一种针对AES密码芯片的相关功耗分析方法  

作　　者：周阳 张海龙 韦永壮[1,3] ZHOU Yang;ZHANG Hailong;WEI Yongzhuang(Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China;State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;State Key Laboratory of Cryptology,Beijing 100878,China)

机构地区：[1]桂林电子科技大学、广西密码学与信息安全重点实验室,广西桂林541004 [2]中国科学院信息工程研究所、信息安全国家重点实验室,北京100093 [3]密码科学技术国家重点实验室,北京100878

出　　处：《桂林电子科技大学学报》2023年第2期135-141,共7页Journal of Guilin University of Electronic Technology

基　　金：广西重点研发计划(桂科AB18281019);广西密码学与信息安全重点实验室基金(GCIS201706);桂林电子科技大学研究生科研创新计划(2018YJCX45)。

摘　　要：针对经典相关功耗分析过程中存在噪声等因素的影响,基于汉明重量与功耗轨迹之间存在线性相关的特性,提出一种针对AES密码芯片的相关功耗分析方法。根据密码算法S盒输出中间值汉明重量分布不均匀的特性,利用区分比将正确密钥与错误密钥进行筛选,得到与功耗轨迹相关性较强的一组明文。在密钥恢复阶段,通过观察这组明文输入找到前2个S盒的泄漏点后,利用分别猜测法逐一找出剩余14个S盒的泄漏区间,而无需遍历所有功耗轨迹即可捕获剩余字节的密钥信息。AT89S52芯片实验分析表明,采用此方法仅需9条明文和对应功耗轨迹即可以90%的成功率正确恢复出AES的单个字节密钥信息,计算复杂度仅为经典相关功耗分析的4.1%,显著提升了相关功耗分析的效率。Aiming at the influence of the noise and other factors in the process of classical correlation power analysis,based on the linear correlation between Hamming weight and power traces,a correlation power analysis method for AES cryptographic chip is proposed.According to the uneven distribution of the median Hamming weight of the S-box output of the cryptographic algorithm,a set of plaintexts with strong correlation with the power traces is obtained by filtering the correct keys and the wrong keys by using the discrimination ratio.In the stage of key recovery,the leakage points of the first two S-boxes are found by observing this set of plaintext inputs,and the leakage intervals of the remaining 14 S-boxes are found one by one by using the separate guessing method,so that the key information of the remaining bytes can be captured without traversing all power traces.The experimental analysis of AT89S52 chip shows that the proposed method can correctly recover the one-byte key of AES with 90%success rate by using only 9 plaintexts and corresponding power traces,and the computational complexity is only 4.1%of the classical correlation power analysis,which significantly improves the efficiency of the correlation power analysis.

关 键 词：相关功耗分析 密码芯片 汉明重量 S盒 

分 类 号：TN918.1[电子电信—通信与信息系统]