| 研究課題/領域番号 |
18H06460
|
|---|
| 配分区分 | 補助金 |
|---|
| 研究機関 | 電気通信大学 |
|---|
研究代表者 |
李 陽 電気通信大学, 大学院情報理工学研究科, 准教授 (20821812)
|
|---|
| 研究期間 (年度) |
2018-08-24 – 2020-03-31
|
| キーワード | AES / Round keys / Masking / Side-Channel Attack |
|---|
| 研究実績の概要 |
In this year's research, we largely improved the key recovery efficiency for the simple power analysis on the masked expanded AES round keys. Compared to existing work, the key recovery speed is improved by up to 95%. In a certain scenario, the key recovery success rate is improved from 47% to 96%. The related research result is under submission to an international conference.
These improvements come from several techniques as (1) new data structure in the key recovery, (2) improved information extraction from Hamming weights, (3) fully usage of all leakage traces, and (4) optimized recovery sequence of the key bytes.
Besides, we use the similar approach of this project to improve an DFA attack on a cryptographic primitive named PAEQ, which was published in an international conference.
|
| 現在までの達成度 (区分) |
現在までの達成度 (区分)
2: おおむね順調に進展している
理由
As planed in the research proposal, in the first year we achieved the large improvement of the general key recovery algorithm with better efficiency and higher success rate. Compared to existing work, the key recovery speed is improved by up to 95%. In a certain scenario, the key recovery success rate is improved from 47% to 96%.
Furthermore, the proposed key recovery architecture is more general than the existing one. In other words, it can be used to evaluate various leakage models and inspire the design method of the masking schemes.
Based on the finished research, we can achieve a better understanding of the essence for the information leakage and the key recovery approach, which can lead to the goal of this project as designing a general masking scheme for the fixed value.
|
| 今後の研究の推進方策 |
The research will follow the original proposal.
First, we will further extend the improved key recovery architecture considering more variations of the leakage model and the noise model. We will evaluate the measurement noise in a laboratory environment.
Second, we will design the masking scheme to achieve the highest key recovery complexity using the limited randomness. Based on the established key recovery architecture, we will summarize the relationship between the security evaluation result and the masking schemes. These relationships will be formalized to a few design principles of the masking schemes.
For several typical use cases such as AES, we will propose the randomness allocation schemes that maximize the computational complexity of the key recovery with limited randomness.
|
