一种抗DPA及HO-DPA攻击的AES算法实现技术  被引量：11

作　　者：童元满[1] 王志英[1] 戴葵[1] 陆洪毅[1] 

机构地区：[1]国防科学技术大学计算机学院,长沙410073

出　　处：《计算机研究与发展》2009年第3期377-383,共7页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(60706026)~~

摘　　要：对Akkar提出的基于随机掩码的AES(Advanced Encryption Standard)算法实现技术进行了安全性分析,指出了可行的DPA(differential power analysis)及HO-DPA(high order DPA)攻击.在此基础上,提出了AES算法的一种改进实现技术,其核心是用不同的随机量对密码运算过程中的中间结果进行掩码,以消除AES算法实现中可被功耗攻击的漏洞.在各随机量相互独立且服从均匀分布的前提下,进一步证明了改进的实现技术能够有效抗DPA及HO-DPA攻击;给出了改进实现中所需的大量随机量的产生技术.与其他典型防护技术相比,改进的AES算法实现以一定的芯片面积开销获得了高安全性.Akkar proposed a transformed masking based implementation of AES （Advanced Encryption Standard） to prevent against power analysis attack. However, this countermeasure is not truly secure against first order differential power analysis. A thorough analysis of vulnerabilities for Akkar＇s implementation is performed in this paper. Several possible first order and second order differential power analysis attacks to the countermeasure proposed by Akkar for AES are shown. Based on Akkar＇s implementation, an improved countermeasure for AESis proposed. The key of the presented method is to make each intermediate result being masked by various random values to eliminate the vulnerabilities to power analysis attacks in the implementation of AES. When the random values are mutual independent and uniformly distributed, the presented method is proved to be secure against DPA （differential power analysis） and HO-DPA （high-order DPA）. In this improved countermeasure, a large amount of uniformly distributed random values are required to mask all the intermediate results. So an efficient mechanism to generate the large amount of random values is also proposed. An AES coprocessor based on the presented countermeasure is implemented. And the experiment result shows that the proposed implementation achieves the provable security against power analysis attack with some extra cost of hardware complexity in comparison with other typical countermeasures.

关 键 词：差分功耗攻击 高阶功耗攻击 高级加密标准 防护技术 随机掩码 

分 类 号：TP918[自动化与计算机技术]