针对椭圆曲线点乘算法的代数故障攻击

首先通过分析固定梳(comb)点乘算法和窗口非相邻型(NAF)点乘算法,提出了一种代数故障攻击算法,可以恢复椭圆曲线密码算法的全部私钥。代数故障攻击算法在执行过程中不会被检测出来,遇到全零块也不会使攻击失效。然后通过软件仿真分别实现了对两种点乘算法的攻击,攻击的参考椭圆曲线为商用密码SM2算法提供的素数域曲线。攻击comb点乘算法需要13min,攻击窗口NAF点乘算法需要18min,并且都恢复了256比特长的私钥。而差分故障攻击方法不能攻击comb点乘算法,也容易遭受"故障检测"和"零块失效"的威胁,使得攻击失败。实验结果表明,代数故障攻击可以对有预计算的点乘算法实现高效攻击,健壮性强。...

Full description

Saved in:
Bibliographic Details
Published in计算机工程与科学 Vol. 39; no. 11; pp. 2037 - 2042
Main Author 许盛伟;陈诚;王荣荣
Format Journal Article
LanguageChinese
Published 北京电子科技学院,北京,100070%北京电子科技学院,北京100070 2017
西安电子科技大学通信工程学院,陕西西安710071
Subjects
comb点乘算法
代数故障攻击
故障检测
椭圆曲线密码
窗口NAF点乘算法
零块失效
代数故障攻击
椭圆曲线密码
comb scalar multiplication
fault detection
故障检测
algebraic fault attack
零块失效
window NAF scalar multiplication
窗口NAF点乘算法
zero block failure
comb点乘算法
elliptic curve cryptography
Online AccessGet full text
ISSN1007-130X
DOI10.3969/j.issn.1007-130X.2017.11.010

Cover

More Information
Summary:首先通过分析固定梳(comb)点乘算法和窗口非相邻型(NAF)点乘算法,提出了一种代数故障攻击算法,可以恢复椭圆曲线密码算法的全部私钥。代数故障攻击算法在执行过程中不会被检测出来,遇到全零块也不会使攻击失效。然后通过软件仿真分别实现了对两种点乘算法的攻击,攻击的参考椭圆曲线为商用密码SM2算法提供的素数域曲线。攻击comb点乘算法需要13min,攻击窗口NAF点乘算法需要18min,并且都恢复了256比特长的私钥。而差分故障攻击方法不能攻击comb点乘算法,也容易遭受"故障检测"和"零块失效"的威胁,使得攻击失败。实验结果表明,代数故障攻击可以对有预计算的点乘算法实现高效攻击,健壮性强。
Bibliography:elliptic curve cryptography; comb scalar multiplication; window NAF scalar multiplication;algebraic fault attack ; zero block failure ; fault detection
43-1258/TP
XU Sheng-wei1 ,CHEN Cheng1,2, WANG Rong-rong1,2 (1. Beijing Electronic Science &Technology Institute,Beijing 100070; 2. College of Communication Engineering, Xidian University, Xi ' an 710071, China)
Firstly, by analyzing the comb scalar multiplication and window non-adjacent form (NAF) scalar multiplication algorithms, we put forward an algebraic fault attack algorithm, which can recover all the private keys of elliptic curve cryptographic algorithms. The algebra fault attack algorithm cannot be detected in the execution process or fails when it meets all zero blocks. Then using the prime field curve of the commercial cryptography SM2 algorithm as the elliptic curve reference, the two scalar mul- tiplication algorithms are attacked respectively in software simulation. It takes 13 minutes to attack the comb scalar multiplication algorithm and 18 minute
ISSN:1007-130X
DOI:10.3969/j.issn.1007-130X.2017.11.010