检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:严迎建[1] 常雅静 朱春生 刘燕江 YAN Yingjian;CHANG Yajing;ZHU Chunsheng;LIU Yanjiang(PLA Information Engineering University,Zhengzhou 450001,China)
出 处:《电子与信息学报》2023年第12期4530-4538,共9页Journal of Electronics & Information Technology
基 金:国家自然科学基金(61832018)。
摘 要:该文分析了格密码解封装过程存在的能量泄露,针对消息解码操作提出一种基于模板与密文循环特性的消息恢复方法,该方法采用汉明重量模型与归一化类间方差(NICV)方法对解码字节的中间更新状态构建模板,并利用密文循环特性构造特殊密文,结合算法运算过程中产生的能量泄露,实现了对格密码中秘密消息和共享密钥的恢复。该文以Saber算法及其变体为例对提出的攻击方法在ChipWhisperer平台上进行了验证,结果表明,该攻击方法可以成功还原封装阶段的秘密消息和共享密钥,在预处理阶段仅需900条能量迹即可完成对模板的构建,共需要32条能量迹完成秘密消息的恢复。在未增加信噪比(SNR)条件下,消息恢复成功率达到66.7%,而在合适信噪比条件下,消息恢复成功率达到98.43%。The energy leakage in the decapsulation process of lattice-based cryptography is analyzed and a message recovery method targeting the message decoding with profiling and ciphertexts rotation is proposed in this paper.The templates are constructed using Hamming weight model as well as Normalized Inter-Class Variance(NICV)for the intermediate state of decoded bytes.The special ciphertexts are built by rotating the original ciphertexts.Combining the energy leakage generated during the calculations,the secret messages and shared keys are recovered.Experiments and tests are carried out with Saber and its variants on the ChipWhisperer-STM32F303 board and the results indicate that the proposed method can successfully recover the secret message and shared key of the encapsulation stage.It only needs 900 energy traces to complete the construction for templates and a total of 32 power traces in recovering the secret message.The success rate of message recovery reaches 66.7%under the condition of no increasing the Signal-to-Noise Ratio(SNR),and 98.43%under the condition of sufficient SNR.
关 键 词:格密码 能量泄露 模板攻击 密文循环特性 Saber算法
分 类 号:TN918[电子电信—通信与信息系统] TP309[电子电信—信息与通信工程]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.219.40.177