Journal of Computer Applications ›› 2016, Vol. 36 ›› Issue (12): 3328-3332.DOI: 10.11772/j.issn.1001-9081.2016.12.3328

Improved differential fault attack on scalar multiplication algorithm in elliptic curve cryptosystem

XU Shengwei1,2, CHEN Cheng1,2, WANG Rongrong1,2   

  1. 1. Beijing Electronic Science & Technology Institute, Beijing 100070, China;
    2. School of Telecommunications Engineering, Xidian University, Xi'an Shaanxi 710071, China
  • Received:2016-05-11 Revised:2016-06-23 Online:2016-12-10 Published:2016-12-08


许盛伟1,2, 陈诚1,2, 王荣荣1,2   

  1. 1. 北京电子科技学院, 北京 100070;
    2. 西安电子科技大学 通信工程学院, 西安 710071
  • 通讯作者: 陈诚
  • 作者简介:许盛伟(1976-),男,江西吉安人,副教授,博士,主要研究方向:保密通信、信息安全、公钥密码应用;陈诚(1990-),女,湖北随州人,硕士研究生,主要研究方向:保密通信、信息安全、商用密码算法、商用密码应用;王荣荣(1991-),女,山东临沂人,硕士研究生,主要研究方向:保密通信、信息安全、公钥密码应用。

Abstract: Concerning the failure problem of fault attack on elliptic curve scalar multiplication algorithm, an improved algorithm of differential fault attack was proposed. The nonzero assumption was eliminated, and an authentication mechanism was imported against the failure threat of "fault detection". Using the elliptic curve provided by SM2 algorithm, the binary scalar multiplication algorithm, binary Non-Adjacent Form (NAF) scalar multiplication algorithm and Montgomery scalar multiplication algorithm were successfully attacked with software simulation. The 256-bit private key was restored in three hours. The attacking process of binary NAF scalar multiplication algorithm was optimized, so the attack time was reduced to one fifth of the original one. The experimental results show that the proposed algorithm can improve the effectiveness of the attack.

Key words: Elliptic Curve Cryptosystem (ECC), scalar multiplication algorithm, differential fault attack, zero block failure, fault detection

摘要: 针对故障攻击椭圆曲线点乘算法失效问题,提出一种改进的差分故障攻击算法。该算法消除了非零块的假设,并引入验证机制抵抗了“故障检测”失效威胁。以SM2算法提供的椭圆曲线为例,通过软件仿真成功攻击了二进制点乘算法、二进制非相邻型(NAF)点乘算法和蒙哥马利点乘算法,3小时内恢复出了256比特私钥。针对二进制NAF点乘算法攻击过程进行了优化,将攻击时间缩短至原来的五分之一。实验结果表明,所提算法能够提高攻击的有效性。

关键词: 椭圆曲线密码系统, 点乘算法, 差分故障攻击, 零块失效, 故障检测

