【作者】 沈增晖；

【导师】 刘连浩；

【作者基本信息】 中南大学 ， 计算机系统结构， 2008， 硕士

【摘要】 传统的分组密码分析技术局限于算法的数学结构,其攻击效果往往不佳。国内外密码学界都在加强基于算法实现的分析方法研究,边带信道分析技术作为一种新的密码分析方法迅速成为研究热点。在AES的功耗分析与故障攻击及防范方法这一研究领域,本文完成的主要研究工作如下:首先研究S盒抗DPA能力指标,求出一个新的S盒抗DPA能力下界,以此下界为基础,可以计算出不同非线性度布尔函数的下界,其值较以前的计算结果更为精确。给出了加密算法非线性度的大小与S盒抗DPA能力的关系,得出了加密算法非线性度的大小与其防范功耗分析的能力成反比的结论并仿真实验验证了该结论的正确性。此后对AES的故障攻击方法进行了研究,利用S盒非线性运算成功实现了针对AES的差分故障攻击,对已有算法进行改进,降低了计算复杂度,并利用符号化方法将针对AES的故障分析方法一体化。最后综合分析了防范功耗分析和故障攻击的方法,提出了一种针对使用AES的密码芯片的防范功耗分析和故障分析的安全算法,阐述了其对防御时间分析也能起到一定的作用,建立了防范边带信道分析的一体化防御方案。更多还原

【Abstract】 Traditional block-cipher cryptanalysis mainly focuses on the mathematical structure of cipher systems, and has not exploited well effectiveness. Recently, much work has been done in cryptanalysis based on the implementation of the cipher systems from the cryptographic community. The side channel analysis, as a newly proposed cryptanalysis technique, is the current hot spot. This paper mainly concentrates on the Power Analysis, Fault Attack on AES, as well as their countermeasures. The main work is listed as follows:Firstly, the S-box’s capability index of DPA resistance is studied, and a new lower bound of the S-box’s capability of DPA resistance is deduced. Base on this bound, the lower bounds of Boolean functions with different nonlineanty can be calculated. Then the relationship between the nonlinearity and the S-box’s capability of DPA resistance is described in detail, and the conclusion that S-box’s capability of DPA resistance will grow inversely with the nonlinearity of the cipher system is proposed, which is verified by our simulation.Secondly, fault attack on Advanced Encryption Standard is studied, fault attack on AES through the S-box’s nonlinear operation is successfully implemented. And then by using symbolical methods these approaches are systemized, which will provide an effective channel to further research on provable security.Finally, the methods of preventing the power analysis and fault attack are discussed, and a security algorithm against the power analysis and the fault attack is proposed, as well as the timing analysis, on chip cards implementing AES cipher. The defense against side channel analysis can be established.更多还原