通信学报
通信學報
통신학보
JOURNAL OF CHINA INSTITUTE OF COMMUNICATIONS
2013年
7期
134-142
,共9页
冀可可%王韬%郭世泽%赵新杰%刘会英
冀可可%王韜%郭世澤%趙新傑%劉會英
기가가%왕도%곽세택%조신걸%류회영
汉明重%LED%代数旁路攻击%可满足性%伪布尔优化%线性编程
漢明重%LED%代數徬路攻擊%可滿足性%偽佈爾優化%線性編程
한명중%LED%대수방로공격%가만족성%위포이우화%선성편정
Hamming weight%LED%ASCA%satisfiability%pseudo-Boolean optimization%linear programming
对CHES 2011会议提出的LED轻型分组密码抗代数旁路攻击能力进行了评估。给出了密码算法代数旁路攻击模型及LED密码代数方程表示方法;利用示波器采集微控制器ATMEGA324P上的LED实现功耗泄露,选取功耗特征较为明显的部分泄露点,基于 Pearson 相关系数方法推断加密中间状态汉明重;分别基于可满足性问题、伪布尔优化问题、线性编程问题给出了LED密码和汉明重泄露的3种代数方程表示方法;使用CryptoMinisat和SCIP 2种解析器对建立的代数方程求解恢复密钥,在已知明文、未知明密文、容错等场景下进行了大量的攻击实验。结果表明,LED易遭受代数旁路攻击,一条功耗曲线的1轮汉明重泄露分析即可恢复64 bit完整密钥。
對CHES 2011會議提齣的LED輕型分組密碼抗代數徬路攻擊能力進行瞭評估。給齣瞭密碼算法代數徬路攻擊模型及LED密碼代數方程錶示方法;利用示波器採集微控製器ATMEGA324P上的LED實現功耗洩露,選取功耗特徵較為明顯的部分洩露點,基于 Pearson 相關繫數方法推斷加密中間狀態漢明重;分彆基于可滿足性問題、偽佈爾優化問題、線性編程問題給齣瞭LED密碼和漢明重洩露的3種代數方程錶示方法;使用CryptoMinisat和SCIP 2種解析器對建立的代數方程求解恢複密鑰,在已知明文、未知明密文、容錯等場景下進行瞭大量的攻擊實驗。結果錶明,LED易遭受代數徬路攻擊,一條功耗麯線的1輪漢明重洩露分析即可恢複64 bit完整密鑰。
대CHES 2011회의제출적LED경형분조밀마항대수방로공격능력진행료평고。급출료밀마산법대수방로공격모형급LED밀마대수방정표시방법;이용시파기채집미공제기ATMEGA324P상적LED실현공모설로,선취공모특정교위명현적부분설로점,기우 Pearson 상관계수방법추단가밀중간상태한명중;분별기우가만족성문제、위포이우화문제、선성편정문제급출료LED밀마화한명중설로적3충대수방정표시방법;사용CryptoMinisat화SCIP 2충해석기대건립적대수방정구해회복밀약,재이지명문、미지명밀문、용착등장경하진행료대량적공격실험。결과표명,LED역조수대수방로공격,일조공모곡선적1륜한명중설로분석즉가회복64 bit완정밀약。
The security of LED against the algebraic side-channel attack (ASCA)was evaluated, which is a lightweight block cipher proposed in CHES 2011. Firstly, the attack model of ASCA was analyzed, and then the design and algebraic representations of LED were described. Secondly, the power leakages of LED on ATMEGA324P microcontroller were measured by a digital oscilloscope; some leakage points with obvious power patterns were chosen as the targeted points and used to deduce the Hamming weight via computing the Pearson correlation factor; satisfiability-based, Pseu-do-Boolean optimization-based, linear programming-based methods were used to representing Hamming weights with algebraic equations. Finally, the CryptoMinisat and the SCIP solver were applied to solve for the key and many attacks are conducted under different scenarios. Experiment results demonstrate that LED is vulnerable to ASCA, full 64 bit master key can be derived via analyzing the HW leakages of the first round in LED.
