一种基于最大偏差的AES功耗分析攻击方法  被引量：1

作　　者：刘政林[1] 韩煜[1] 邹雪城[1] 陈毅成[1] 

机构地区：[1]华中科技大学电子科学与技术系,武汉430074

出　　处：《计算机研究与发展》2009年第3期370-376,共7页Journal of Computer Research and Development

基　　金：国家"八六三"高科技研究与发展计划基金项目(2006AA01Z226);2007新世纪优秀人才支持计划基金项目(NCET-07-0328)~~

摘　　要：针对高级加密标准(AES)密码算法的电路实现,提出了一种改进的功耗攻击方法.该方法的基本思想是选取2次不同明文输入下的汉明重量差为改进功耗模型,通过选择明文能够最大可能性地增大功耗偏差,从而恢复出密钥.采用UMC0.25μm1.8v标准CMOS工艺库,利用Synopsys公司的EDA工具得到AES电路加密过程的功耗仿真曲线,建立起功耗攻击平台,并在此平台上进行多种功耗攻击方法的分析和比较.实验结果表明,与普通的差分功耗分析(DPA)和相关功耗分析(CPA)攻击方法比较,提出的改进攻击方法能够以适当的功耗测量次数,以及更小的计算复杂度实现DPA攻击.Any circuit implementation of a cryptographic system might cause power leakages to reveal more information about the processed secret. A new way is proposed to enhance power analysis attacks on AES circuit implementations. The proposed method adopts Hamming difference of intermediate results as power model and arranges plaintext inputs to maximize the difference of power traces in order to retrieve the key value. Using UMC 0.25 htm 1.8 v technology library and Synopsys EDA tools, a simulation-based power acquisition environment is set up. On the simulation-based platform, various power attacks are conducted on AES circuit implementation. As the partitioning criterions of single-bit and multi-bit differential power analysis （DPA） are usually abstract and simple, these two DPA methods can not retrieve any useful information even with 6000 power measurements. Although the correlation power analysis （CPA） attack can extract the right subkey based on 4000 power measurements, its computational complexity sometimes exhibits a bottle-neck. Experimental results show that the proposed method improves the success rate effectively using acceptable power measurements. Furthermore, the proposed DPA traces can be built through simple summing and subtracting operations instead of complex statistic techniques. Therefore, compared with the original DPA and CPA attacks, the presented DPA approach excels them in both effectiveness and computation requirements.

关 键 词：高级加密标准(AES) 差分功耗分析(DPA) 相关系数功耗分析(CPA) 电路实现 功耗模型 功耗泄漏 

分 类 号：TP309[自动化与计算机技术—计算机系统结构] TP393.08[自动化与计算机技术—计算机科学与技术]