Similar articles

Abstract: Hash-based message authentication code (HMAC) is widely used in authentication and message integrity. As a Chinese hash algorithm, the SM3 algorithm is gradually winning domestic market value in China. The side channel security of HMAC based on SM3 (HMAC-SM3) is still to be evaluated, especially in hardware implementation, where only intermediate values stored in registers have apparent Hamming distance leakage. In addition, the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis. In this paper, a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation. Real attack experiments on a field programmable gate array (FPGA) board have been performed. Experimental results show that we can recover the key from the hypothesis space of 2²⁵⁶ based on the proposed procedure.

针对一种基于SM3算法的消息验证码的相关能量攻击

[1]Belaïd S, Bettale L, Dottax E, et al., 2015. Differential power analysis of HMAC SHA-1 and HMAC SHA-2 in the Hamming weight model. In: Obaidat MS, Holzinger A, Filipe J (Eds.), E-Business and Telecommunications. Springer, Cham, p.363-379.

[2]Bellare M, Canetti R, Krawczyk H, 1996. Keying hash functions for message authentication. Int Cryptology Conf on Advances in Cryptology, p.1-15.

[3]Brier E, Clavier C, Olivier F, 2004. Correlation power analysis with a leakage model. In: Joye M, Quisquater JJ (Eds.), Cryptographic Hardware and Embedded Systems. Springer Berlin Heidelberg, p.16-29.

[4]Ding DW, Gao XW, 2012. Design and implementation of SM3 algorithm on FPGA. Microcomp Appl, 31(5):26-28 (in Chinese).

[5]FIPS, 2002. The Keyed-Hash Message Authentication Code (HMAC). Federal Information Processing Standards Publication, Gaithersburg, MD, USA.

[6]Guo LM, Wang LH, Liu D, et al., 2015. A chosen-plaintext differential power analysis attack on HMAC-SM3. 11^th Int Conf on Computational Intelligence and Security, p.350-353.

[7]Kocher P, Jaffe J, Jun B, 1999. Differential power analysis. In: Wiener M (Ed.), Advances in Cryptology. Springer Berlin Heidelberg, p.388-397.

[8]Liu ZB, Ma Y, Jing JW, et al., 2011. Implementation of SM3 HASH function on FPGA. Netinfo Secur, 9:191-193, 218 (in Chinese).

[9]Ma Y, Xia LN, Lin JQ, et al., 2012. {Hardware performance optimization and evaluation of SM3 hash algorithm on FPGA}. 14^th Int Cryptology Conf on Information and Communications Security, p.105-118.

[10]McEvoy R, Tunstall M, Murphy CC, et al., 2007. {Differential power analysis of HMAC based on SHA-2, and countermeasures}. 8^th Int Conf on Information Security Applications, p.317-332.

[11]Menezes A, van Oorschot PC, Vanstone S, 1996. Hash functions and data integrity. In: Handbook of Applied Cryptography. CRC Press, Boca Raton, USA, p.321-376.

[12]Moradi A, Barenghi A, Kasper T, et al., 2011. {On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs}. Proc 18^th ACM Conf on Computer and Communications Security, p.111-124.

[13]Qu KG, An W, Wu LJ, et al., 2015. A novel masking scheme for SM3 based MAC. China Commun, 12(6):12-21.

[14]SCA, 2010. SM3 Cryptographic Hash Algorithm. State Cryptography Administration of China (in Chinese).

[15]Sun W, Liu JR, Gu DW, et al., 2015. Research on power analysis against software-based and hardware-based cryptographic circuits. Int Conf on Computer Science and Communication Engineering, p.1-8.

[16]Tunstall M, Hanley N, McEvoy RP, et al., 2007. Correlation power analysis of large word sizes. IET Irish Signals and Systems Conf, p.13-14.

[17]Wang XY, Yang XW, 2012. Optimization design and implementation of SM3 algorithm based on FPGA. Comput Eng, 38(6):244-246 (in Chinese).