1 Introduction

A smart card, also called a CPU card, not only has a data storage function, but also has functions such as data security protection and complex cryptographic operations. The smart card uses the RSA algorithm as the public key encryption algorithm. However, in the running process, the smart card will inevitably leak some bypass information, such as energy, electromagnetic waves, time, etc. The use of energy consumption information to attack the smart card can achieve good results, and its harm is far greater than the traditional mathematical attack means.

In 1999, Paul first proposed energy analysis. Energy analysis refers to the energy consumption information generated by adding hardware devices such as smart card encryption chips during encryption, decryption or signature operations. Using cryptography and statistical principles to analyze and decipher key information. An attack method. usually. Energy analysis attacks can be divided into simple power analysis (SPA) attacks and differential energy analysis (DPA) attacks. DPA is a very fast and effective attack method. Therefore, in recent years, various defense methods for DPA have become a research hotspot.

2 DPA attack principle

DPA is the correlation between the energy signal when the smart card crypto chip is running and the key of the cryptographic algorithm. This correlation ridicule can be exposed by running multiple cryptographic algorithms. The process of DPA is as follows.

....................

3 algorithm level DPA attack RSA

3.1 The idea of â€‹â€‹algorithm-level DPA attacking RSA

The modular exponentiation is the most fundamental operation in RSA. The modular exponentiation can be decomposed into multiple modular square operations and modular multiplication operations. The energy consumed by modular square operations and modular multiplication operations is different. The main idea of â€‹â€‹DPA attacking RSA is to use the RSA algorithm to calculate the energy consumption of the square operation and the multiplication operation. Considering the interference of noise on the energy consumption trajectory, the statistical operation of the mean and difference is used to continuously correct the energy consumption trajectory, and the design is rationally differentiated. The function classifies the energy consumption trajectory corresponding to the bit of the private key, and finally obtains the bit information of the private key index.

3.2 The main method of algorithm level DPA attack RSA

According to the preconditions of the attack, the methods of DPA attacking RSA are mainly the following two types.

(1) DPA attack under the premise of obtaining the known public key index

According to the IS07816 standard. The user of the smart card can obtain the public key index value of the card through the manual. You can run the "External Authentication" command to use the public key index for encryption operations. The "internal authentication" instruction can be run on any input to use the private key index for signing operations.

....................

4 algorithm-level defense against DPA attacks

In view of the above algorithm-level attack methods, there are several types of algorithm-level methods for preventing DPA attacks. The defense ideas are: eliminating or reducing the algorithm operand features, eliminating the correspondence between operands and intermediate values â€‹â€‹and energy consumption during algorithm execution. relationship. Can be roughly divided into the following categories.

(1) Reduce the signal strength. The main implementation methods for reducing the signal strength include the algorithm performing continuous coding, selecting small energy operation instructions, and balancing the Hamming weight. The algorithm performs continuous coding to prevent DPA from judging the start and end points of different algorithms. Does not provide valuable algorithm information; the idea of â€‹â€‹selecting small energy operation is to replace some original instructions with instructions that are not easy to produce significant energy consumption changes, so that the energy consumption of the instructions is reduced and the energy consumption of different instructions is balanced: The weight can be expressed in both the original code and the reverse code, avoiding the leakage of energy information through the direct relationship between Hamming weight and energy consumption.
(2) Increase random noise. By introducing random noise, the useful signal is completely submerged in useless noise, thereby increasing the difficulty of energy attack. but. This method can't solve the problem fundamentally: First, the attacker can eliminate this interference through effective filtering; second, DPA itself weakens the influence of noise when doing statistical average.
(3) Data randomization masks. It can be divided into two types: plaintext randomization masking and exponential randomization masking. The mathematical operations are transformed and inverse transformed respectively, so that the operands in the RSA algorithm are substitutes of the randomized deformation. The true difference point position is not obtained by the energy difference operation alone. This masks the real algorithm and achieves the purpose of defending against DPA attacks. However, these two methods actually do not have an effective effect, because algorithmically speaking, the square operation is less than half of the instructions. Therefore, the energy consumed by the square sum multiplication operation will vary greatly. If only the operands are different, the number of multiplications and squares performed by the operation is unchanged, so that the interference of the energy change caused by the operation is basically negligible, and the two masks still cannot completely obscure the real energy consumption trajectory of the operation instruction. An attacker can obtain the internal information of the algorithm operation through the energy consumption trajectory of different operation instructions of its square operation or multiplication operation, and then combine with other attack means to attack.

5 triple cover method

In order to make up for the shortcomings of the above methods, this paper proposes a new method to defend against DPA attacks based on the data randomization mask of the most important modular power algorithm in RSA algorithm. Design an invalid algorithm equivalent to the energy consumption of the smart card for square or multiplication, based on the plaintext randomization mask and exponential randomization mask of the original modular power algorithm. Add a random instruction between the square and multiplication instructions to perform "disguise". The algorithm also performs real square or multiplication operations, and the operation result is written into the memory, so that the energy consumption is similar to the energy consumption of the instructions in the algorithm, and the trajectory is similar, which achieves the purpose of masking the energy consumption trajectory. This provides a comprehensive defense against DPA attacks in three aspects: plaintext, index, and arithmetic instructions. The triple-masked RSA modular power improvement algorithm for defending against DPA attacks is as follows.

.................... 