抗一阶侧信道攻击的QUAD高速并行实现  被引量：1

作　　者：黄娴 李伟键 毕远桥 张云琛 林泳 林思瀚 HUANG Xian;LI Wei-jian;BI Yuan-qiao;ZHANG Yun-chen;LIN Yong;LIN Si-han(School of Computer Science,Guangdong Polytechnic Normal University,Guangzhou 510665,China)

机构地区：[1]广东技术师范大学计算机科学学院,广州510665

出　　处：《小型微型计算机系统》2023年第2期435-441,共7页Journal of Chinese Computer Systems

基　　金：国家自然科学基金面上项目(61872096)资助;广东省科技计划项目(2016a010101030)资助.

摘　　要：随着量子计算机的快速发展,在各种场景下确保物联网设备的安全面临着全新的挑战.多变量密码算法因其具有轻量级、可证明安全性和抵御量子计算机攻击的潜力等优势,成为后量子密码算法中最有前景的候选之一.然而研究发现,侧信道攻击方法只需要150条功耗轨迹即可攻破多变量密码算法QUAD的并行硬件实现.针对多变量密码算法在回写寄存器时普遍存在的侧信道泄露,本文提出了一种轻量级乱序防护方案,利用多项式方程计算时随机打乱各单项式的计算顺序而不影响最终结果的特性,增加一个乱序下标使得寄存器的内部初始状态随机化,并为了保证所有的单项式都只参与一次计算,在每一轮的加密中依次将寄存器中的值循环左移,从而打乱单项式的计算顺序,使得攻击者无法实施一阶侧信道攻击.本文所提出的防护方案只增加11.7%的面积开销就具有良好的抗一阶侧信道攻击能力.With the development of quantum computers,it′s a whole new challenge to ensure the security of Internet of things devices in various scenarios.Multivariate cryptographic algorithms have inherent advantages such as lightweight,provable security,and the potential to resist quantum computers.However,the parallel QUAD without countermeasure is completely broken by the side-channel attack with only 150 power traces.This paper proposes an efficient lightweight countermeasure against the common leakage of multivariate cryptographic algorithms when writing data to a register.Since the order of the monomials of the polynomial equation can be arbitrary disturbed without affecting the encryption result,a shuffling subscript is added to randomize the internal initial state of the register.To ensure that all monomials are calculated only once,the values in the register are circulates one bit to the left in each round of encryption.The order of the monomials is disturbed,which makes it impossible for an attacker to carry out a first-order side-channel attack.The proposed countermeasure only requires area overhead by 11.7%to resist first-order side-channel attacks.

关 键 词：多变量密码算法 侧信道攻击 QUAD 轻量级防护方案 乱序防护 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]