论文部分内容阅读
欧氏距离和曼哈顿距离等明氏距离(Minkowski Distance)被成功用到模板攻击中,用于度量能量迹与模板的匹配程度.但是,基于目前已有的功耗模型,在仅泄漏汉明重量的密码设备上使用明氏距离或者其他用来度量相似度的函数来实施传统模板攻击,均难以从少量的能量迹中成功恢复密码设备的密钥.本文针对汉明重量模型提出了一种高效、实用的放大模板攻击方案.该方案在密钥恢复阶段,对于每一个猜测密钥,均根据中间值的汉明权重对采集到的能量迹进行分类.每个类中的所有能量迹,均与该类的汉明权重模板进行匹配,类间求匹配程度总和.最后,通过最大相似度原则来恢复密钥.在AT89S52芯片上的实验证明,通过利用欧氏距离和曼哈顿距离,本文提出的方案能在450条能量迹刻画模板的条件下,从约48条能量迹中以接近1.00的概率成功恢复出AES算法的密钥.此外,在使用少量的能量迹来刻画汉明重量模板的情况下,本文提出的方案依然能通过少量的能量迹从泄漏密码运算中间值的汉明重量的其他密码设备中成功地恢复出密码算法使用的密钥.
Euclidean distance and Manhattan distance Minkowski Distance was successfully used in the template attack to measure the matching degree of energy traces with the template.But based on the existing power consumption model, Of the password device using the distance or other functions used to measure the similarity to implement the traditional template attack, it is difficult to recover the cryptographic device key from a small amount of energy traces successfully.In this paper, an efficient , A practical amplification template attack scheme is proposed.In this scheme, during the key recovery phase, for each guessing key, the collected energy traces are classified according to the Hamming weights of the intermediate values.All the energy traces in each class are And the type of Hamming weight template matching, the sum of matching between classes.Finally, the principle of maximum similarity to recover the key.The experiment on the AT89S52 chip proves that by using Euclidean distance and Manhattan distance, this paper proposes The scheme can successfully recover the key of AES algorithm from about 48 energy traces with a probability close to 1.00 under the condition of 450 energy traces to describe the template.Moreover, The case where the power trace to characterize the Hamming weight of the template, the proposed scheme can still successfully trace amount of energy recovered from the key encryption algorithm using another cryptographic device leakage cryptographic operation of the intermediate value of the Hamming weight.