解法相比的结果表明,新设计的有符号滑动窗口标量乘算法计算效率、抗攻击性能有明显提高。     

椭圆曲线中抗SPA和DPA攻击标量乘算法研究

标量乘法的效率和安全性是椭圆曲线密码体制的瓶颈问题,针对椭圆曲线上标量乘法的实现方法,对普通抗SPA和DPA攻击的标量乘算法进行了研究,并提出一种改进算法。改进算法引入随机变量,将标量进行编码,采用点的底层域快速算法和滑动窗口算法,达到兼顾效率和安全性的目标。当滑动窗口长度为4,标量的二进制位长分别为160、192和224 bit时,改进算法效率分别提高了26.9%,21.5%和27.2%。     

一种抗侧信道攻击椭圆曲线标量乘算法的设计与实现

有限域 上点乘运算是影响椭圆曲线密码实现效率的关键运算之一。为提高椭圆曲线密码算法计算的安全性和效率性,从分析固定基点梳形算法（Fixed-base Comb算法）的特点出发,在现有的边信道攻击和标量乘算法的基础上,提出了一种新的标量乘算法——DF-Comb（Distance Fixed-base Comb）算法。新的算法对私钥（ ）重新设计编码、分组计算,在预计算阶段和赋值阶段进行改进,能够极大地提高算法计算阶段的效率;此外,考虑到算法的抗侧信道攻击能力,通过引入乘数分解技术来隐藏算法中相关侧信道信息,引入一种同时多标量乘算法用来提高了抗侧道攻击力,从而增强算法的安全性。仿真实验结果显示,改进的DF-Comb算法算法可以在提高计算效率的同时降计算的存储量。经算法实验比较分析研究,表明该算法能较好地抵抗多种侧信道攻击。