uBlock算法的低代价门限实现侧信道防护方法  被引量：1

作　　者：焦志鹏 陈华[1] 姚富 范丽敏[1] JIAO Zhi-Peng;CHEN Hua;YAO Fu;FAN Li-Min(Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190;University of Chinese Academy of Sciences,Beijing 100049)

机构地区：[1]中国科学院软件研究所可信计算与信息保障实验室,北京100190 [2]中国科学院大学,北京100049

出　　处：《计算机学报》2023年第3期657-670,共14页Chinese Journal of Computers

基　　金：国家自然科学基金项目(62172395)资助.

摘　　要：在传统的基于黑盒模型的密码分析中,攻击者仅可以利用密码算法的输入输出信息进行攻击,现有密码算法在黑盒模型下的安全性已经得到较为充分的论证.但是在灰盒模型下,攻击者的能力得到提高,其不仅可以获取密码算法的输入输出信息,还可以获得密码算法实际执行过程中泄露的功耗、电磁、光等物理信息,这些物理信息和密码算法的中间状态具有相关性,敌手可以利用这种相关性进行秘密信息的恢复,这种攻击被称为侧信道攻击.侧信道攻击自提出以来,由于其相对低的实现代价以及较高的攻击效率对于密码算法的实现安全性造成了严重的威胁.uBlock算法是2019年全国密码算法设计竞赛分组密码一等奖获奖算法,同样受到了侧信道攻击的威胁.目前针对uBlock算法的研究较少,在硬件实现方面主要考虑低延迟高吞吐量的实现,缺乏针对资源受限情况下的低代价优化实现,不利于侧信道防护方案的构造.目前公开的文献中指出其S盒适用于基于门限实现的侧信道防护方案构造,存在3-share的无需新随机数的门限防护方案,但是没有给出具体的实现方案.针对这样的现状,本文首先基于流水线和串行化的思想设计并实现了一种适用于uBlock算法的低代价硬件实现方案;其次在上述低代价实现方案的基础上构造并实现了一种适用于uBlock算法的3-share无需新随机数的门限防护方案;最后针对3-share门限实现面积消耗较大的问题进一步优化实现代价,构造并实现了一种2-share的无需新随机数的门限防护方案.为了验证上述防护方案的实际安全性,本文在FPGA开发板中进行了实际实现,并基于测试向量泄露评估技术进行侧信道评估实验,实验结果验证了3-share和2-share uBlock算法门限防护方案对于侧信道攻击均具有相应的防护能力.为了进一步对比防护方案之间的实现代价,本文从寄存器消In traditional cryptographic analysis based on black box model,attackers can only use the input and output information of cryptographic algorithm to attack,and the security of exist-ing cryptographic algorithms under black box model has been fully demonstrated.However,un-der the grey box model,the ability of the attacker is improved.It can not only obtain the input and output information of the cryptographic algorithm,but also obtain the power consumption,electromagnetic,optical and other physical information leaked during the actual implementation of the cryptographic algorithm.The correlation between the physical information and the inter mediate state of the cryptographic algorithm can be used by the adversary to recover the secret in formation,which is called the side channel attack.Since the side channel attack was proposed,it has posed a serious threat to the security of the implementation security of cryptography algo rithm because of its relatively low implementation cost and high attack efficiency.uBlock algo rithm is the first prize winning algorithm of block cipher in 2019 National Cryptographic Algo rithm Design Competition,which is also threatened by side channel attacks.Now study of uBlock algorithm is less,in terms of hardware implementation mainly consider low delay implementation and high throughput,and lack of low-cost optimization implementations for resource constrained situations,and it is not conducive to the construction of protection scheme against side channel attack.The current public literature points out its S-box is suitable for the construction of side channel protection scheme based on threshold implementation,and there is a 3-share threshold implementation scheme without new random number during the execution of the algorithm,but does not give a concrete implementation scheme.In view of this situation,this paper firstly de signs and implements a low cost hardware implementation scheme suitable for uBlock algorithm based on pipeline and Serialization.Secondly,based on the above low

关 键 词：uBlock算法 侧信道攻击 侧信道防护 门限实现 硬件安全 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]