面向格密码的能耗分析攻击技术  被引量：1

作　　者：李延斌 朱嘉杰 唐明[3] 张焕国[3] LI Yan-Bin;ZHU Jia-Jie;TANG Ming;ZHANG Huan-Guo(College of Artificial Intelligence,Nanjing Agricultural University,Nanjing 210095;State Key Laboratory of Cryptology,P.O.Box 5159,Beijing 100878;Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,Wuhan University,Wuhan 430072)

机构地区：[1]南京农业大学人工智能学院,南京210095 [2]密码科学技术国家重点实验室,北京100878 [3]武汉大学空天信息安全与可信计算教育部重点实验室,武汉430072

出　　处：《计算机学报》2023年第2期331-352,共22页Chinese Journal of Computers

基　　金：国家自然科学基金项目(62072247,61972295)资助.

摘　　要：量子计算的飞速发展对传统密码的安全性带来巨大挑战,Peter Shor提出的量子计算模型下分解整数和计算离散对数的多项式时间算法对基于传统数论难题的密码系统构成了威胁.美国国家标准与技术研究院(NIST)于2016年开始征集后量子公钥密码算法标准,其中,大多基于格、基于哈希、基于编码、基于多变量这四种密码体制,而基于格的密码体制在其公钥尺寸、计算效率和安全性方面具有更好的平衡性,所占比例最大.然而,格密码的实现在实际环境中易遭受能耗分析攻击(Power Analysis Attacks).能耗分析攻击是利用密码设备运行过程中产生的功耗、电磁等信息,攻击者建立这些旁路信息与密码算法中间值之间的联系从而恢复密钥等敏感信息.自从能耗分析攻击出现以来,该类攻击手段严重威胁了密码系统的安全.随着量子计算的发展,后量子密码的安全性日益成为密码研究的热点,特别地,近期NIST公布了最新轮的后量子密码算法,作为占据比例最多的格密码,其侧信道安全性也受到了学术界的广泛关注.本文针对格密码的能耗分析攻击技术从攻击模型、攻击目标、攻击条件开展研究,分析了面向格密码的攻击原理、格密码的各个算子的侧信道安全性,重点介绍了适用于NIST第三轮格密码的攻击技术,以及相应防护方案的攻击技术,最后讨论了现有面向格密码的能耗分析攻击面临的问题及未来研究方向.With the rapid development of quantum computer research,design,and manufacturing technology,the era of quantum computing is gradually coming.Cryptosystems based on traditional number theory problems are threatened.The development of cryptosystems in the post-quantum era has become a hot spot in the field of cryptography.The National Institute of Standards and Technology(NIST)began to solicit standards for post-quantum public key cryptography algorithms.It announced seven candidate algorithms for the third round,five of which are lattice cryptographic schemes.Lattice-based cryptosystems rely on adding noise to linear equations to solve complex problems and have the largest share in the Post-Quantum Cryptography(PQC)due to their better balance in public key size,computational efficiency,and security.However,implementing lattice ciphers is vulnerable to power analysis attacks in the application of practical environments.Power analysis attacks have been viewed as a physical attack method to recover the sensitive information of cryptographic algorithms effectively.The attackers capture the power consumption,electromagnetic or other information generated during the operation of cryptographic devices and establish the relationship between this information and the intermediate value of the cryptographic algorithm.Since the emergence of power analysis attacks as an important attack method at the hardware level,it has seriously threatened the security of the cryptographic system.In particular,NIST announced the candidate post-quantum cryptographic algorithms in the third round of the PQC project.The academic community has also been widely concerned about the resistance against power analysis attacks of lattice-based cryptography.Lattice ciphers play a vital role in post-quantum cryptography,and its side-channel security is an indispensable indicator to comprehensively measure algorithm security.Therefore,the research on power analysis attack techniques for lattice ciphers results from the current NIST post-quantum algorith

关 键 词：能耗分析攻击 格密码 后量子密码 硬件安全 侧信道泄露 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]