Hybrid Power Analysis Method For Block Cipher Algorithm

Block cipher algorithms play an important role in information security and are widely used in cryptographic products.However,the security of cryptographic products not only requires that the cryptographic algorithms used can resist existing mathematical analysis methods,but also ensure the safety of implementing them on physical carriers.side-channel attack are methods of attacking cryptographic algorithms operating on physical devices.Compared to mathematical analysis,side-channel attack has characteristics such as low cost and diverse implementation methods.Based on the research on the basic methods of side-channel attacks,this paper focuses on the side-channel attack,mask protection and high-order attack methods for the SM4 algorithm and AES algorithm.The main contents are as follows:1.Based on the existing side-channel attack technology,design and implement a side-channel attack and leakage detection system.The main functions include data preprocessing,DPA,CPA and TVLA.The system supports the import and processing of files in HDF5 format,and can visualize the data to help users intuitively understand the attack results.The system test results show that: the system can perform DPA experiment,CPA experiment and non-specific TVLA experiment on a variety of cryptographic algorithms combined with data preprocessing,and visualize the experimental results.2.Provide a chosen-plaintext side-channel attack method to attack hardware implementation of SM4 algorithm,a threshold implementation scheme of SM4 algorithm with 1st-order side channel security suitable for hardware implementation.In the attack method,by deriving the relationship between the intermediate value and the plaintext and the key,the way to attack each key byte to select the plaintext is obtained.In the protection scheme,the S-box implementation of the SM4 algorithm is decomposed by the composite domain,the generation and storage methods of the round constant and the round key are changed,the calculation method of the linear operation is changed,and the hardware implementation area of the SM4 algorithm is reduced.On this basis,based on the theory of secret sharing and multi-party secure computing,a 2-shared threshold implementation scheme is proposed,which changes the S-box from 1 input to 2 inputs,reconstructs and multiplexes the S of the encryption and decryption circuit and the key expansion circuit through the mask circuit.box reduces the implementation area.The CPA results of the SM4 algorithm without masking show that the chosen-plaintext method proposed in this paper can effectively attack the SM4 algorithm.The security test results and hardware overhead test of the SM4 algorithm threshold implementation scheme show that this masking scheme can effectively resist CPA attacks,and the implementation area is relatively low.3.For the secAES masking scheme implemented by affine and out-of-order technologies,a Side-Channel Attack method that combines deep learning and traditional methods is proposed.First,a convolutional neural network is used to learn 16 multiplicative leak features when encrypting the secAES mask scheme,and to recover with high probability the multiplicative mask bytes used when encrypting each plaintext block.Secondly,under the premise of recovering the multiplication mask bytes,use the Scatter attack method to break the protection of out-of-order execution in Sub Bytes,and execute the key recovery attack.Key recovery is also performed based on deep learning and CPA respectively.Experiments show that in the stage of recovering the multiplicative mask,Dense Net-121 can recover the multiplicative mask used by each group with a probability of 98.34%.In the key recovery phase,all keys can be recovered within 5 energy traces using deep learning methods.Compared with the existing attack methods,the method in this paper decomposes the high-order attack into two steps of mask byte recovery and cryptographic algorithm key recovery,and can break the protection of the secAES mask scheme without complicated high-order attacks.The method is simple and easy to implement.