NTRU全同态掩码防御方案  被引量：3

作　　者：杨亚涛 刘博雅[1] 孙亚飞 李子臣 YANG Ya-Tao;LIU Bo-Ya;SUN Ya-Fei;LI Zi-Chen(Department of Electronic and Communication Engineering,Beijing Electronic Science&Technology Institute,Beijing 100070;College of Information Engineering,Beijng Institute of Graphic Communication,Beijing 102600;School of Telecommunication Engineering,Xidian University,Xi’an 710071)

机构地区：[1]北京电子科技学院电子与通信工程系,北京100070 [2]北京印刷学院信息工程学院,北京102600 [3]西安电子科技大学通信工程学院,西安710071

出　　处：《计算机学报》2019年第12期2742-2753,共12页Chinese Journal of Computers

基　　金：“十三五”国家密码发展基金（MMJJ20170110）资助~~

摘　　要：为了抵抗量子计算机的攻击,相关的后量子密码算法被先后提出.NTRU(Number Theory Research Unit)密码算法是基于格理论的典型算法之一,在NTRU密码方案的硬件设计及实现过程中,主要会面临格攻击、简单能量攻击、差分能量攻击及相关能量攻击等风险.为了解决NTRU算法在实现过程中的侧信道攻击安全隐患,提出一种新的全同态掩码防御方案,并给出电路设计参考模型,所提出方案能够对NTRU算法所有系数执行掩码操作并防范能量攻击.本方案的密钥生成部分采用高斯抽样算法,解密部分采用同态加密实现密文间的全同态运算.设计的全同态掩码方案电路模型中,根据算法功能分为数据采样区、存储区及运算区.本方案通过高斯取样生成密钥,能防范格攻击;通过密文之间的同态运算,可以实现多项式所有系数同时掩码;通过分析算法的同态性,验证了本方案的正确性;通过分析方案的实现过程,论证了该方案能够有效防御选择密文攻击、差分能量攻击、零值攻击及相关能量攻击.In order to resist the attack from quantum computer,the algorithms and protocols based on post quantum cryptography(PQC)had been proposed one by one,generally speaking,post quantum cryptography mainly contained lattice based cryptosystem(LBC),Hash based cryptosystem(HBC),multivariate public key cryptosystem(MPKC),coding theory based cryptosystem(CBC),LBC has been widely researched for its better mathematical properties and security.However,even if the cryptographic algorithm itself is secure,it is also probable to suffer various attacks during its implementation process inevitably.Among them,side channel attack has brought more and more threats to this kind of post quantum cryptographic algorithm.NTRU(Number Theory Research Unit)cryptosystem is one of the typical LBC algorithms;the security of this scheme is based on the shortest vector problem(SVP),it has been the IEEE P1363 standard and finance service industrial standard in USA.During the hardware design and implementation process of NTRU cryptography,there are many potential risks such as Lattice Attack,Simple Power Attack,Differential Power Attack and Related Power Attack and so on.Lee et al.has implemented the Power Attacks for NTRU cryptosystem in 2010;Wang et al.has implemented the attack through combining Chosen Ciphertext Attack and Power Attack in NTRU-Based wireless body area networks in 2013.Up to now,there is still no any research achievement or paper about defense scheme based on Homomorphic Masking technology to resist side channel attack of NTRU cryptosystem.Masking technology is one of common countermeasures to resist side channel attack.By masking the intermediate values and variables,the calculating operations are executed under the masked state,which can effectively guarantee the security of data.The masking technology contains Boolean Masking and Arithmetic Masking.As an important property of public key cryptosystem,homomorphic computation algorithm can operate ciphertext,and can achieve Arithmetic Masking between ciphertext.In order to solv

关 键 词：NTRU 能量攻击 选择密文攻击 掩码 同态加密 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]