SM4密码算法的踪迹驱动Cache分析  被引量：1

作　　者：楼潇轩 张帆[1,2,3] 黄静 赵新杰[5] 刘会英 LOU Xiao-Xuan;ZHANG Fan;HUANG Jing;ZHAO Xin-Jie;LIU Hui-Ying(College of Information Science ＆ Electronic Engineering,Zhejiang University,Hangzhou 310027,China;State Key Laboratory of Cryptology,Beijing 100878,China;Institute of Cyber Security Research,Zhejiang University,Hangzhou 310027,China)

机构地区：[1]浙江大学信息与电子工程学院 [2]密码科学技术国家重点实验室 [3]浙江大学网络空间安全研究中心 [4]61646部队 [5]北方电子设备研究所 [6]装甲兵学院

出　　处：《密码学报》2018年第4期430-441,共12页Journal of Cryptologic Research

基　　金：国家自然科学基金(61472357;61571063);中央高校基本科研业务费(2018QNA5005);国家重点基础研究发展项目(973计划)(2013CB338004)~~

摘　　要：SM4密码是一种商用分组密码算法,是重要的国家密码行业标准.本文研究了SM4密码的抗踪迹驱动Cache攻击能力,并提出两种基于踪迹驱动Cache攻击的分析方法.首先提出了一种基于SM4算法前4轮加密的踪迹驱动Cache分析方法,对其加密前4轮的Cache泄露进行了分析.结果表明当仅考虑Cache访问命中泄露时,25个样本可恢复完整密钥;当同时考虑Cache访问命中和失效泄露时,20个样本可恢复密钥.然后引入代数分析方法,将其和踪迹驱动Cache分析结合进行优化,提出了一种踪迹驱动代数Cache分析方法.实验结果表明与传统踪迹驱动Cache分析相比,踪迹驱动代数Cache分析具有离线分析简单、通用性好、分析泄露轮数多、攻击数据复杂度低等优点,并且这一新方法只需要10个样本即可成功恢复密钥,大大降低了分析所需的样本量.本文的结果对其他典型分组密码的踪迹驱动Cache分析研究有很好的借鉴和参考意义.SM4 is a commercial block cipher which acts an important role as a national encryption standard. This paper evaluates the security of SM4 under the threat of trace driven cache attack, and proposes two analysis methods based on trace driven cache attack. First, a new trace driven cache analysis is proposed to analyze the first four rounds of SM4. Experiment results show that, when only cache misses are considered, 25 samples are required to recover the full master key; when both cache misses and hits are considered, 20 samples are sufficient for the master key recovery. Then an improved method named as trace driven algebraic cache analysis is proposed by combining traditional trace driven cache analysis with algebraic techniques. The results show that, comparing with traditional trace driven cache analysis, the new method is much simpler and more generic, and it can analyze leakages in more rounds and succeed with lower data complexity. The trace driven algebraic cache analysis only needs 10 samples to recover the master key of SM4, so that the sample size required for analysis is greatly reduced. The idea in this paper can be applied for the analysis of trace driven cache attack on other block ciphers.

关 键 词：SM4密码 踪迹驱动Cache分析 代数旁路攻击 踪迹驱动代数Cache分析 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]