基于有限域的通用掩码防御方案设计与实现  被引量：1

作　　者：姜佳怡 冯燕[1] 唐啸霖 陈岚[1] 李志强[1] JIANG Jiayi;FENG Yan;TANG Xiaolin;CHEN Lan;LI Zhiqiang(EDA Center,Institute of Microelectronics of the Chinese Academy of Sciences,Beijing 100029,China;University of Chinese Academy of Sciences,Beijing 100049,China)

机构地区：[1]中国科学院微电子研究所EDA中心,北京100029 [2]中国科学院大学,北京100049

出　　处：《微电子学与计算机》2024年第9期81-89,共9页Microelectronics & Computer

基　　金：国家重点研发计划(2020YFB2104601)。

摘　　要：加密算法被广泛用来保护秘密信息,侧信道攻击通过捕获侧信道数据对加密算法进行攻击。相关功耗分析(Correlation Power Analysis,CPA)攻击具有易于捕获功耗数据、算法实现简单、攻击效率高等特点,是加密算法的重要威胁之一。掩码技术是一种常用于防御功耗分析攻击的技术,这种技术在不修改算法本身功耗特点的情况下,引入随机数。掩码使算法中间值随机化,降低算法中间值与功耗数据的相关性,能够防御相关功耗分析攻击等。对有限域(Galois Field,GF)实现的高级加密标准(Advanced Encryption Standard,AES)算法、SM4算法使用掩码技术进行防护,重点在于优化有限域求逆算法。针对AES算法、SM4算法分别提出一种有限域掩码算法,使用全掩码技术,其中包含一种通用的有限域求逆算法。该GF(28)上求逆算法共使用6个GF(24)乘法模块,2个GF(24)平方模块,2个GF(24)平方后乘常数模块和1个GF(24)求逆模块,求逆结果输出基本同步。实验结果表明,掩码算法有效提升了算法硬件实现的抗功耗攻击能力。Encryption algorithms are widely used to protect secret information.Side-channel attacks exploit side-channel data to attack encryption algorithms.Correlation Power Analysis(CPA)attack is a significant threat due to its ease of capturing power data,simple algorithm implementation,and high attack efficiency.Masking technique is commonly used to defend against CPA attack.This technology introduces random numbers without modifying the power consumption characteristics of the algorithm itself.The mask randomizes the algorithm intermediate values and reduces the correlation between the algorithm intermediate values and the power consumption data,so it can defend against attacks such as correlated power analysis attack.The focus in protecting the Advanced Encryption Standard(AES)and SM4 algorithms,which are implemented in finite fields,is to optimize the finite fields inversion algorithm.Full mask algorithms are proposed for the AES algorithm and SM4 algorithm respectively,which contain a general finite fields inverse algorithm.The GF(28)inversion algorithm uses a total of six GF(24)multiplication operation modules,two GF(24)square operation modules,two GF(24)post-square multiplication constant operation modules and a GF(24)inversion operation modules,the output of the inverse result is synchronized.The experimental results show that the masking algorithms effectively improve the resistance to power attacks of the hardware implementation of the algorithm,and the defense capability of the hardware implementation of the AES algorithm is improved by more than 110 times compared to the unmasked algorithm.

关 键 词：AES算法 SM4算法 有限域 掩码 S盒 

分 类 号：TN402[电子电信—微电子学与固体电子学]