摘要
针对现有flush-reload cache计时攻击中监测地址选取方法不适用于SM2数字签名算法的问题,提出了一种新的监测地址选取方法,通过监测含有函数调用指令的cache块地址,利用函数调用导致的cache块多次访问特性提高了对cache访问行为监测的准确性,降低了恢复标量k的错误率,实现了对SM2数字签名算法的密钥恢复.实验结果表明:所提出的方法能够对SM2数字签名算法实施有效攻击,利用一次签名的旁路信息恢复256 bit标量k的比特错误率仅为1.09%,能在64次密钥搜索的代价下以59%的成功率完全破解签名者私钥.
Previous flush-reload cache attacks cannot be directly adopted to SM2 digital signature algorithm.In this paper,an improved method for selecting the monitored address in flush-reload cache attacks on SM2 was proposed.By taking advantage of multiple cache accesses caused by function callings, the cache lines which contain call instructions were selected to be the monitored addresses in order to increase the accuracy.The experimental results show that the proposed method makes the flush-reload attack on SM2 feasible and effective.The 256 bit scalar k can be recovered with a bit errors rate as only 1.09% by the side channel information of a single signing.The full private key can be recovered with a success rate as 59% through 64 times exhaustive research.
作者
周平
王韬
张帆
赵新杰
Zhou Ping1,2 ,Wang Tao1, Zhang Fan3,4, Zhao Xinjie5(1 Department of Information Engineering, Ordnance Engineering College, Shijiazhuang 050003, China; 2 PLA Unit 69016 Urumqi 830049, China: 3 College of Information Science & Electronics Engineering, Zhejiang University, Hangzhou 310027, China; 4 Science and Technology on Communication Security Laboratory, China Electronics Technology Group Corporation, Chengdu 610041, China~ 5 The Institute of North Electronic Equipment, Beijing 100083, Chin)
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2018年第3期24-29,共6页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家自然科学基金资助项目(61272491,61309021,61472357,61571063)
中央高校基本科研业务费专项资金资助项目(2015QNA5005)
保密通信重点实验室基金资助项目(9140C110602150C11053)
关键词
公钥密码
数字签名
旁路攻击
CACHE计时攻击
椭圆曲线
SM2
public-key cryptography, digital signature
side-channel attack, cache timing attack
elliptic curve
SM2
