Analysis And Quantitative Evaluation Of Side Channel Security On Crypto Chips

Information security is dependent on crypto chips. The informatization's advance has made the information security to be a serious status. Crypto chips play a great role on the information security, and it's the gordian technique and basis for the establishment of the information society. Crypto chips have appeared in PCs, cellphones, smart cards, etc, which are related to people's private information.Both cryptographic algorithms and their implementations on the crypto chips determine the information security. There are mainly two systems of cryptographic algorithms--the symmetric key cryptosystem and the public key cryptosystem. The fomer has held the dominant position in all business cryptosystems for a long time, and consists of the Data Encryption Standard (DES), the Advanced Encryption Standard (AES), etc. The public key cryptosystem, also called asymmetric key cryptosystem, contains the Rivest-Shamir-Adleman (RSA) cryptogsystem, the elliptic curve cryptosystems (ECC), etc. All business cryptosystems have a highly mathematical security. But the side channel analysers found it leaked much information about the key while the cryptosystems were implemented on the chips, the key was even exposed directly. So the side channel analysis may be a shortcut to decode the cryptosystems, and it has attracted great interests both in academia and business.Side channel information is the power dissipation and the electromagnetic radiation leaked from the electronic devices while they are working. The side channel analysis on the crypto chips is a way to utilize the side channel information to decode the cryptosystems working on the chips, and it adopts many analytical methods, such as observation, antitheses, difference, statistics, classification, normal distribution, etc. It can decode sensitive information to apply the side channel analysis, even obtain the key directly for several cryptosystems. Domestic and overseas researches on side channel analysis have bred many analysis manners, such as power analysis, electromagnetic radiation analysis, time analysis, etc. The power analysis is the most traditional and effective manner, which includes simple power analysis (SPA), differential power analysis (DPA), etc. The main side channel analysis on smart cards of symmetric key cryptosystems is SPA and DPA, while SPA on public key cryptosystems. At the same time, researches have also bred many countermeasures, which can be separated into two categories--mask and balanced power. The main manner of mask is to mask the power of logic 0 and/or logic 1 by increasing random operations or confusing the sequences of operations. But this manner can't break the basis of side channel analysis, so it can't achieve perfect effects for defense. While the manner of balanced power breaks the basis of side channel analysis, and it's perfect especially to be realized on the circuit logic. In this thesis, there are three methods of balanced power for the scalar multiplication on ECC--the Double-and-Add-Always method, the Montgomery method and the Double-and-Add-Balanced method. Experiments show that all the three methods can resist against SPA, but the Double-and-Add-Balanced method can't even defend the analysis of normal distribution.In order to design efficient countermeasures and compare them, it needs to quantificationally evaluate their efficiency and effectiveness, and to form a unified and quantitative criterion. But both the domestic and overseas researches haven't given an effective criterion. In this thesis, the efficiency and effectiveness depend on the security and the cost either. The security can be represented by the security factor, which can be quantificationally evaluated by the distance of mean significance test (DoM-S-Test). And the cost can be represented by the computational cost. The ratio between the security factor and the computational cost, named efficiency factor, assesses the efficiency and effectiveness of side-channel countermeasures. We use this method to quantificationally evaluate and compare the efficiency and effectiveness of Double-and-Add-Always method, Montgomery method, and Double-and-Add-Balanced method.