| 注册
首页|期刊导航|电子学报|基于减轮故障的SM2解密算法选择密文组合攻击

基于减轮故障的SM2解密算法选择密文组合攻击

李昊远 韩绪仓 曹伟琼 王舰 陈华

电子学报2023,Vol.51Issue(11):3187-3198,12.
电子学报2023,Vol.51Issue(11):3187-3198,12.DOI:10.12263/DZXB.20220481

基于减轮故障的SM2解密算法选择密文组合攻击

Chosen Ciphertext Combined Attack Based on Round-Reduced Fault Against SM2 Decryption Algorithm

李昊远 1韩绪仓 1曹伟琼 2王舰 1陈华2

作者信息

  • 1. 中国科学院软件研究所可信计算与信息保障实验室,北京 100190||中国科学院大学,北京 100049
  • 2. 中国科学院软件研究所可信计算与信息保障实验室,北京 100190
  • 折叠

摘要

Abstract

SM2 algorithm is a commercial elliptic curve cryptographic algorithm designed by China.At present,the analysis of the implementation security of this algorithm usually follows the research results on the common components of elliptic curves rather than the structure and characteristics of the algorithm.At the same time,hash and verification steps in SM2 decryption algorithm make most of the fault attacks that need to exploit the error output not applicable.To solve this problem,according to characteristics of SM2 decryption algorithm,this paper proposes a chosen ciphertext combined attack that combines the round-reduced fault with side channel based on the idea of safe-error.The core of the attack is changing the number of rounds of scalar multiplication by fault injection,and determining the specific number of faulty rounds by side channel analysis.Then it constructs the chosen ciphertext based on partial key guesses combined with plaintext and correct ciphertext.And the chosen ciphertext is input to the decryption device with specific fault effect,verifying whether the partial key guess is correct by the output of the decryption device.Also,the applicability of the attack to different scalar multiplication methods and common protection countermeasures is analyzed in the paper.Lastly,we conduct practical at-tack experiments on the SM2 decryption algorithm with clock glitch injection and simple power analysis on an STM32F303 microcontroller chip based on the ARM Cortex M4.And we successfully recover the private key.The experimental results show that the attack method is feasible and practical.

关键词

组合攻击/减轮故障/侧信道攻击/选择密文/安全错误/SM2解密

Key words

combined attack/round-reduced fault/side channel attack/chosen ciphertext/safe-error/SM2 decryption

分类

信息技术与安全科学

引用本文复制引用

李昊远,韩绪仓,曹伟琼,王舰,陈华..基于减轮故障的SM2解密算法选择密文组合攻击[J].电子学报,2023,51(11):3187-3198,12.

基金项目

国家自然科学基金(No.62172395)National Natural Science Foundation of China(No.62172395) (No.62172395)

电子学报

OA北大核心CSCDCSTPCD

0372-2112

访问量0
|
下载量0
段落导航相关论文