CN103138917B - The Hamming distance model being input as basis with S box carries out SM4 cryptographic algorithm side channel energy analytical method - Google Patents

Abstract

The invention discloses and be input as with S box the method that basic Hamming distance model carries out the channel energy analysis of SM4 cryptographic algorithm side, its core is to carry out in the channel energy analytic process of SM4 cryptographic algorithm side, round function is selected to set up Hamming distance model as the point of attack, using the input of S box as the front and continued state v of Hamming distance model ₁, Hamming distance (HD (v ₁, v ₂)) the successor states v of model ₂it is round function input/output.The method can be applicable to the CPA/DPA side channel energy analysis of SM4 cryptographic algorithm.Utilize method of the present invention to improve the correct correlation guessed between key and energy information, enhance and analyze validity and success rate.

Description

Method for analyzing side channel energy of SM4 cryptographic algorithm by using Hamming distance model based on S box input

Technical Field

The invention belongs to the technical field of cryptographic algorithm analysis and detection, and particularly relates to an energy analysis method for performing side channel energy analysis on a cryptographic module for realizing an SM4 cryptographic algorithm and acquiring protected key information in the processes of cryptographic algorithm realization, side channel energy analysis and cryptographic module detection, namely, a hamming distance model based on S-box input is used for performing SM4 cryptographic algorithm side channel energy analysis.

Background

With the development of information technology, various cryptographic algorithms are being widely applied to important departments such as economy, military, and administration to protect the security of information. In view of the importance of the cryptographic algorithm, the analysis and research of the implementation of the cryptographic algorithm software and hardware (cryptographic module) have important significance for protecting the information security. In recent years, a variety of attacks on cryptographic modules have been widely known, all for the purpose of obtaining a key in a cryptographic module. Common attack modalities can be divided into invasive, semi-invasive and non-invasive attacks. In recent years, side channel analysis in non-invasive attacks has been widely used due to its ease of implementation and relative low cost. Side channel analysis can be subdivided into timing analysis, energy analysis, and electromagnetic analysis. The side channel energy analysis is one of the most common methods in a plurality of analysis means, breaks through the analysis mode of the traditional cryptographic algorithm, and has strong capability and relatively easy implementation. The side channel energy analysis utilizes the correlation between the energy consumption of the cryptographic module and the data operation and execution, establishes an energy model based on an energy leakage function realized by the cryptographic algorithm, and guesses and verifies a protected key used by the cryptographic module by using a statistical method. Side-channel energy analysis methods generally include simple energy analysis (SPA), differential energy analysis (DPA), correlated energy analysis (CPA), and higher order differential energy analysis (HODPA).

Wherein, the DPA principle is as follows: acquiring N energy traces for encryption/decryption operation of N groups of plaintext/ciphertext data, wherein the energy traces refer to energy consumption measurement vectors acquired in the process of one-time password operation; generating a corresponding intermediate value (attack object) for each guessing key K, and determining a selection function according to the intermediate value; dividing the energy trace set into two subsets by a selection function; and respectively averaging the energy consumption corresponding to the two subsets, and calculating the difference of the two average energy consumption values, wherein the average value difference is the influence effect of the intermediate value corresponding to the selection function on the energy trace. According to the statistical theory, if K guesses incorrectly, when the number N of the energy traces approaches infinity, the mean difference of the two subsets approaches zero; if K guesses correctly, at some sample point in the energy trace, a maximum peak (absolute maximum) of the mean difference will occur, from which the correct key can be determined.

The CPA principle is as follows: acquiring N energy traces for encryption/decryption operation of N groups of plaintext/ciphertext data; for each guess key K, generating a corresponding intermediate value (attack object); establishing an energy model according to the intermediate value; mapping the intermediate value into simulation energy consumption through an energy model; calculating a linear correlation coefficient between the simulation energy consumption and the energy trace, wherein the range is between [ -1,1 ]; the maximum value of the absolute value in the correlation coefficient is selected to be 1 theoretically, but noise interference is inevitable in the process of acquiring the energy trace, the maximum value is smaller than 1, and the guessed key corresponding to the maximum value of the correlation coefficient is the correct key.

The SM4 cryptographic algorithm is the first commercial cryptographic grouping algorithm published in China, the data grouping and key length of the SM4 cryptographic algorithm are both 128 bits, and the encryption algorithm and the key expansion algorithm of the SM4 cryptographic algorithm both adopt 32-round nonlinear iteration structures.

The structure of the SM4 cryptographic algorithm is as follows:

is provided with $(X_0,X_1,X_2,X_3)\∈{\left(Z_2^{32}\right)}^4$ In order to encrypt the plaintext, $(X_i,X_{i+1},X_{i+2},X_{i+3})\∈{\left(Z_2^{32}\right)}^4$ is the input of the algorithm of the ith round,for the round key of the ith round, the round function F is:

F(X_i,X_i+1,X_i+2,X_i+3,rk_i)＝X_i⊕T(X_i+1⊕X_i+2⊕X_i+3⊕rk_i)(1)

wherein,the method is a reversible transformation and is compounded by a nonlinear transformation tau and a linear transformation L, namely T () -, L (. tau ()).

τ is made up of 4 parallel S-boxes, as shown in FIG. 2, with the input set toOutput is as $B=(b_0,b_1,b_2,b_3)\∈{\left(Z_2^8\right)}^4,$ Then:

(b₀,b₁,b₂,b₃)＝τ(A)＝(Sbox(a₀),Sbox(a₁),Sbox(a₂),Sbox(a₃))(2)

the output of the non-linear transformation τ is the input of the linear transformation L. Let the input beOutput is as $C\∈Z_2^{32},$ Then:

C＝L(B)＝B⊕(B<<<2)⊕(B<<<10)⊕(B<<<18)⊕(B<<<24)(3)

suppose A_iFor the i-th round S-box input, B_iFor the output of the ith round S box, input of L shift, C_iIs the output of the i-th wheel L shift. According to the algorithm, the following is satisfied:

A_i＝(X_i+1⊕X_i+2⊕X_i+3⊕rk_i)(4)

B_i＝τ(A_i)(5)

C_i＝L(B_i)(6)

X_i+4＝X_i⊕C_i(7)

according to the above formulas (4), (5), (6) and (7), the wheel input (X) of the (i + 1) th wheel can be obtained_i+1,X_i+2,X_i+3,X_i+4) Sequentially operating 32 rounds to obtain output cipher text $Y=(Y_0,Y,Y_2,Y_3)=(X_{35},X_{34},X_{33},X_{32})\&Element;{\left(Z_2^{32}\right)}^4,$ The encryption structure flow of the SM4 cryptographic algorithm is shown in fig. 1.

The key expansion algorithm of the SM4 cryptographic algorithm is similar in structure to the encryption algorithm, as in fig. 2, only the linear transformation L shift function is inconsistent. Let the initial encryption key be (MK)₀,MK₁,MK₂,MK₃)。

(K₀,K₁,K₂,K₃)＝(MK₀⊕FK₀,MK₁⊕FK₁,MK₂⊕FK₂,MK₃⊕FK₃)(8)

Wherein (FK)₀,FK₁,FK₂,FK₃) Are known constants.

rk_i＝K_i+4＝K_i⊕T′(K_i+1⊕K_i+2⊕K_i+3⊕CK_i)＝K_i⊕L'(τ(K_i+1⊕K_i+2⊕K_i+3⊕CK_i))(9)

Wherein, the tau function is consistent with the tau function in the SM4 cryptographic algorithm encryption structure, and rk_iIs the encryption key of the ith round, i is 0,1, …,31, CK_iAre known constants.

The linear transformation L' is:

L'(x)＝x⊕(x<<<13)⊕(x<<<23)(10)

according to equation (9), 32 round keys (rk) can be obtained respectively₀,rk₁,…,rk₃₁) And the length is 32 bits.

The algorithm structure of data decryption and data encryption is the same, but the use sequence of round keys is opposite, and the decryption round keys are the reverse sequence of encryption round keys. For decryption, round key sequence (rk) is used₃₁,rk₃₀,…,rk₀)。

The energy analysis method for the SM4 cryptographic algorithm generally selects the output of an S box and the output of L shift as attack objects, and uses a Hamming weight and a single-bit model to analyze by using a DPA method and a CPA method. These methods only utilize typical analysis points and cannot fully and effectively perform analysis on the SM4 cryptographic algorithm. Furthermore, when the available energy leakage information at the analysis point is small, the success rate of the SM4 cryptographic algorithm analysis will be affected. Therefore, there is a need to propose a more efficient side channel energy analysis method.

Disclosure of Invention

In the SM4 cryptographic algorithm analysis, whether a side channel energy analysis method is effective or not is characterized in that attack object selection and corresponding energy model selection in the cryptographic algorithm are critical, and the selection of a proper attack object can improve the signal-to-noise ratio of sampled energy information and the success rate of analysis.

The invention aims to systematically analyze the implementation characteristics of an SM4 cryptographic algorithm, creatively and respectively select S box output and round function (subsequent state) of the SM4 cryptographic algorithm as attack points, innovatively provides a Hamming distance model taking S box input as a Hamming distance reference state (previous state), and improves the correlation between a correct guessed key and energy information and the effectiveness and success rate of analysis for different energy leakage information during the operation of the SM4 cryptographic algorithm.

The invention for achieving the above objectThe technical scheme includes that a Hamming distance model based on S-box input is used for carrying out SM4 cryptographic algorithm side channel energy analysis method, in the process of carrying out SM4 cryptographic algorithm side channel energy analysis, an S-box or round function is selected as an attack point to establish a Hamming distance model, and the input of the S-box is used as a previous state v of the Hamming distance model₁。

Hamming distance (HD (v) when attacking S-box₁,v₂) V) successor states of the model₂Is the S box output; hamming distance (HD (v) when attacking round function₁,v₂) V) successor states of the model₂Is the round function output/input. Hamming distance (HD (v) used for the attack on the last 4 rounds of S-box output as described above₁,v₂) The model is equivalent to an attack of a Hamming Weight (HW) model with S-box input and output exclusive or values as attack points; hamming distance (HD (v) used for attacking 4 rounds of front/end of round function₁,v₂) Model is equivalent to an attack of a Hamming Weight (HW) model with the xor value of the S-box input and the round function output/input as the attack point.

The hamming distance model based on S-box input described above is used for CPA/DPA side channel energy analysis for SM4 cryptographic algorithms.

When the hamming distance model based on the S-box input is applied to the CPA side channel energy analysis of the SM4 cryptographic algorithm, the steps are as follows:

(1) acquiring energy traces, specifically performing encryption/decryption operation on each group of plaintext/ciphertext, acquiring energy consumption information corresponding to a measurement time point, namely acquiring the energy traces, and establishing a sampling energy consumption matrix; (2) selecting an attack object as an S box or a round function, and determining a Hamming distance algorithm attack model; (3) after an attack object and a model are determined, guessing a round key, and calculating a middle value of round operation to determine a middle value matrix; (4) mapping the intermediate value and the intermediate value matrix into a simulation energy consumption value and a simulation energy consumption matrix; (5) and calculating the linear correlation coefficient of the simulation energy consumption matrix and the sampling energy consumption matrix to obtain a correct guess key.

The specific method for performing the above step (3) by using CPA is to know the k (k ∈ { 0.,. N-1} th) group of plaintext/ciphertext inputs $X^k=(X_0^k,X_1^k,X_2^k,X_3^k)$ Or ciphertext/plaintext output $X^k=(X_{35}^k,X_{34}^k,X_{33}^k,X_{32}^k)$ Guessing the key of the ith roundByte of (1)rk_i,jGuessed values of are rk respectively_i,j,sS, S ∈ { 0.., 255}, a round key byte rk is guessed when 4 rounds of S-box outputs are selected for an attack before/after the S-box output_i,j,sThe corresponding intermediate value is that of the intermediate value, $v_{i,j,s}^k=\mathrm{\&tau;}\left(\right(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j,s})\&CirclePlus;(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j,s}$ wherein,for the ith round of encryption/decryption operation of the kth group of plaintext/ciphertext, the corresponding intermediate value of the jth key byte is guessed as s,respectively X_i+1,j、X_i+2,j、X_i+3,jAre all intermediate calculation valuesThe jth byte of (1); when the attack of the first 4 rounds and the last 4 rounds of the round function output is selected, the round key byte rk is guessed_i,j,sCorresponding intermediate values are respectively $\begin{array}{c}{v}_{i,j,s}^k={\left(L^{-1}{X}_{i+1}^k\right)}_j\&CirclePlus;\left(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\right)\&CirclePlus;{\mathrm{rk}}_{i,j,s}\\ ={\left(L^{-1}{X}_i^k\right)}_j\&CirclePlus;\mathrm{\&tau;}\left(\right(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j,s})\&CirclePlus;(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j,s}\end{array}$ And $\begin{array}{c}{v}_{i,j,s}^k={\left(L^{-1}{X}_i^k\right)}_j\&CirclePlus;(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j,s})\\ ={\left(L^{-1}{X}_{i+4}^k\right)}_j\&CirclePlus;\mathrm{\&tau;}(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j,s})\&CirclePlus;(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j,s})\end{array},$ wherein L is^-1(x)_jIs composed ofCarry out L^-1The shifted j-th byte is then used, $\begin{array}{c}{L}^{-1}\left(x\right)=x\&CirclePlus;(x<<<2)\&CirclePlus;(x<<<4)\&CirclePlus;(x<<<8)\&CirclePlus;(x<<<12)\&CirclePlus;(x<<<14)\&CirclePlus;(x<<<16)\&CirclePlus;\\ (x<<<18)\&CirclePlus;(x<<<22)\&CirclePlus;(x<<<24)\&CirclePlus;(x<<<30)\end{array};$ when N groups of plain/cipher texts are encrypted/decrypted, 256 guess round key bytes rk are calculated in sequence_i,j,sDetermining a matrix of intermediate values for corresponding intermediate values $V(N\&times;256)=\left(\begin{array}{ccc}{v}_{i,j,0}^0& \mathrm{...}& v_{i,j,255}^0\\ .& & .\\ .& v_{i,j,s}^k& .\\ .& & .\\ v_{i,j,0}^{N-1}& \mathrm{...}& v_{i,j,255}^{N-1}\end{array}\right);$ The specific method for performing the step (4) by using the CPA comprises the following steps: (3) the simulated energy consumption of the step-middle value mapping is as follows:that is, the simulation energy consumption corresponding to the s guess key byte of the ith byte of the kth group of plaintext and the jth byte of the ith round, HW (x) is the number of bit values of 1 in x, the encryption/decryption operation is carried out on N groups of plaintext/ciphertext, and the round key byte rk is determined_i,j,sThe corresponding simulated energy consumption matrix is:

the specific method for performing the step (5) by using the CPA is to sample the energy consumption matrix of the step (1) $W(N\&times;T)=\left(\begin{array}{ccc}{s}_0^0& \mathrm{...}& s_{T-1}^0\\ .& & .\\ .& s_t^k& .\\ .& & .\\ s_0^{N-1}& \mathrm{...}& s_{T-1}^{N-1}\end{array}\right)$ And (4) respectively calculating correlation coefficients rho of the s-th column and the t-th column of the simulation energy consumption matrix H_s,t： ${\mathrm{\&rho;}}_{s,t}\&ap;r_{s,t}=\frac{\underset{k=0}{\overset{N-1}{\&Sigma;}}\&lsqb;h_{i,j,s}^k-\stackrel{\&OverBar;}{h_{i,j,s}^k}\&rsqb;\&lsqb;s_t^k-\stackrel{\&OverBar;}{s_t^k}\&rsqb;}{\sqrt{\underset{k=0}{\overset{N-1}{\&Sigma;}}{\&lsqb;h_{i,j,s}^k-\stackrel{\&OverBar;}{h_{i,j,s}^k}\&rsqb;}^2\underset{k=0}{\overset{N-1}{\&Sigma;}}{\&lsqb;s_t^k-\stackrel{\&OverBar;}{s_t^k}\&rsqb;}^2}}$ Wherein,expressed as sample energy consumption value corresponding to kth plaintext/ciphertext and tth time point, T is the number of time points in the energy trace,is the average value of the s-th column of the matrix H,is the average value, p, of the t-th column of the matrix W_s,tRepresenting an emulation corresponding to the s-th guess keyLinear correlation coefficient between true energy consumption and t-th time-point sampling energy consumption, r_s,tCalculating the correlation coefficient between all the columns for the approximate calculation value of the correlation coefficient to obtain a correlation coefficient matrix of simulation energy consumption and sampling energy consumption $R(256\&times;T)=\left(\begin{array}{ccc}{r}_{0,0}& \mathrm{...}& r_{0,T-1}\\ .& & .\\ .& r_{s,t}& .\\ .& & .\\ r_{255,0}& \mathrm{...}& r_{255,T-1}\end{array}\right),$ Selecting the maximum value R in R_m,n＝max(r_s,t)，r_m,nCorresponding guess key rk_i,j,mGuessing the byte of the round key correctly to obtain the j byte rk of the correct ith round key_i,j(ii) a Repeating the steps (1) to (5) to respectively obtain other 3 key bytes of the round key so as to obtain the correct round key rk of the ith round_iFor the first 4 rounds, the round key rk is used_iCarrying out the cryptographic operation of the ith round to obtain N groups of round outputs of the ith round, namely the round inputs of the (i + 1) th roundSequentially obtaining encryption round keys (rk) of the first 4 rounds₀,rk₁,rk₂,rk₃)＝(K₄,K₅,K₆,K₇) Or decryption round keys (rk)₀,rk₁,rk₂,rk₃)＝(K₃₅,K₃₄,K₃₃,K₃₂) (ii) a For the rear 4 rounds, the round key rk is used_iCarrying out the ith round of cryptographic operation to obtain the (i-1) th round of outputSequentially obtaining the encryption round keys (rk) of the last 4 rounds₃₁,rk₃₀,rk₂₉,rk₂₈)＝(K₃₅,K₃₄,K₃₃,K₃₂) Or decryption round keys (rk)₃₁,rk₃₀,rk₂₉,rk₂₈)＝(K₄,K₅,K₆,K₇) (ii) a And obtaining the encryption/decryption key according to the inverse operation of the key expansion algorithm.

The DPA side channel energy analysis step of the SM4 cryptographic algorithm by the Hamming distance model based on S-box input is as follows:

(a) collecting energy traces, specifically carrying out encryption/decryption operation on each group of plaintext/ciphertext, collecting energy consumption information corresponding to a measurement time point, namely the energy traces, establishing a sampling energy consumption matrix, (b) selecting an attack object as an S box or a round function, determining a DPA selection function, and knowing j (j ∈ {0,1,2,3}) bytes rk of an ith round key_i,jCorresponding attack objectGuessing the key byte rk with plaintext/ciphertext_i,jAs a parameter, and expect a valueThe selection function defined herein is $D(X^k,j,{\mathrm{rk}}_{i,j})=\left\{\begin{array}{cc}1& HW\left(v_{i,j}^k\right)<4\\ 0& HW\left(v_{i,j}^k\right)>4\end{array}\right.;$ (c) Guessing a round key, and dividing the average energy consumption into two average energy consumption subset matrixes; (d) and (c) determining a correct guess key according to the difference of the two average energy consumption subsets obtained in the step (c).

The specific method of using DPA to perform step (c) is that the kth set of plaintext/ciphertext inputs is known $X^k=(X_0^k,X_1^k,X_2^k,X_3^k)$ Or ciphertext/plaintext output $X^k=(X_{35}^k,X_{34}^k,X_{33}^k,X_{32}^k)$ Then guess the i-th round key rk_iByte rk in (1)_i,j，rk_i,jGuessed values of are rk respectively_i,j,sS, s ∈ { 0.., 255}, guessing the round key byte rk_i,j,sCorresponding selection function D (X)^k,j,rk_i,j,s) When 1, the total number isrk_i,j,sCorresponding selection function D (X)^k,j,rk_i,j,s) When the number is 0, the total number isFor a time point t in the energy trace, the mean of the total energy consumption of the two points is obtained: $d{0}_{i,j,s}^t=\frac{\underset{k=0}{\overset{N-1}{\&Sigma;}}(1-D(X^k,j,{\mathrm{rk}}_{i,j,s}\left)\right)s_t^k}{n_0}$ and $d{1}_{i,j,s}^t=\frac{\underset{k=0}{\overset{N-1}{\&Sigma;}}D(X^k,j,{\mathrm{rk}}_{i,j,s})s_t^k}{n_1},$ wherein,for using guess round key byte rk_i,j,sWhen N groups of encryption/decryption operations are carried out, N of time point t corresponding to the function equal to 0 is selected₀Group energy consumption averages;for selecting n for a time t corresponding to a function equal to 1₁Average of group energy consumption, n₀+n₁Calculating the average value of energy consumption at all time points by the formula to obtain two energy consumption matrixes D₀(256 × T) and D₁(256 × T), respectively: $D_0(256\&times;T)=\left(\begin{array}{ccc}d{0}_{i,j,0}^0& \mathrm{...}& d{0}_{i,j,0}^{T-1}\\ .& & .\\ .& d{0}_{i,j,s}^t& .\\ .& & .\\ d{0}_{i,j,255}^0& \mathrm{...}& d{0}_{i,j,255}^{T-1}\end{array}\right)$ and $D_1(256\&times;T)=\left(\begin{array}{ccc}d{1}_{i,j,0}^0& \mathrm{...}& d{1}_{i,j,0}^{T-1}\\ .& & .\\ .& d{1}_{i,j,s}^t& .\\ .& & .\\ d{1}_{i,j,255}^0& \mathrm{...}& d{1}_{i,j,255}^{T-1}\end{array}\right);$ the specific method for performing step (d) using DPA is: calculating the average energy consumption matrix D obtained in the step (c)₀(256 × T) and D₁(256 × T) difference matrix △ D ═ D₁-D₀Selecting the maximum energy consumption mean value differenceThenCorresponding guess round key byte rk_i,j,mThe correct key byte is obtained, namely the jth byte of the correct round key of the ith round is obtained, the steps (a) to (d) are repeated, and other 3 key bytes of the round key can be respectively obtained, so that the correct round key rk of the ith round is obtained_iFor the first 4 rounds, the round key rk is used_iCarrying out the cryptographic operation of the ith round to obtain N groups of round outputs of the ith round, namely the round inputs of the (i + 1) th roundSequentially obtaining encryption round keys (rk) of the first 4 rounds₀,rk₁,rk₂,rk₃)＝(K₄,K₅,K₆,K₇) Or decryption round keys (rk)₀,rk₁,rk₂,rk₃)＝(K₃₅,K₃₄,K₃₃,K₃₂) (ii) a For the rear 4 rounds, the round key rk is used_iCarrying out the ith round of cryptographic operation to obtain the (i-1) th round of outputSequentially obtaining the encryption round keys (rk) of the last 4 rounds₃₁,rk₃₀,rk₂₉,rk₂₈)＝(K₃₅,K₃₄,K₃₃,K₃₂) Or decryption round keys (rk)₃₁,rk₃₀,rk₂₉,rk₂₈)＝(K₄,K₅,K₆,K₇) (ii) a And obtaining the encryption/decryption key according to the inverse operation of the key expansion algorithm.

When selecting the attack object, selecting the Hamming distance (HD (v) used for attack 4 rounds before/after the output of S box₁,v₂) Previous state v of the model₁Is S Box input, successor state v₂Is an S-box output, which is equivalent to an attack of a Hamming Weight (HW) model with the XOR value of the S-box input and the S-box output as the attack object, i.e. $v_{i,j}^k={(X_{i+1}^k\&CirclePlus;X_{i+2}^k\&CirclePlus;X_{i+3}^k)}_j\&CirclePlus;{\mathrm{rk}}_{i,j}\&CirclePlus;\mathrm{\&tau;}({\left(X_{i+1}^k\&CirclePlus;X_{i+2}^k\&CirclePlus;X_{i+3}^k\right)}_j\&CirclePlus;{\mathrm{rk}}_{i,j});$ Hamming distance (HD (v) used when selecting 4 rounds of attack before/after round function₁,v₂) Previous state v of the model₁Is S Box input, successor state v₂Is a round function input/output equivalent to an attack using a Hamming Weight (HW) model with the exclusive or value of the S-box input and the round output/input as the attack object, i.e., an attack $\begin{array}{c}{v}_{i,j}^k=X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}\&CirclePlus;{\left(L^{-1}{X}_{i+4}^k\right)}_j\\ =X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}\&CirclePlus;L^{-1}{\left(X_i^k\right)}_j\&CirclePlus;\mathrm{\&tau;}(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j})\end{array}$ Or $\begin{array}{c}{v}_{i,j}^k=X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}\&CirclePlus;{\left(L^{-1}{X}_i^k\right)}_j\\ =X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}\&CirclePlus;L^{-1}{\left(X_{i+4}^k\right)}_j\&CirclePlus;\mathrm{\&tau;}(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j})\end{array},,$ Herein, theIs the wheel input for the ith wheel,is the wheel output of the ith wheel, i is in turn 0,1,2,3 or 31,30,29, 28.

The technical scheme of the invention has the following advantages that (1) the existing SM4 cryptographic algorithm has single energy leakage analysis point and cannot be well adapted to the realization of various SM4 cryptographic algorithms. Aiming at the specific implementation of the SM4 cryptographic algorithm, the invention innovatively provides two novel Hamming distance models, and the novel method provided by the invention can be used for more effectively and comprehensively carrying out side channel energy analysis on the SM4 cryptographic algorithm; (2) the energy consumption mainly comprises dynamic energy consumption of the previous and the next two state bit 0 → 1,1 → 0 conversion, and the HD model assumes that the energy consumption values of the two conversions are equal, so as to establish a direct proportion relation between the conversion quantity and the energy consumption. The HW model is a special case of the HD model, and it assumes that all bits of the previous output state are 0, and the energy consumption is only related to the value of the subsequent state, which is simpler than the HD model, so the accuracy of the simulation energy consumption described by the HD model is much higher than that of the HW model. For a hardware implementation of the SM4 cryptographic algorithm, the registers are triggered by a clock signal, so that in each clock cycle the registers previously only transition once with the current state, and the effectiveness of the cryptographic module implemented by the hardware can be enhanced by analyzing the side channel energy by using the hamming distance of the values stored by the registers in successive clock cycles for the analysis. The invention can effectively analyze the SM4 cryptographic algorithm, obtain the key information and expand the side channel energy analysis method for the SM4 cryptographic algorithm.

Drawings

Fig. 1 is a flow chart of the encryption structure of the SM4 cryptographic algorithm;

FIG. 2 is a key expansion algorithm flow diagram of the SM4 cryptographic algorithm;

FIG. 3 is an HD model attack object of S-box output;

FIG. 4 is an HD model first 4 rounds of attack objects output by round functions;

FIG. 5 is the HD model's last 4 rounds of attack objects output by the round function;

figure 6 is a CPA analysis flow chart;

FIG. 7 is a flow chart of DPA analysis;

FIG. 8 is a sample waveform for 1000 sets of encryption operations;

FIG. 9 is a graph showing the HD model analysis output for the 1 st round of S boxes, and the correlation coefficient waveforms corresponding to the correct round of keys correspond to 4S boxes respectively;

fig. 10 shows the correlation coefficient waveforms corresponding to the correct round keys for the 1 st round S-box output HW model analysis, which correspond to 4S-boxes respectively;

fig. 11 is a sampling waveform of 1000 sets of encryption operations in the second embodiment;

fig. 12 is a diagram of the second embodiment, which shows the HD model analysis output from the S-box of round 1, and the correlation coefficient waveforms corresponding to the keys of the correct round correspond to 4S-boxes respectively;

FIG. 13 is a graph showing the correlation coefficient waveforms corresponding to the correct round keys for the second embodiment of HW model analysis of the output of the 1 st round S boxes corresponding to 4S boxes

Detailed Description

The following describes the technical solution of the present invention in detail, and first takes the round function of the SM4 cryptographic algorithm as an example to perform CPA analysis, which explains the technical solution of the present invention. Figure 6 is a CPA analysis flow chart. For the encryption operation of the SM4 cipher algorithm, the first 4 rounds of the cipher algorithm are analyzed if the encrypted plaintext is known. Assuming that N sets of plaintext encryption operations are performed, let the k-th set of plaintext input ask ∈ { 0.., N-1}, the wheel input of the ith wheel beingi is 0,1,2 and 3 in sequence, and the steps are as follows: (1) collecting energy traces, carrying out encryption operation on each group of plaintext, and collecting energy consumption information corresponding to a measurement time point, namely the energy trace is collectedTrace, establish a sampled energy consumption matrix W (N × T):

$W(N\&times;T)=\left(\begin{array}{ccc}{s}_0^0& \mathrm{...}& s_{T-1}^0\\ .& & .\\ .& s_t^k& .\\ .& & .\\ s_0^{N-1}& \mathrm{...}& s_{T-1}^{N-1}\end{array}\right)$

wherein,expressing the sampling energy consumption value corresponding to the kth plaintext and the tth time point, wherein T is the number of time points in the energy trace;

(2) selecting an attack object and determining an algorithm attack model; with the input of the S-box as the preceding state v of the Hamming distance₁Respectively selecting the outputs of the two attack points S box and the output of the round function as a subsequent state v₂Two Hamming Distance (HD) models were established. HD (v)₁,v₂) Is v is₁And v₂The hamming distance of (a), i.e., the number of bits 0 → 1,1 → 0 changes in the two states, hw (v) is the number of bits 1 in v, then: HD (v)₁,v₂)＝HW(v₁⊕v₂) I.e. the preceding state v₁And subsequent state v₂Hamming distance HD (v)₁,v₂) Equivalent to Hamming weight HW (v) after XOR of two₁⊕v₂) Therefore, the HD model is actually a Hamming Weight (HW) model with the data of the preceding state xored with the following state as the attack point. Therefore, the HD model with S-box input as the previous state and S-box output as the subsequent state is actually the HW model with S-box input and output xor values as the attack points; the HD model with S-box input as the previous state and round function output as the subsequent state is actually the HW model with the xor value of the S-box input and the round function output as the attack point.

The HD model for the S-box output is based on the assumption: suppose that the S-box input value v of the SM4 cryptographic module is collected₁And S-box output value v₂The energy leakage point is in two states v₁、v₂Bit flipping. According to the encryption structure of the SM4 cryptographic algorithm, 4S boxes are independent of each other andif the L shift operation is reversible, the round operations for 4 bytes of the round key are also independent, and therefore, the attack targets corresponding to the key bytes of the round key can be selected separately. Converting the HD model into an HW model, and then, generating an ith round key rk_iByte rk of (2)_i,jThe corresponding attack objects are: $v_{i,j}^k=\mathrm{\&tau;}\left(\right(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j})\&CirclePlus;(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j},$ as shown in fig. 3.

The HD model output to the round function is based on the assumption: suppose S-box input value v₁And the round function output value v₂Stored in the same register with two states v as energy leakage points₁、v₂The same register can be used for outputting the HD model with inverted state. After the Hamming distance model is converted into a Hamming weight model, the key rk of the ith round_iByte rk of (2)_i,jThe corresponding attack objects are: $\begin{array}{c}{v}_{i,j}^k={\left(L^{-1}{X}_{i+4}^k\right)}_j\&CirclePlus;\left(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\right)\&CirclePlus;{\mathrm{rk}}_{i,j}\\ ={\left(L^{-1}{X}_i^k\right)}_j\&CirclePlus;\mathrm{\&tau;}\left(\right(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j})\&CirclePlus;(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j}\end{array},$ the specific attack object is shown in fig. 4.

(3) Guessing the round key and calculating the intermediate value of the round operation. After an attack object and a model are determined, an ith round key rk is guessed_iThe j (j ∈ {0,1,2,3}) th byte rk_i,jJ is 0,1,2,3 in this order. rk_i,jGuessed values of are rk respectively_i,j,s＝s，s∈{0,...,255}。

For 256 guess key bytes rk_i,j,sAnd respectively carrying out encryption round operation of the ith round.

Guessing round key byte rk for HD model of S box output_i,j,sThe corresponding median values are: $v_{i,j,s}^k=\mathrm{\&tau;}\left(\right(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j,s})\&CirclePlus;(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j,s}.$

guessing the round key byte rk for the HD model output by the round function_i,j,sCorresponding to an intermediate value of $v_{i,j,s}^k={\left(L^{-1}{X}_i^k\right)}_j\&CirclePlus;\mathrm{\&tau;}\left(\right(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j,s})\&CirclePlus;(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k)\&CirclePlus;{\mathrm{rk}}_{i,j,s}.$

According to the intermediate value of the formula, when encrypting N groups of plaintext, 256 guess round key bytes rk are calculated in sequence_i,j,sCorresponding intermediate values, respectively resulting in an intermediate value matrix V (N × 256): $V(N\&times;256)=\left(\begin{array}{ccc}{v}_{i,j,0}^0& \mathrm{...}& v_{i,j,255}^0\\ .& & .\\ .& v_{i,j,s}^k& .\\ .& & .\\ v_{i,j,0}^{N-1}& \mathrm{...}& v_{i,j,256}^{N-1}\end{array}\right).$

(4) the intermediate values are mapped to a simulated energy consumption matrix. According to the energy model determined in step (3), the simulated energy consumption of the intermediate value mapping is Is composed ofIn order to perform the ith round of encryption operation on the kth group of plaintext, the corresponding simulation energy consumption is guessed when the jth key byte is s. Encrypting N groups of plain texts by 256 guess round key bytes rk_i,j,sThe corresponding simulated energy consumption matrix is:

(5) and calculating the linear correlation coefficient of the simulation energy consumption and the energy trace to obtain a correct guessed key byte.

For the sampling energy consumption matrix W and the simulation energy consumption matrix H, respectively calculating the correlation coefficients of the s-th column and the t-th column of the sampling energy consumption matrix W and the simulation energy consumption matrix H ${\mathrm{\&rho;}}_{s,t}:{\mathrm{\&rho;}}_{s,t}\&ap;r_{s,t}=\frac{\underset{k=0}{\overset{N-1}{\&Sigma;}}\&lsqb;h_{i,j,s}^k-\stackrel{\&OverBar;}{h_{i,j,s}^k}\&rsqb;\&lsqb;s_t^k-\stackrel{\&OverBar;}{s_t^k}\&rsqb;}{\sqrt{\underset{k=0}{\overset{N-1}{\&Sigma;}}{\&lsqb;h_{i,j,s}^k-\stackrel{\&OverBar;}{h_{i,j,s}^k}\&rsqb;}^2\underset{k=0}{\overset{N-1}{\&Sigma;}}{\&lsqb;s_t^k-\stackrel{\&OverBar;}{s_t^k}\&rsqb;}^2}},$ Wherein,is the average value of the s-th column of the matrix H,is the average value of the t column of the matrix W. Rho_s,tRepresents the linear correlation coefficient between the simulated energy consumption corresponding to the s-th guess key and the t-th sampling energy consumption at the time point, r_s,tAn approximate calculation of the correlation coefficient is made. Calculating correlation coefficients among all the columns to obtain a correlation coefficient matrix of simulation energy consumption and sampling energy consumption as follows: $R(256\&times;T)=\left(\begin{array}{ccc}{r}_{0,0}& \mathrm{...}& r_{0,T-1}\\ .& & .\\ .& r_{s,t}& .\\ .& & .\\ r_{255,0}& \mathrm{...}& r_{255,T-1}\end{array}\right),$ r_s,tthe larger the matching degree of the column s and the column t is, the larger the guess key rk is_i,j,sThe stronger the correlation with the sampled energy information. Selecting the maximum value R in R_m,n＝max(r_s,t)，r_m,nCorresponding guess key rk_i,j,mThe correct guess round key byte is the jth byte of the ith round key. Similarly, according to the steps (1) to (5), the other 3 key bytes of the round key are respectively obtained, so as to obtain the correct round key rk of the ith round_i。

After CPA analysis is finished on the ith round of cryptographic operation, a correct round key rk is obtained_iUsing round keys rk_iPerforming encryption operation of the ith round to obtain N groups of round outputs of the ith round, namely the round inputs of the (i + 1) th roundk ∈ {0,1, …, N-1 }. according to the analysis method of steps (1) - (5) above, the wheel keys of the first four wheels are obtained in turn (rk)₀,rk₁,rk₂,rk₃)＝(K₄,K₅,K₆,K₇)。

Key expansion algorithm inverse operation according to SM4 cryptographic algorithm, K_i＝L'(τ(K_i+1⊕K_i+2⊕K_i+3⊕CK_i))⊕K_i+4，(MK₀,MK₁,MK₂,MK₃)＝(K₀⊕FK₀,K₁⊕FK₁,K₂⊕FK₂,K₃⊕FK₃) Determining the cryptographic key (MK) of the cryptographic operation of the SM4 cryptographic algorithm₀,MK₁,MK₂,MK₃)。

If the encrypted ciphertext is known, the last 4 rounds of encryption operations are analyzed, the analysis method is substantially the same as that of the first 4 rounds, and only a little different is made in selecting the attack object.

Assuming that N sets of encryption operations are performed, the ciphertext of the kth set is output asOrder toThe round output of the SM4 cipher algorithm for the ith round, i is 31,30,29,28 in order. The analysis method for the two Hamming distance models comprises the following steps: the analysis method of the final 4 rounds of the HD model output by the S box is completely the same as that of the first 4 rounds. After the HD model is converted into the HW model, the attack object is the input-output exclusive or value of the S-box of the round, as shown in fig. 3. Guess round key byte rk_i,j,sThe corresponding attack median is identical to the first 4 rounds. Sequentially obtain the correct round keys (rk) of the last 4 rounds₃₁,rk₃₀,rk₂₉,rk₂₈)＝(K₃₅,K₃₄,K₃₃,K₃₂) And successfully analyzing and obtaining the key of the encryption operation of the SM4 cryptographic algorithm through the inverse operation of the key expansion algorithm.

The analysis method of the HD model of the round function input is the same as that of the first 4 rounds, and only the selection of the attack object is slightly different. After the HD model is converted to the HW model, the last 4 rounds of attack are shown in fig. 5. Guess round key byte rk_i,j,sThe corresponding attack median is: $\begin{array}{c}{v}_{i,j,s}^k={\left(L^{-1}{X}_i^k\right)}_j\&CirclePlus;\left(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j,s}\right)\\ ={\left(L^{-1}{X}_{i+4}^k\right)}_j\&CirclePlus;\mathrm{\&tau;}(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j,s})\&CirclePlus;(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j,s})\end{array},$

according to the steps (1) to (5), the correct round keys (rk) of the last 4 rounds are obtained in sequence₃₁,rk₃₀,rk₂₉,rk₂₈)＝(K₃₅,K₃₄,K₃₃,K₃₂) And successfully analyzing and obtaining the key of the SM4 cryptographic algorithm encryption operation according to the inverse operation of the key expansion algorithm.

For the decryption operation of the SM4 cryptographic algorithm, the decryption key can be obtained by using the above CPA analysis method. If the ciphertext is known, the first 4 rounds of SM4 cryptographic algorithm decryption operation are analyzed, the analysis method is the same as that of the first 4 rounds of SM4 cryptographic algorithm encryption operation, and round keys (rk) are sequentially obtained₃₁,rk₃₀,rk₂₉,rk₂₈) Obtaining a decryption key according to the inverse operation of the key expansion algorithm; if the plaintext is known, the last 4 rounds of decryption operation of the SM4 cryptographic algorithm are analyzed, the attack method is the same as that of the last 4 rounds of encryption operation of the SM4 cryptographic algorithm, and round keys (rk) are obtained in sequence₀,rk₁,rk₂,rk₃) And obtaining a decryption key according to the inverse operation of the key expansion algorithm.

According to the CPA analysis method, the 1 st round of encryption calculation is analyzed using the HW model (i.e., the HD model of the S-box) whose attack target is the S-box input/output exclusive or value and the HW model whose attack target is the S-box output, and the round key is known to be 0x85235CE 2.

Collecting 1000 sets of waveform, i.e. energy trace, of plaintext encryption operation, as shown in fig. 8, for 5000 time points, wherein the sampling energy consumption related to the SM4 encryption operation is between 43 μ s and 50 μ s, and the time points corresponding to the cryptographic operation are 408 time points, then sampling energy consumption matrixW (1000 × 408), selecting the exclusive OR value of the input and output of the 1 st round S box as an attack object, establishing a HW model, guessing the 1 st byte of the round key to obtain a simulation energy consumption matrix H (1000 × 256), calculating the correlation coefficient of the simulation energy consumption matrix H and the sampling energy consumption matrix W to obtain a correlation coefficient matrix R, selecting the guessed key byte corresponding to the maximum value in the R as the 1 st byte of the round key, and analyzing the other 3 bytes of the round key in sequence to obtain the 1 st round key rk₁。

The analysis results are shown in table 1, which lists the top 10 largest correlation coefficients and their corresponding guessed key bytes when guessing 4 key bytes in round. For round 1, the correlation coefficient for the correct guessed key byte is much larger than the correlation coefficient for the other 9 wrong guessed key bytes.

Table 1: CPA analysis result of S-box output HD model of the 1 st round of encryption operation

Similarly, for the energy trace of fig. 8, the output of the S-box is selected as the attack object, the HW model is built, and the 1 st round key 0x85235CE2 is analyzed according to the above steps, and the analysis results are shown in table 2. As can be seen from table 2, the first 10 largest correlation coefficient values have slight differences, and the adjacent two are both smaller than 0.02, so that the correct round key cannot be determined, and the wrong round key 0x830a5082 is obtained through analysis; the correlation coefficient corresponding to the correct key in table 1 is at least 0.45 greater than the maximum correlation coefficient corresponding to other guessed keys, so that the correct round key can be easily distinguished.

Table 2: CPA analysis result of S box output HW model of 1 st round of encryption operation

Fig. 9 and 10 are graphs of correlation coefficients of correct round key bytes corresponding to all time points when two kinds of attack objects are selected for analysis, respectively. As can be seen from fig. 9, the correlation coefficient corresponding to the sampling point has a sharp peak, which indicates that: when the round key guesses correctly, the correlation with the sampling energy consumption leakage point is far larger than other time points; while fig. 10 has no obvious peak, when the round key guess is correct, the real energy consumption leakage point cannot be distinguished, and the correlation coefficient corresponding to all the time points is far smaller than the peak value of fig. 9. Therefore, when the energy consumption leakage point calculated by the SM4 cryptographic algorithm is the switching between the input and output states of the S-box, the side channel energy analysis method of the HD model using the S-box is better than the side channel energy analysis method of the HW model using the S-box.

According to the CPA analysis method, the 1 st round of encryption calculation is analyzed by using the HW model (i.e., the HD model of the round function) in which the xor value of the S-box input and the round function output is the target of attack and the HW model in which the round function output is the target of attack.

a) Collecting 1000 groups of waveforms of plaintext encryption operation, as shown in fig. 11, sampling energy consumption related to SM4 encryption operation is between 7 mus and 11.7 mus, and selecting a time point of the part corresponding to the cryptographic operation to obtain a sampling energy consumption matrix W; selecting an exclusive OR value of the input of the 1 st round S box and the output of the round function as an attack object, and establishing a HW model; guessing the 1 st byte of the round key to obtain a simulation energy consumption matrix H; calculating the correlation coefficient of the simulated energy consumption matrix H and the sampled energy consumption matrix W to obtain a correlation coefficient matrix R, and selecting a guessed key byte corresponding to the maximum value in the matrix R as a 1 st byte of the round key; analyzing other 3 bytes of the round key in sequence to obtain a 1 st round key rk₁. The analysis results are shown in Table 3, which lists the scoresThe first 10 largest correlation coefficients and their corresponding guessed key bytes are analyzed for each round of key bytes. For round key guess 1, the correlation coefficient corresponding to the correct guessed key byte is much larger than the correlation coefficient corresponding to the other 9 wrong guessed key bytes.

Table 3: CPA analysis result of round function output HD model of round 1 of encryption operation

Similarly, for the energy trace of fig. 11, the output of the round function is selected as the attack object, the HW model is built, the 1 st round key 0x85235CE2 is analyzed according to the above steps, and the analysis result is shown in table 4. As can be seen from table 4, the difference between the first 10 maximum correlation coefficient values is very small, and the difference between the two adjacent correlation coefficient values is less than 0.015, so that the correct round key cannot be determined, and the wrong round key 0xCBAC3855 is obtained through analysis; the correlation coefficient corresponding to the correct key in table 3 is at least 0.4 greater than the maximum correlation coefficient corresponding to other guessed keys, so that the correct round key can be easily distinguished.

Table 4: CPA analysis result of round function output HW model of 1 st round of encryption operation

Fig. 12 and 13 are graphs of correlation coefficients of correct round key bytes corresponding to all time points when two kinds of attack objects are selected for analysis, respectively. As can be seen from fig. 12, the sampling point has a sharp peak corresponding to the correlation coefficient, which indicates that: when the round key guesses correctly, the correlation with the sampling energy consumption leakage point is far larger than other time points; while fig. 13 has no sharp peak, when the round key guess is correct, the real energy consumption leakage point cannot be distinguished, and the correlation coefficient corresponding to all the time points is much smaller than the sharp peak of fig. 12. Therefore, when the energy consumption leakage point calculated by the SM4 cryptographic algorithm is the transition between the input state of the S-box and the output state of the round function, the side channel energy analysis method of the HD model using the round function is better than the side channel energy analysis method of the HW model using the round function.

The DPA analysis and the CPA analysis are consistent in the operations of collecting energy traces and selecting attack objects. According to the above-mentioned principle of DPA analysis, in combination with the analysis of the SM4 cryptographic algorithm structure, the specific method of DPA analysis of the S-box of SM4 cryptographic algorithm of the present invention is as follows:

for the encryption operation of the SM4 cipher algorithm, the first 4 rounds of the cipher algorithm are analyzed if the encrypted plaintext is known. Assuming that N sets of plaintext encryption operations are performed, let the k-th set of plaintext input ask ∈ { 0.., N-1}, the wheel input of the ith wheel beingi is 0,1,2 and 3 in sequence.

(a) And collecting an energy trace. And carrying out encryption operation on each group of plaintext, collecting energy consumption information (energy trace) corresponding to the measurement time point, and establishing a sampling energy consumption matrix W (N multiplied by T).

(b) And selecting an attack object and determining a DPA selection function. The attack object selection in the DPA analysis method is completely consistent with the CPA method. For the HD model output by S-box, as shown in fig. 3, the ith round of attack object uses the xor value of the input and output of S-box as a new type of attack object. When the ith round of encryption operation of the kth group of plaintext input is carried out, the j byte attack object $v_{i,j}^k={(X_{i+1}^k\&CirclePlus;X_{i+2}^k\&CirclePlus;X_{i+3}^k)}_j\&CirclePlus;{\mathrm{rk}}_{i,j}\&CirclePlus;\mathrm{\&tau;}({\left(X_{i+1}^k\&CirclePlus;X_{i+2}^k\&CirclePlus;X_{i+3}^k\right)}_j\&CirclePlus;{\mathrm{rk}}_{i,j})$ Hamming weight expected value ofDefining the selection function to use plaintext and guess key as parameters, then: $D(X^k,j,{\mathrm{rk}}_{i,j})=\left\{\begin{array}{cc}1& HW\left(v_{i,j}^k\right)<4\\ 0& HW\left(v_{i,j}^k\right)>4\end{array}\right.;$ in the HD model for round function output, as shown in FIG. 4, the ith round attack object uses the XOR value of the S box input and the round function output as a novel attack object $v_{i,j}^k=X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}\&CirclePlus;L^{-1}{\left(X_i^k\right)}_j\&CirclePlus;\mathrm{\&tau;}(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}).$ Similarly, if the selection function is defined by using plaintext and guess key as parameters, then $D(X^k,j,{\mathrm{rk}}_{i,j})=\left\{\begin{array}{cc}1& HW\left(v_{i,j}^k\right)<4\\ 0& HW\left(v_{i,j}^k\right)>4\end{array}\right..$

(c) Guessing the round key divides the average energy consumption into two subsets. After an attack object and a selection function are determined, sequentially guessing the i-th round key byte rk_i,j，rk_i,jGuessed values of are rk respectively_i,j,sS, S ∈ { 0.., 255 }. the selection function is computed for the HD model of the S-box output and the HD model of the round function output, respectively, for 256 guess keys rk_i,j,sRespectively carrying out encryption operation of the ith round to obtain 256 corresponding attack intermediate values, and calculating rk_i,j,sSubstituting to obtain corresponding selection function D (X)^k,j,rk_i,j,s). Sequentially carrying out encryption operation on N groups of plaintext, and guessing round key byte rk_i,j,sCorresponding selection function D (X)^k,j,rk_i,j,s) When 1, the total number isrk_i,j,sCorresponding selection function D (X)^k,j,rk_i,j,s) When the number is 0, the total number isFor two different HD models, respectively according to a selection function, for a time point t in an energy trace, obtaining two total energy consumption mean values of the point:and,wherein,for using guess round key byte rk_i,j,sThe N sets of encryption operations are performed,D(X^k,j,rk_i,j,s) When equal to 0, n corresponds to the time point t₀Group energy consumption averages;to select D (X)^k,j,rk_i,j,s) When 1, n corresponds to the time point t₁Average of group energy consumption, n₀+n₁N. Calculating the energy consumption average value of all time points to obtain two energy consumption matrixes D₀(256 × T) and D₁(256 × T), respectively: $D_0(256\&times;T)=\left(\begin{array}{ccc}d{0}_{i,j,0}^0& \mathrm{...}& d{0}_{i,j,0}^{T-1}\\ .& & .\\ .& d{0}_{i,j,s}^t& .\\ .& & .\\ d{0}_{i,j,255}^0& \mathrm{...}& d{0}_{i,j,255}^{T-1}\end{array}\right)$ and, $D_1(256\&times;T)=\left(\begin{array}{ccc}d{1}_{i,j,0}^0& \mathrm{...}& d{1}_{i,j,0}^{T-1}\\ .& & .\\ .& d{1}_{i,j,s}^t& .\\ .& & .\\ d{1}_{i,j,255}^0& \mathrm{...}& d{1}_{i,j,255}^{T-1}\end{array}\right).$

(d) and calculating the difference of the two average energy consumption subsets to obtain a correct guessed key. Calculating an average energy consumption matrix D₀(256 × T) and D₁(256 × T) to yield a matrix △ D ═ D₁-D₀。

If rk_i,j,sGuess error, the probability of the selection function 0 and 1 for the encryption operation of N groups of plaintext input is aboutThe corresponding average energy consumption difference approaches 0 as N increases; if rk_i,j,sIf the guess is correct, the probability that the selection function is 0 or 1 for the encryption operation of the N groups of plaintext inputs should be 1, and the corresponding average energy consumption difference tends to be the actual influence of energy consumption along with the increase of N. Selecting the largest energy consumption mean differenceThenCorresponding guess round key byte rk_i,j,mTo be correctly encryptedAnd (4) key bytes, namely obtaining the j-th byte of the correct ith round key. Similarly, according to the steps (a) - (b), other 3 key bytes of the round key can be obtained respectively, so as to obtain the correct round key rk of the ith round_i。

After DPA analysis of the ith round of cryptographic operation is finished, the correct round key rk is obtained_iUsing round keys rk_iPerforming encryption operation of the ith round to obtain N groups of round outputs of the ith round, namely the round inputs of the (i + 1) th roundk ∈ {0,1, …, N-1 }. according to the analysis method of steps (a) - (b) above, the wheel keys of the first four wheels are obtained in turn (rk)₀,rk₁,rk₂,rk₃)＝(K₄,K₅,K₆,K₇)。

The inverse of the cryptographic key expansion yields the key (MK) for the cryptographic operation of SM4₀,MK₁,MK₂,MK₃)。

If the encrypted ciphertext is known, the SM4 cryptographic algorithm is analyzed for the last 4 rounds of encryption operations, and the choice of the attack object is completely consistent with the CPA last 4 rounds.

Assuming that N sets of encryption operations are performed, the ciphertext of the kth set is output as $Y^k=(Y_0^k,Y_1^k,Y_2^k,Y_3^k)=(X_{35}^k,X_{34}^k,X_{33}^k,X_{32}^k),$ Order toThe output of the SM4 cipher algorithm round for the ith round is 31,30,29 and 28. As shown in fig. 3, the attack object of the HD model output to the S-box is consistent with the CPA end 4 rounds, and is the input and output exclusive or value of the S-box; as shown in fig. 4, the attack object of the HD model for the round function input is consistent with the CPA end 4 rounds, and is the exclusive or value of the S-box input and the round function input. Sequentially obtaining the correct round keys (rk) of the last 4 rounds according to the analysis method of the steps 1) to 4)₃₁,rk₃₀,rk₂₉,rk₂₈)＝(K₃₅,K₃₄,K₃₃,K₃₂) And successfully analyzing the obtained encryption operation key of the SM4 cryptographic algorithm according to the inverse operation of the key expansion algorithm.

For the decryption operation of the SM4 cryptographic algorithm, the decryption key can be obtained using the above-described DPA analysis method as well. If the ciphertext is known, the first 4 rounds of SM4 cryptographic algorithm decryption operation are analyzed, the analysis method is the same as that of the first 4 rounds of SM4 cryptographic algorithm encryption operation, and round keys (rk) are sequentially obtained₃₁,rk₃₀,rk₂₉,rk₂₈) Obtaining a decryption key according to the inverse operation of the key expansion algorithm; similarly, if the plaintext is known, the last 4 rounds of decryption operation of the SM4 cryptographic algorithm are analyzed, the attack method is the same as that of the last 4 rounds of encryption operation of the SM4 cryptographic algorithm, and round keys (rk) are obtained in sequence₀,rk₁,rk₂,rk₃) And obtaining a decryption key according to the inverse operation of the key expansion algorithm.

The technical solutions described above only represent the preferred technical solutions of the present invention, and some possible modifications to some parts of the technical solutions by those skilled in the art all represent the principles of the present invention, and fall within the protection scope of the present invention.

Claims (10)

1. The method for analyzing the side channel energy of the SM4 cryptographic algorithm by using the Hamming distance model based on S-box input is characterized in that in the process of analyzing the side channel energy of the SM4 cryptographic algorithm, a round function is selected as an attack point, and the Hamming distance model is established by using the S-box input and the round function output; the input of the S-box at this time is the previous state v of the Hamming distance model₁。

2. The SM4 cryptographic algorithm side channel with Hamming distance model based on S-box input as claimed in claim 1The energy analysis method is characterized in that the Hamming distance (HD (v) is obtained when the round function is attacked₁,v₂) V) successor states of the model₂Is the round function output/input.

3. The method for SM4 cryptographic side channel energy analysis based on S-box input Hamming distance model as claimed in claim 2, wherein the Hamming distance (HD (v) used for the first/last 4 rounds of round function attack₁,v₂) Model is equivalent to an attack of a Hamming Weight (HW) model with the xor value of the S-box input and the round function output/input as the attack point.

4. The method for SM4 cryptographic side channel energy analysis by the Hamming distance model based on S-box input as claimed in claim 1,2 or 3, wherein the Hamming distance model based on S-box input is used for CPA/DPA side channel energy analysis of SM4 cryptographic algorithm.

5. The method for side channel energy analysis of SM4 cryptographic algorithm based on S-box input Hamming distance model as claimed in claim 4, wherein the S-box input based Hamming distance model is used to perform CPA side channel energy analysis of SM4 cryptographic algorithm as follows:

(1) acquiring energy traces, specifically performing encryption/decryption operation on each group of plaintext/ciphertext, acquiring energy consumption information corresponding to a measurement time point, namely acquiring the energy traces, and establishing a sampling energy consumption matrix;

(2) selecting an attack object as a round function, and determining a Hamming distance attack model;

(3) after an attack object and a model are determined, guessing a round key, and calculating a middle value of round operation to determine a middle value matrix;

(4) mapping the intermediate value and the intermediate value matrix into a simulation energy consumption value and a simulation energy consumption matrix;

(5) and calculating the linear correlation coefficient of the simulation energy consumption matrix and the sampling energy consumption matrix to obtain a correct guess key.

6. The method for SM4 cryptographic algorithm side channel energy analysis using S-box input based Hamming distance model as claimed in claim 5, wherein the specific method for using CPA to perform step (3) is that when encrypting/decrypting N (k ∈ {0,1, …, N-1}) sets of plaintext/ciphertext, it is known that the K (k ∈ {0,.., N-1}) sets of plaintext/ciphertext inputs or ciphertext/plaintext outputs are respectively the plaintext/ciphertext outputs $X^k=(X_0^k,X_1^k,X_2^k,X_3^k),$ $X^k=(X_{35}^k,X_{34}^k,X_{33}^k,X_{32}^k)$ Guessing the key of the ith roundByte of (1)Wherein Z₂ ⁸，Z₂ ³²Are 8-dimensional and 32-dimensional vector spaces with {0,1} as elements, rk_i,jGuessed values of are rk respectively_i,j,sS, s ∈ { 0.., 255}, guessing the round key byte rk when selecting the first 4 rounds of attacks or the last 4 rounds of attacks that the round function outputs_i,j,sCorresponding intermediate valueRespectively as follows:

$\begin{array}{c}{v}_{i,j,s}^k={\left(L^{-1}{X}_{i+4}^k\right)}_j\&CirclePlus;\left(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\right)\&CirclePlus;{\mathrm{rk}}_{i,j,s}\\ ={\left(L^{-1}{X}_i^k\right)}_j\&CirclePlus;\mathrm{\&tau;}\left(\left(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\right)\&CirclePlus;{\mathrm{rk}}_{i,j,s}\right)\&CirclePlus;\left(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\right)\&CirclePlus;{\mathrm{rk}}_{i,j,s}\end{array}$ and $\begin{array}{c}{v}_{i,j,s}^k={\left(L^{-1}{X}_i^k\right)}_j\&CirclePlus;\left(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j,s}\right)\\ ={\left(L^{-1}{X}_{i+4}^k\right)}_j\&CirclePlus;\mathrm{\&tau;}\left(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j,s}\right)\&CirclePlus;\left(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j,s}\right)\end{array},$ wherein L is^-1(x)_jIs composed ofCarry out L^-1The shifted j-th byte is then used, $\begin{array}{c}{L}^{-1}\left(x\right)=x\&CirclePlus;\left(x<<<2\right)\&CirclePlus;\left(x<<<4\right)\&CirclePlus;\left(x<<<8\right)\&CirclePlus;\left(x<<<12\right)\&CirclePlus;\left(x<<<14\right)\&CirclePlus;\left(x<<<16\right)\&CirclePlus;\\ \left(x<<<18\right)\&CirclePlus;\left(x<<<22\right)\&CirclePlus;\left(x<<<24\right)\&CirclePlus;\left(x<<<30\right)\end{array};$ τ is formed by 4 parallel S boxes, with the input set to $A=(a_0,a_1,a_2,a_3)\&Element;{\left(Z_2^8\right)}^4,$ Output is as $B=(b_0,b_1,b_2,b_3)\&Element;{\left(Z_2^8\right)}^4,$ Then (b)₀,b₁,b₂,b₃)＝τ(A)＝(Sbox(a₀),Sbox(a₁),Sbox(a₂),Sbox(a₃) ); when N groups of plain/cipher texts are encrypted/decrypted, 256 guess round key bytes rk are calculated in sequence_i,j,sDetermining a matrix of intermediate values for corresponding intermediate valuesThe specific method for performing the step (4) by using the CPA comprises the following steps: (3) the simulated energy consumption of the step-middle value mapping is as follows:that is, the simulation energy consumption corresponding to the s guess key byte of the ith byte of the kth group of plaintext and the jth byte of the ith round, HW (x) is the number of bit values of 1 in x, the encryption/decryption operation is carried out on N groups of plaintext/ciphertext, and the round key byte rk is determined_i,j,sThe corresponding simulated energy consumption matrix is:

7. s-box input based according to claim 5The method for analyzing the side channel energy of the SM4 cryptographic algorithm by using the basic Hamming distance model is characterized in that the specific method for performing the step (5) by using the CPA comprises the step of performing sampling energy consumption matrix of the step (1)And (4) respectively calculating correlation coefficients rho of the s-th column and the t-th column of the simulation energy consumption matrix H_s,t：Wherein,expressed as sample energy consumption value corresponding to kth plaintext/ciphertext and tth time point, T is the number of time points in the energy trace,the matrix elements in the simulation energy consumption matrix, namely the simulation energy consumption corresponding to the jth byte of the ith round of the kth group of plaintext, the jth byte of the sth round,is the average value of the s-th column of the matrix H,is the average value, p, of the t-th column of the matrix W_s,tRepresents the linear correlation coefficient between the simulated energy consumption corresponding to the s-th guess key and the t-th sampling energy consumption at the time point, r_s,tCalculating the correlation coefficient between all the columns for the approximate calculation value of the correlation coefficient to obtain a correlation coefficient matrix of simulation energy consumption and sampling energy consumptionSelecting the maximum value R in R_m,n＝max(r_s,t)，r_m,nCorresponding guess key rk_i,j,mGuessing the byte of the round key correctly to obtain the j byte rk of the correct ith round key_i,j(ii) a Repeating the steps (1) to (5) to respectively obtain other 3 key bytes of the round key so as to obtain the correct round key rk of the ith round_iFor the first 4 rounds, the round key rk is used_iCarrying out the cryptographic operation of the ith round to obtain N groups of round outputs of the ith round, namely the round inputs of the (i + 1) th roundSequentially obtaining encryption round keys (rk) of the first 4 rounds₀,rk₁,rk₂,rk₃)＝(K₄,K₅,K₆,K₇) Or decryption round keys (rk)₀,rk₁,rk₂,rk₃)＝(K₃₅,K₃₄,K₃₃,K₃₂) (ii) a For the rear 4 rounds, the round key rk is used_iCarrying out the ith round of cryptographic operation to obtain the (i-1) th round of outputSequentially obtaining the encryption round keys (rk) of the last 4 rounds₃₁,rk₃₀,rk₂₉,rk₂₈)＝(K₃₅,K₃₄,K₃₃,K₃₂) Or decryption round keys (rk)₃₁,rk₃₀,rk₂₉,rk₂₈)＝(K₄,K₅,K₆,K₇) (ii) a And obtaining the encryption/decryption key according to the inverse operation of the key expansion algorithm.

8. The method for analyzing the channel energy of the SM4 cryptographic algorithm side by the Hamming distance model based on S-box input as claimed in claim 4, wherein the step of DPA side channel energy analysis of the SM4 cryptographic algorithm by the Hamming distance model based on S-box input is as follows:

(a) acquiring energy traces, specifically performing encryption/decryption operation on each group of plaintext/ciphertext, acquiring energy consumption information corresponding to a measurement time point, namely acquiring the energy traces, and establishing a sampling energy consumption matrix;

(b) selecting the attack object as a round functionDetermining DPA selection function, and knowing j (j ∈ {0,1,2, 3) } th byte rk of ith round key_i,jThe corresponding attack object isGuessing the key byte rk with plaintext/ciphertext_i,jAs a parameter, and its expected valueThe selection function defined herein is $D(X^k,j,{\mathrm{rk}}_{i,j})=\left\{\begin{array}{cc}1& HW\left(v_{i,j}^k\right)<4\\ 0& HW\left(v_{i,j}^k\right)>4\end{array}\right.,$ Wherein hw (x) represents the number of 1's in the x bit string;

(c) guessing a round key, and dividing the average energy consumption into two average energy consumption subset matrixes;

(d) and (c) determining a correct guess key according to the difference of the two average energy consumption subsets obtained in the step (c).

9. The method for SM4 cryptographic algorithm side channel energy analysis using an S-box input based Hamming distance model as claimed in claim 8, wherein the specific method for performing step (c) using DPA is that the kth group of plaintext/ciphertext inputs is knownOr ciphertext/plaintext outputThen guess the i-th round key rk_iByte rk in (1)_i,j，rk_i,jGuessed values of are rk respectively_i,j,sS, s ∈ { 0.., 255}, guessing the round key byte rk_i,j,sCorresponding selection function D (X)^k,j,rk_i,j,s) When 1, the total number isrk_i,j,sCorresponding selection function D (X)^k,j,rk_i,j,s) When the number is 0, the total number isFor a time point t in the energy trace, the mean of the total energy consumption of the two points is obtained:andwherein,for using guess round key byte rk_i,j,sWhen N groups of encryption/decryption operations are carried out, N of time point t corresponding to the function equal to 0 is selected₀Group energy consumption averages;for selecting n for a time t corresponding to a function equal to 1₁Average of group energy consumption, n₀+n₁N is the number of groups for encryption/decryption, and the energy consumption is averaged over all time points by the above formula to obtain two energy consumption matrices D₀(256 × T) and D₁(256 × T), respectively:

and

the specific method for performing step (d) using DPA is: calculating the average energy consumption matrix D obtained in the step (c)₀(256 × T) and D₁(256 × T) difference matrix △ D ═ D₁-D₀Selecting the maximum energy consumption mean value differenceThenCorresponding guess round key byte rk_i,j,mThe correct key byte is obtained, namely the jth byte of the correct round key of the ith round is obtained, the steps (a) to (d) are repeated, and other 3 key bytes of the round key can be respectively obtained, so that the correct round key rk of the ith round is obtained_iFor the first 4 rounds, the round key rk is used_iThe ith round of sealingCode operation to obtain N groups of wheel outputs of the ith wheel, namely the wheel input of the (i + 1) th wheelSequentially obtaining encryption round keys (rk) of the first 4 rounds₀,rk₁,rk₂,rk₃)＝(K₄,K₅,K₆,K₇) Or decryption round keys (rk)₀,rk₁,rk₂,rk₃)＝(K₃₅,K₃₄,K₃₃,K₃₂) (ii) a For the rear 4 rounds, the round key rk is used_iCarrying out the ith round of cryptographic operation to obtain the (i-1) th round of outputSequentially obtaining the encryption round keys (rk) of the last 4 rounds₃₁,rk₃₀,rk₂₉,rk₂₈)＝(K₃₅,K₃₄,K₃₃,K₃₂) Or decryption round keys (rk)₃₁,rk₃₀,rk₂₉,rk₂₈)＝(K₄,K₅,K₆,K₇) (ii) a And obtaining the encryption/decryption key according to the inverse operation of the key expansion algorithm.

10. The method of SM4 cryptographic side channel energy analysis using the Hamming distance model based on S-box input as claimed in claim 6, wherein the Hamming distance (HD (v) used for the attack performed 4 rounds before/after the round function is selected₁,v₂) Previous state v of the model₁Is S Box input, successor state v₂Is a round function input/output equivalent to an attack using a Hamming Weight (HW) model with the exclusive or value of the S-box input and the round output/input as the attack object, i.e., an attack $\begin{array}{c}{v}_{i,j}^k=X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}\&CirclePlus;{\left(L^{-1}{X}_{i+4}^k\right)}_j\\ =X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}\&CirclePlus;L^{-1}{\left(X_i^k\right)}_j\&CirclePlus;\mathrm{\&tau;}\left(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}\right)\end{array}$ Or $\begin{array}{c}{v}_{i,j}^k=X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}\&CirclePlus;{\left(L^{-1}{X}_i^k\right)}_j\\ =X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}\&CirclePlus;L^{-1}{\left(X_{i+4}^k\right)}_j\&CirclePlus;\mathrm{\&tau;}\left(X_{i+1,j}^k\&CirclePlus;X_{i+2,j}^k\&CirclePlus;X_{i+3,j}^k\&CirclePlus;{\mathrm{rk}}_{i,j}\right)\end{array},$ Herein, theIs the wheel input for the ith wheel,is the wheel output of the ith wheel, i is in turn 0,1,2,3 or 31,30,29, 28.