CLC number: TP309
On-line Access: 2024-08-27
Received: 2023-10-17
Revision Accepted: 2024-05-08
Crosschecked: 2019-07-12
Cited: 0
Clicked: 7117
Ye Yuan, Kai-ge Qu, Li-ji Wu, Jia-wei Ma, Xiang-min Zhang. Correlation power attack on a message authentication code based on SM3[J]. Frontiers of Information Technology & Electronic Engineering, 2019, 20(7): 930-945.
@article{title="Correlation power attack on a message authentication code based on SM3",
author="Ye Yuan, Kai-ge Qu, Li-ji Wu, Jia-wei Ma, Xiang-min Zhang",
journal="Frontiers of Information Technology & Electronic Engineering",
volume="20",
number="7",
pages="930-945",
year="2019",
publisher="Zhejiang University Press & Springer",
doi="10.1631/FITEE.1800312"
}
%0 Journal Article
%T Correlation power attack on a message authentication code based on SM3
%A Ye Yuan
%A Kai-ge Qu
%A Li-ji Wu
%A Jia-wei Ma
%A Xiang-min Zhang
%J Frontiers of Information Technology & Electronic Engineering
%V 20
%N 7
%P 930-945
%@ 2095-9184
%D 2019
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.1800312
TY - JOUR
T1 - Correlation power attack on a message authentication code based on SM3
A1 - Ye Yuan
A1 - Kai-ge Qu
A1 - Li-ji Wu
A1 - Jia-wei Ma
A1 - Xiang-min Zhang
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 20
IS - 7
SP - 930
EP - 945
%@ 2095-9184
Y1 - 2019
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.1800312
Abstract: Hash-based message authentication code (HMAC) is widely used in authentication and message integrity. As a Chinese hash algorithm, the SM3 algorithm is gradually winning domestic market value in China. The side channel security of HMAC based on SM3 (HMAC-SM3) is still to be evaluated, especially in hardware implementation, where only intermediate values stored in registers have apparent Hamming distance leakage. In addition, the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis. In this paper, a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation. Real attack experiments on a field programmable gate array (FPGA) board have been performed. Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.
[1]Belaïd S, Bettale L, Dottax E, et al., 2015. Differential power analysis of HMAC SHA-1 and HMAC SHA-2 in the Hamming weight model. In: Obaidat MS, Holzinger A, Filipe J (Eds.), E-Business and Telecommunications. Springer, Cham, p.363-379.
[2]Bellare M, Canetti R, Krawczyk H, 1996. Keying hash functions for message authentication. Int Cryptology Conf on Advances in Cryptology, p.1-15.
[3]Brier E, Clavier C, Olivier F, 2004. Correlation power analysis with a leakage model. In: Joye M, Quisquater JJ (Eds.), Cryptographic Hardware and Embedded Systems. Springer Berlin Heidelberg, p.16-29.
[4]Ding DW, Gao XW, 2012. Design and implementation of SM3 algorithm on FPGA. Microcomp Appl, 31(5):26-28 (in Chinese).
[5]FIPS, 2002. The Keyed-Hash Message Authentication Code (HMAC). Federal Information Processing Standards Publication, Gaithersburg, MD, USA.
[6]Guo LM, Wang LH, Liu D, et al., 2015. A chosen-plaintext differential power analysis attack on HMAC-SM3. 11th Int Conf on Computational Intelligence and Security, p.350-353.
[7]Kocher P, Jaffe J, Jun B, 1999. Differential power analysis. In: Wiener M (Ed.), Advances in Cryptology. Springer Berlin Heidelberg, p.388-397.
[8]Liu ZB, Ma Y, Jing JW, et al., 2011. Implementation of SM3 HASH function on FPGA. Netinfo Secur, 9:191-193, 218 (in Chinese).
[9]Ma Y, Xia LN, Lin JQ, et al., 2012. {Hardware performance optimization and evaluation of SM3 hash algorithm on FPGA}. 14th Int Cryptology Conf on Information and Communications Security, p.105-118.
[10]McEvoy R, Tunstall M, Murphy CC, et al., 2007. {Differential power analysis of HMAC based on SHA-2, and countermeasures}. 8th Int Conf on Information Security Applications, p.317-332.
[11]Menezes A, van Oorschot PC, Vanstone S, 1996. Hash functions and data integrity. In: Handbook of Applied Cryptography. CRC Press, Boca Raton, USA, p.321-376.
[12]Moradi A, Barenghi A, Kasper T, et al., 2011. {On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs}. Proc 18th ACM Conf on Computer and Communications Security, p.111-124.
[13]Qu KG, An W, Wu LJ, et al., 2015. A novel masking scheme for SM3 based MAC. China Commun, 12(6):12-21.
[14]SCA, 2010. SM3 Cryptographic Hash Algorithm. State Cryptography Administration of China (in Chinese).
[15]Sun W, Liu JR, Gu DW, et al., 2015. Research on power analysis against software-based and hardware-based cryptographic circuits. Int Conf on Computer Science and Communication Engineering, p.1-8.
[16]Tunstall M, Hanley N, McEvoy RP, et al., 2007. Correlation power analysis of large word sizes. IET Irish Signals and Systems Conf, p.13-14.
[17]Wang XY, Yang XW, 2012. Optimization design and implementation of SM3 algorithm based on FPGA. Comput Eng, 38(6):244-246 (in Chinese).
Open peer comments: Debate/Discuss/Question/Opinion
<1>