针对BLS短签名的故障攻击

doi:10.3969/j.issn.1000-3428.2014.08.021

计算机工程

针对BLS短签名的故障攻击

包斯刚^1,2,顾海华^1,2

(1.上海交通大学计算机科学与工程系,上海 200240;2.上海华虹集成电路有限责任公司,上海 201203)

收稿日期:2013-07-11 出版日期:2014-08-15 发布日期:2014-08-15
作者简介:包斯刚(1977－)，男，硕士研究生，主研方向：密码学，芯片安全；顾海华，高级工程师、博士后。
基金资助:
国家自然科学基金资助项目(61202372)；2011年上海市科委科研计划基金资助项目“芯片安全防护技术研究及卡SoC芯片开发”(11511504600)。

Fault Attack on BLS Short Signature

BAO Si-gang^1,2,GU Hai-hua^1,2

(1.Department of Computer Science and Engineering,Shanghai Jiaotong University,Shanghai 200240,China; 2.Shanghai Huahong Integrated Circuit Co.〖KG-*3〗,Ltd.〖KG-*3〗,Shanghai 201203,China)

Received:2013-07-11 Online:2014-08-15 Published:2014-08-15

摘要/Abstract

摘要： BLS短签名是基于双线性对构造的数字签名方案,与传统ECDSA签名方案相比具有签名长度短的优势。目前,椭圆曲线密码的故障攻击已经得到深入研究,而基于双线性对构造的密码故障攻击研究则较少。针对BLS短签名的安全问题,从故障攻击的角度进行分析,通过将现有的适用于二元扩域椭圆曲线的无效曲线故障攻击方法推广到三元扩域,从而对BLS短签名方案实施攻击。仿真实验结果表明,在具备单比特故障注入的条件下,该方法只需导入1次单比特的故障即可以较大的概率破解BLS短签名的密钥。

关键词: 故障攻击, 双线性对, BLS短签名, 旁路攻击, 椭圆曲线, 无效曲线攻击

Abstract: BLS short signature is a digital signature scheme based on bilinear pairings,compared with the traditional ECDSA signature,BLS scheme has the advantage of its short signature length.Recently,a lot of researches are made in the field of fault attack on elliptic curve cryptography.However,fault attack on the bilinear pairings-based cryptography is rarely researched.This paper studies the security of BLS short signature scheme through analyzing in fault attack scenario.The main idea is to create the invalid curve attack method suitable for GF(3l) by applying the current invalid curve attack method suitable for GF(2m).This attack method can be used to attack the BLS short signature scheme.Simulation experimental result shows that the key of the BLS short signature can be broken with high probability by this method and only one time with single bit fault injection is required.

Key words: fault attack, bilinear pairings, BLS short signature, side channel attack, elliptic curve;invalid curve attack

中图分类号:

TP309.7

包斯刚,顾海华. 针对BLS短签名的故障攻击[J]. 计算机工程.

BAO Si-gang,GU Hai-hua. Fault Attack on BLS Short Signature[J]. Computer Engineering.

https://www.ecice06.com/CN/Y2014/V40/I8/112

参考文献

［1］ Kocher P.Timing Attacks on Implementations of Diffie-Hellman,RSA,DSS,and Other Systems［C］//Proc.of the 16th Annual International Cryptology Conference on Advances in Cryptology.London,UK:Springer-Verlag,1996:104-113.  ［2］ Kocher P,Jaffe J,Jun B.Differential Power Analysis［C］//Proc.of the 19th Annual International Cryptology Conference on Advances in Cryptology.London,UK:Springer-Verlag,1999:388-397.  ［3］ Oswald E.Enhancing Simple Power-analysis Attacks on Elliptic Curve Cryptosystems［C］//Proc.of the 4th International Workshop Cryptographic Hardware and Embedded Systems.Redwood Shores,USA:［s.n.］,2002:82-97.  ［4］ Gandolfi K,Mourtel C,Olivier F.Electromagnetic Analysis:Concrete Results［C］//Proc.of the 3rd International Workshop on Cryptographic Hardware and Embedded Systems.Paris,France:ACM Press,2001:251-261.〖HJ0.8mm〗  ［5］ Chari S,Rao J R,Rohatgi P.TemplateAttacks［C］//Proc.of the 4th International Workshop on Cryptographic Hardware and Embedded Systems.San Francisco,USA:ACM Press,2002:13-28.  ［6］ Biehl I,Meyer B,Müller V.Differential Fault Attacks on Elliptic Curve Cryptosystems［C］//Proc.of the 20th Annual International Cryptology Conference on Advances in Cryptology.London,UK:Springer-Verlag,2000:131-146.  ［7］ Ciet M,Joye M.Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults［J］.Designs,Codes and Cryptography,2005,36(1):33-43.  ［8］ Dominguez-Oviedo A,Hasan M A,Ansari B.Fault-based Attack on Montgomery’s Ladder Algorithm［J］.Journal of Cryptology,2011,24(2):346-374.  ［9］ Cohen H,Frey G,Avanzi R,et al.Handbook of Elliptic and Hyper Elliptic Curve Cryptography［M］.［S.l.］:Chapman and Hall,2005.  ［10］ Boneh D,Lynn B,Shacham H.Short Signatures from the Weil Pairing［C］//Proc.of the 7th International Conference on the Theory and Application of Cryptology and Information Security.London,UK:Springer-Verlag,2001:514-532.  ［11］ Hankerson D,Menezes A J,Vanstone S.Guide to Elliptic Curve Cryptography［M］.New York,USA:Springer-Verlag,2004.  ［12］ Jeong E.Isomorphism Classes of Elliptic Curves Over Finite Fields with Characteristic 3［J］.Journal of the Chungcheong Mathematical Society,2009,22(3):207-213.  ［13］ Antipa A,Brown D,Menezes A,et al.Validation of Elliptic Curve Public Keys［C］//Proc.of PKC’03.Berlin,Germany:Springer-Verlag,2003:211-223. 编辑陆燕菲

[1]	陈億, 杨萱, 曾涵, 李伟. 一种高速可伸缩的双域Montgomery模乘器架构[J]. 计算机工程, 2023, 49(8): 283-290.
[2]	李斌, 吴坡, 王丹, 安浩杨, 何德彪. 一种适用于电力终端设备的无证书在线/离线签密方案[J]. 计算机工程, 2023, 49(12): 146-151, 160.
[3]	张超, 彭长根, 丁红发, 许德权. 基于国密SM9的可搜索加密方案[J]. 计算机工程, 2022, 48(7): 159-167.
[4]	刘新, 胡翔瑜, 徐刚, 陈秀波. 区块链数据保密查询的不经意传输协议[J]. 计算机工程, 2022, 48(10): 13-20.
[5]	尤文珠, 葛海波. 利用多基数系统的高效椭圆曲线多标量乘算法[J]. 计算机工程, 2021, 47(2): 182-187.
[6]	刘期烈, 陈澄. 基于区块链的V2G匿名身份认证方案[J]. 计算机工程, 2021, 47(11): 22-28.
[7]	邓志辉, 王少辉, 王平. 基于合数阶双线性对的可搜索加密方案分析与改进[J]. 计算机工程, 2020, 46(9): 123-128,135.
[8]	宋安, 王琴, 谷大武, 郭筝, 刘军荣, 张驰. 基于FPGA的时钟同步功耗信息采集方法[J]. 计算机工程, 2020, 46(6): 115-121.
[9]	吴昆, 魏国珩. 基于ECC的无证书WSN广播信息认证方案[J]. 计算机工程, 2020, 46(12): 157-162,200.
[10]	朱文锋, 王琴, 郭筝, 刘军荣. 针对分组密码的攻击方法研究[J]. 计算机工程, 2020, 46(1): 102-107,113.
[11]	孙海燕, 李玲玲, 张玲, 张建伟, 黄万伟. 一种增强的移动互联网身份基认证密钥协商协议[J]. 计算机工程, 2019, 45(9): 153-160,182.
[12]	谷建光. 抗能量分析攻击的门限窗口NAF标量乘算法[J]. 计算机工程, 2019, 45(8): 296-299,308.
[13]	黄长阳, 王韬, 王晓晗, 陈庆超, 尹世庄. 基于优化故障定位的SIMECK密码代数故障攻击[J]. 计算机工程, 2019, 45(8): 7-13,21.
[14]	甘植旺,廖方圆. 国密SM9中R-ate双线性对快速计算[J]. 计算机工程, 2019, 45(6): 171-174.
[15]	左黎明,周庆,陈兰兰. 一种可证安全高效无证书短签名方案[J]. 计算机工程, 2019, 45(6): 193-198.

选择文件类型/文献管理软件名称

选择包含的内容

针对BLS短签名的故障攻击

Fault Attack on BLS Short Signature

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

针对BLS短签名的故障攻击

Fault Attack on BLS Short Signature

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价