[go: up one dir, main page]

CN112364392B - A method to prove the security of high-order power consumption side channels of programs based on graph isomorphism - Google Patents

A method to prove the security of high-order power consumption side channels of programs based on graph isomorphism Download PDF

Info

Publication number
CN112364392B
CN112364392B CN202010913876.0A CN202010913876A CN112364392B CN 112364392 B CN112364392 B CN 112364392B CN 202010913876 A CN202010913876 A CN 202010913876A CN 112364392 B CN112364392 B CN 112364392B
Authority
CN
China
Prior art keywords
variable
graph
observable
abstract syntax
directed acyclic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010913876.0A
Other languages
Chinese (zh)
Other versions
CN112364392A (en
Inventor
宋富
高鹏飞
谢弘毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ShanghaiTech University
Original Assignee
ShanghaiTech University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ShanghaiTech University filed Critical ShanghaiTech University
Priority to CN202010913876.0A priority Critical patent/CN112364392B/en
Publication of CN112364392A publication Critical patent/CN112364392A/en
Application granted granted Critical
Publication of CN112364392B publication Critical patent/CN112364392B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • G06F21/755Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Stored Programmes (AREA)

Abstract

The application relates to a proving method of program high-order power consumption side channel safety based on graph isomorphism. The method provided by the application judges whether the joint probability distribution of two variable sets is the same or not through isomorphism of the variable type sensitive graph. In the method provided by the application, the following steps are adopted: converting the computing expression of the variable into forms such as abstract syntax tree or directed acyclic graph; when the expression is simplified, in order to ensure that the verification result is not influenced, an equivalent rule in algebra is adopted; for constants in the expression, when the constants are reduced by a method of replacing the sub-expressions, the joint probability distribution of the observable variable set is ensured to be unchanged. Through a plurality of experiments, the method provided by the application can effectively reduce the number of times of model counting and solving, thereby improving the verification efficiency.

Description

一种基于图同构的程序高阶功耗侧信道安全性的证明方法A method to prove the security of high-order power consumption side channels of programs based on graph isomorphism

技术领域Technical field

本发明涉及一种基于图同构的程序高阶功耗侧信道安全性的证明方法,可应用于随机掩码高阶功耗侧信道安全的验证。The invention relates to a method for proving the security of a program's high-order power consumption side channel based on graph isomorphism, which can be applied to the verification of the security of a random mask's high-order power consumption side channel.

背景技术Background technique

随着信息技术的发展,密码算法被广泛应用于保护隐私数据的传输和处理。现代密码学是建立在计算复杂性基础之上的,因此通过暴力枚举的攻击很难破解密钥。但是,Kocher、Quisquater和Mangard等人提出的侧信道攻击可以利用系统运行时的时间、功耗、电磁辐射等物理信息快速破解密钥。With the development of information technology, cryptographic algorithms are widely used to protect the transmission and processing of private data. Modern cryptography is built on computational complexity, so keys are difficult to crack through brute force enumeration attacks. However, the side-channel attack proposed by Kocher, Quisquater, Mangard and others can quickly crack the key by using physical information such as time, power consumption, and electromagnetic radiation when the system is running.

随机掩码是一种有效防御功耗侧信道攻击的策略,因此受到了国内外科研院所和企业的研究和采用。随机掩码采用随机数掩码来避免物理信息与加密密钥之间统计依赖关系。采用n阶掩码的程序理论上应该能抵御n阶功耗侧信道攻击。然而,正确实现n阶掩码的密码算法是一项复杂又易错的工作,因此需要自动化的验证方法来证明程序高阶功耗侧信道安全性。Random masking is an effective strategy to defend against power-consuming side channel attacks, so it has been researched and adopted by domestic and foreign research institutes and enterprises. Random masking uses a random number mask to avoid statistical dependencies between physical information and encryption keys. Programs using n-order masks should theoretically be resistant to n-order power-consuming side-channel attacks. However, correctly implementing n-order mask cryptographic algorithms is a complex and error-prone task, so automated verification methods are needed to prove the high-order power side channel security of the program.

基于类型推导的证明方法和基于模型计数求解的证明方法相继提出,用于证明高阶功耗侧信道安全性。基于类型推导的证明方法高效,但是存在误报导致假阳性;基于模型计数求解的证明方法理论上不存在误报,但是由于计算代价高而无法高效地对完整程序进行验证。Proof methods based on type derivation and proof methods based on model counting solutions have been proposed to prove the security of high-order power consumption side channels. The proof method based on type derivation is efficient, but there are false positives resulting in false positives; the proof method based on model counting does not theoretically have false positives, but it cannot efficiently verify the complete program due to the high computational cost.

发明内容Contents of the invention

本发明的目的是:减少模型计数求解的次数,有效提高验证效率。The purpose of the present invention is to reduce the number of model counting and solving times and effectively improve the verification efficiency.

为了达到上述目的,本发明的技术方案是提供了一种基于图同构的程序高阶功耗侧信道安全性的证明方法,其特征在于,包括以下步骤:In order to achieve the above objectives, the technical solution of the present invention is to provide a method for proving the security of program high-order power consumption side channels based on graph isomorphism, which is characterized by including the following steps:

步骤1、输入程序及其变量类型,互不相交的集合T1和T2,其中:任何集合 T1中的可观察变量集合的联合统计分布独立于密钥,任何集合T2中的可观察变量集合的联合统计分布不独立于密钥;Step 1. Enter the program and its variable types, mutually disjoint sets T 1 and T 2 , where: the joint statistical distribution of the set of observable variables in any set T 1 is independent of the key, and the joint statistical distribution of the set of observable variables in any set T 2 The joint statistical distribution of a set of variables is not independent of the key;

步骤2、构造输入程序的中间表示形式,中间表示形式为抽象语法树或有向无环图;Step 2. Construct an intermediate representation of the input program, which is an abstract syntax tree or directed acyclic graph;

对于任意一个含有d个可观察变量的集合t,中间表示形式为t个抽象语法树或有向无环图;一个抽象语法树或有向无环图对应一个计算表达式,抽象语法树或有向无环图的中间节点对应计算表达式的运算符,叶子节点对应计算表达式的输入变量;For any set t containing d observable variables, the intermediate representation is t abstract syntax trees or directed acyclic graphs; an abstract syntax tree or directed acyclic graph corresponds to a calculation expression, and the abstract syntax tree or directed acyclic graph corresponds to a calculation expression. The middle nodes of the directional acyclic graph correspond to the operators of the calculation expression, and the leaf nodes correspond to the input variables of the calculation expression;

步骤3、对于任意一个含有d个可观察变量的集合t,检查对应的t个抽象语法树或有向无环图中是否含有常量,如果有常量,则进入步骤4对表达式进行化简和变换;如果没有常量,则进入步骤6进行变量类型敏感的图同构检查;Step 3. For any set t containing d observable variables, check whether the corresponding t abstract syntax trees or directed acyclic graphs contain constants. If there are constants, proceed to step 4 to simplify and sum the expression. Transform; if there is no constant, go to step 6 for variable type-sensitive graph isomorphism checking;

步骤4、对t个抽象语法树或有向无环图中的子表达式等价变换,使得每一个常量c的出现形式变为x☉c,其中,x为变量,☉表示加、减、异或中的任意一个运算符,x在t个抽象语法树或有向无环图出现形式只能为x☉c,或x☉c1且c1表示与c不同的其他常量;Step 4. Equivalently transform the subexpressions in t abstract syntax trees or directed acyclic graphs so that the appearance form of each constant c becomes x☉c, where x is a variable and ☉ represents addition, subtraction, For any operator in XOR, the appearance form of x in t abstract syntax trees or directed acyclic graphs can only be x☉c, or x☉c 1 and c 1 represents other constants different from c;

步骤5、对t个抽象语法树或有向无环图中所有形式为x☉c的子表达,迭代执行以下步骤5.1及5.2减少常量:Step 5. For all sub-expressions of the form x☉c in t abstract syntax trees or directed acyclic graphs, iteratively perform the following steps 5.1 and 5.2 to reduce the constants:

步骤5.1、将所有子表达式x☉c替换为x;Step 5.1. Replace all subexpressions x☉c with x;

步骤5.2、将所有子表达式x☉c1替换为x☉c2,其中如果☉是异或运算符,则/>表示异或运算符;如果☉是加或减运算符,则/>表示减运算符。Step 5.2, replace all sub-expressions x☉c 1 with x☉c 2 , where If ☉ is the XOR operator, then // Represents the exclusive OR operator; if ☉ is an addition or subtraction operator, then /> Represents the subtraction operator.

步骤6、在集合T1和集合T2中查找是否存在一个可观察变量集合t1,使得集合t和可观察变量集合t1是变量类型敏感的图同构,即同时满足以下两个条件:Step 6. Find whether there is an observable variable set t 1 in the set T 1 and the set T 2 , so that the set t and the observable variable set t 1 are variable type-sensitive graph isomorphisms, that is, the following two conditions are met at the same time:

条件一)可观察变量集合t1和集合t大小相同;Condition 1) The observable variable set t 1 and the set t have the same size;

条件二)可观察变量集合t1和集合t之间存在一个一一对应关系h:t1→t,使得任意一对变量(x,h(x))的抽象语法树或有向无环图是图同构的,并且图同构中对应变量的类型相同,h(x)为对应关系函数;Condition 2) There is a one-to-one correspondence h:t1→t between the set of observable variables t 1 and the set t, so that the abstract syntax tree or directed acyclic graph of any pair of variables (x, h(x)) is The graph isomorphism, and the corresponding variables in the graph isomorphism have the same type, h(x) is the corresponding relationship function;

步骤7、如果在集合T1中找到了一个步骤6所述的可观察变量集合t1,则证明集合t的联合统计分布独立于密钥;如果在集合T2中找到了一个步骤6所述的可观察变量集合t1,则证明集合t的联合统计分布不独立于密钥;如果集合T1和集合T2中都不存在步骤6所述的可观察变量集合t1,则无法判定集合t的联合统计分布是否独立于密钥。Step 7. If an observable variable set t 1 described in step 6 is found in the set T 1 , prove that the joint statistical distribution of the set t is independent of the key; if an observable variable set t 1 described in step 6 is found in the set T 2 The set of observable variables t 1 , then it is proved that the joint statistical distribution of the set t is not independent of the key; if the set of observable variables t 1 described in step 6 does not exist in the set T 1 and the set T 2 , the set cannot be determined Whether the joint statistical distribution of t is independent of the key.

优选地,步骤1中,所述变量类型包括密钥变量、明文变量和随机变量。Preferably, in step 1, the variable types include key variables, plaintext variables and random variables.

优选地,步骤2中,通过编译技术的词法分析器和语法分析器构造输入程序的中间表示形式。Preferably, in step 2, an intermediate representation of the input program is constructed through a lexical analyzer and a syntax analyzer of compilation technology.

优选地,步骤4中,根据代数中的等价规则对所述t个抽象语法树或有向无环图中的子表达式等价变换,等价规则比如结合律、交换律和分配律等。Preferably, in step 4, the subexpressions in the t abstract syntax trees or directed acyclic graphs are equivalently transformed according to the equivalence rules in algebra, such as associative law, commutative law, distributive law, etc. .

本发明提供的方法通过变量类型敏感的图同构判定两个变量集合的联合概率分布是否相同。在本发明提供的方法中:将变量的计算表达式转化为抽象语法树或有向无环图等形式;在对表达式化简时,为了保证不会影响验证的结果,采用代数中的等价规则;对于表达式中的常量,通过子表达式替换的方法减少常量时,保证可观察变量集合的联合概率分布不变。通过多个实验,本发明提出的方法可以有效减少模型计数求解的次数,从而提高了验证效率。The method provided by the present invention determines whether the joint probability distributions of two variable sets are the same through variable type-sensitive graph isomorphism. In the method provided by the present invention: the calculation expression of the variable is converted into an abstract syntax tree or a directed acyclic graph; when simplifying the expression, in order to ensure that it does not affect the verification result, the equation in algebra is used Valence rules; for constants in expressions, when reducing the constants through subexpression substitution, the joint probability distribution of the set of observable variables is guaranteed to remain unchanged. Through multiple experiments, the method proposed by the present invention can effectively reduce the number of model count solutions, thereby improving verification efficiency.

附图说明Description of drawings

图1为本发明的具体步骤;Figure 1 shows the specific steps of the present invention;

图2为示例的抽象语法树,其中叶子节点为变量和常量,中间节点为运算符;Figure 2 is an example abstract syntax tree, in which the leaf nodes are variables and constants, and the intermediate nodes are operators;

图3为示例中变量y和z的计算表达式经过表达式化简后的抽象语法树;Figure 3 shows the abstract syntax tree after expression reduction of the calculation expressions of variables y and z in the example;

图4为示例中变量y和z的计算表达式经过步骤5后的抽象语法树。Figure 4 shows the abstract syntax tree after step 5 of the calculation expressions of variables y and z in the example.

具体实施方式Detailed ways

下面结合具体实施例,进一步阐述本发明。应理解,这些实施例仅用于说明本发明而不用于限制本发明的范围。此外应理解,在阅读了本发明讲授的内容之后,本领域技术人员可以对本发明作各种改动或修改,这些等价形式同样落于本申请所附权利要求书所限定的范围。The present invention will be further described below in conjunction with specific embodiments. It should be understood that these examples are only used to illustrate the invention and are not intended to limit the scope of the invention. In addition, it should be understood that after reading the teachings of the present invention, those skilled in the art can make various changes or modifications to the present invention, and these equivalent forms also fall within the scope defined by the appended claims of this application.

本发明提供的一种基于图同构的程序高阶功耗侧信道安全性的证明方法包括以下步骤:The present invention provides a method for proving the security of program high-order power consumption side channels based on graph isomorphism, which includes the following steps:

步骤1、输入程序及其变量类型,变量类型包括三种:密钥变量、明文变量和随机变量,互不相交的集合T1和T2,其中:任何集合T1中的可观察变量集合的联合统计分布独立于密钥,任何集合T2中的可观察变量集合的联合统计分布不独立于密钥;Step 1. Enter the program and its variable types. The variable types include three types: key variables, plaintext variables and random variables. Disjoint sets T 1 and T 2 , where: the set of observable variables in any set T 1 The joint statistical distribution is independent of the key, and the joint statistical distribution of any set of observable variables in T 2 is not independent of the key;

步骤2、通过编译技术的词法分析器和语法分析器构造输入程序的中间表示形式,中间表示形式为抽象语法树或有向无环图;Step 2. Construct an intermediate representation of the input program through the lexical analyzer and syntax analyzer of compilation technology. The intermediate representation is an abstract syntax tree or a directed acyclic graph;

对于任意一个含有d个可观察变量的集合t,中间表示形式为t个抽象语法树或有向无环图;一个抽象语法树或有向无环图对应一个计算表达式,抽象语法树或有向无环图的中间节点对应计算表达式的运算符,叶子节点对应计算表达式的输入变量;For any set t containing d observable variables, the intermediate representation is t abstract syntax trees or directed acyclic graphs; an abstract syntax tree or directed acyclic graph corresponds to a calculation expression, and the abstract syntax tree or directed acyclic graph corresponds to a calculation expression. The middle nodes of the directional acyclic graph correspond to the operators of the calculation expression, and the leaf nodes correspond to the input variables of the calculation expression;

步骤3、对于任意一个含有d个可观察变量的集合t,检查对应的t个抽象语法树或有向无环图中是否含有常量,如果有常量,则进入步骤4对表达式进行化简和变换;如果没有常量,则进入步骤6进行变量类型敏感的图同构检查;Step 3. For any set t containing d observable variables, check whether the corresponding t abstract syntax trees or directed acyclic graphs contain constants. If there are constants, proceed to step 4 to simplify and sum the expression. Transform; if there is no constant, go to step 6 for variable type-sensitive graph isomorphism checking;

步骤4、根据代数中的等价规则对t个抽象语法树或有向无环图中的子表达式等价变换,使得每一个常量c的出现形式变为x☉c,其中,x为变量,☉表示加、减、异或中的任意一个运算符,x在t个抽象语法树或有向无环图出现形式只能为x☉c,或x☉c1且c1表示与c不同的其他常量。Step 4. According to the equivalence rules in algebra, equivalently transform the subexpressions in t abstract syntax trees or directed acyclic graphs, so that the appearance form of each constant c becomes x☉c, where x is a variable , ☉ represents any operator among addition, subtraction, and XOR. The appearance form of x in t abstract syntax trees or directed acyclic graphs can only be x☉c, or x☉c 1 and c 1 means different from c. other constants.

步骤5、对t个抽象语法树或有向无环图中所有形式为x☉c的子表达,迭代执行以下步骤5.1及5.2减少常量:Step 5. For all sub-expressions of the form x☉c in t abstract syntax trees or directed acyclic graphs, iteratively perform the following steps 5.1 and 5.2 to reduce the constants:

步骤5.1、将所有子表达式x☉c替换为x;Step 5.1. Replace all subexpressions x☉c with x;

步骤5.2、将所有子表达式x☉c1替换为x☉c2,其中如果☉是异或运算符,则/>表示异或运算符;如果☉是加或减运算符,则/>表示减运算符。Step 5.2, replace all sub-expressions x☉c 1 with x☉c 2 , where If ☉ is the XOR operator, then // Represents the exclusive OR operator; if ☉ is an addition or subtraction operator, then /> Represents the subtraction operator.

步骤6、在集合T1和集合T2中查找是否存在一个可观察变量集合t1,使得集合t和可观察变量集合t1是变量类型敏感的图同构,即同时满足以下两个条件:Step 6. Find whether there is an observable variable set t 1 in the set T 1 and the set T 2 , so that the set t and the observable variable set t 1 are variable type-sensitive graph isomorphisms, that is, the following two conditions are met at the same time:

条件一)可观察变量集合t1和集合t大小相同;Condition 1) The observable variable set t 1 and the set t have the same size;

条件二)可观察变量集合t1和集合t之间存在一个一一对应关系h:t1→t,使得任意一对变量(x,h(x))的抽象语法树或有向无环图是图同构的,并且图同构中对应变量的类型相同,h(x)为对应关系函数;Condition 2) There is a one-to-one correspondence h:t1→t between the set of observable variables t 1 and the set t, so that the abstract syntax tree or directed acyclic graph of any pair of variables (x, h(x)) is The graph isomorphism, and the corresponding variables in the graph isomorphism have the same type, h(x) is the corresponding relationship function;

步骤7、如果在集合T1中找到了一个步骤6所述的可观察变量集合t1,则证明集合t的联合统计分布独立于密钥;如果在集合T2中找到了一个步骤6所述的可观察变量集合t1,则证明集合t的联合统计分布不独立于密钥;如果集合T1和集合T2中都不存在步骤6所述的可观察变量集合t1,则无法判定集合t的联合统计分布是否独立于密钥。Step 7. If an observable variable set t 1 described in step 6 is found in the set T 1 , prove that the joint statistical distribution of the set t is independent of the key; if an observable variable set t 1 described in step 6 is found in the set T 2 The set of observable variables t 1 , then it is proved that the joint statistical distribution of the set t is not independent of the key; if the set of observable variables t 1 described in step 6 does not exist in the set T 1 and the set T 2 , the set cannot be determined Whether the joint statistical distribution of t is independent of the key.

根据本发明的技术方案,实施重点是在对表达式进行化简和减少常量时必须保证不会影响验证的结果,基于图同构的方法的结果不能引起误报。对本发明作进一步的详细说明,具体实施技术方案如图1所示。According to the technical solution of the present invention, the key point of implementation is to ensure that the results of verification are not affected when simplifying expressions and reducing constants, and the results of the method based on graph isomorphism cannot cause false positives. The present invention is further described in detail, and the specific implementation technical scheme is shown in Figure 1.

以可观察变量集合t={x,y,z}和t1={x,y1,z1}为例,其中x、y、z、y1和z1的计算表达式如下:Taking the observable variable set t = {x, y, z} and t 1 = {x, y 1 , z 1 } as an example, the calculation expressions of x, y, z, y 1 and z 1 are as follows:

x的计算表达式为x;The calculation expression of x is x;

y的计算表达式为 The calculation expression of y is

z的计算表达式为 The calculation expression of z is

y1的计算表达式为 The calculation expression of y 1 is

z1的计算表达式为 The calculation expression of z 1 is

其中为异或运算符,k和k1为密钥变量,x、r和r1为随机变量。经过编译技术处理后(即步骤2),可观察变量x、y、z、y1和z1的抽象语法树如图2所示。in is the XOR operator, k and k 1 are key variables, x, r and r 1 are random variables. After compilation technology processing (i.e. step 2), the abstract syntax tree of the observable variables x, y, z, y 1 and z 1 is shown in Figure 2.

假设已知集合t1={x,y1,z1}的联合概率分布不依赖于密钥变量k1,即T1={t1}。It is assumed that the joint probability distribution of the known set t 1 ={x, y 1 , z 1 } does not depend on the key variable k 1 , that is, T 1 ={t 1 }.

表达式进行化简和减少常量时必须保证不会影响验证的结果When simplifying expressions and reducing constants, it must be ensured that the results of verification will not be affected.

在对表达式化简时,为了保证不会影响验证的结果,必须采用代数中的等价规则,比如结合律、交换律和分配律等;或者采用其他能够保证联合概率分布不变的替换规则。When simplifying expressions, in order to ensure that the results of the verification are not affected, equivalence rules in algebra must be used, such as associative laws, commutative laws, and distributive laws; or other replacement rules that can ensure that the joint probability distribution remains unchanged .

在上述示范中,步骤3发现集合t={x,y,z}中的计算表达式含有常量有1和2,经过表达式化简后(即步骤4):y的计算表达式为和z的计算表达式为/>其抽象语法树如图3所示。此处对表达式进行化简时通过结合律保证不会影响验证的结果。In the above demonstration, step 3 found that the calculation expression in the set t = {x, y, z} contains constants 1 and 2. After the expression is simplified (that is, step 4): the calculation expression of y is The calculation expression of and z is/> Its abstract syntax tree is shown in Figure 3. When simplifying the expression here, the associativity law is used to ensure that it will not affect the verification result.

在步骤5中,考虑子表达式将/>替换为k;随后将子表达式/>替换为其中/>即y的计算表达式变为/>和z的计算表达式变为/>此处对表达式的变化保证联合概率分布不变。In step 5, consider the subexpression Will/> Replace with k; then subexpression/> Replace with Among them/> That is, the calculation expression of y becomes/> The calculation expression of and z becomes/> Changes to the expression here ensure that the joint probability distribution remains unchanged.

基于图同构的方法的结果不会引起误报。The results of methods based on graph isomorphism do not cause false positives.

为了保证基于图同构的方法的结果不会引起误报,在满足图同构的同时,必须保证图同构中对应变量具有相同的类型。In order to ensure that the results of methods based on graph isomorphism will not cause false positives, while satisfying graph isomorphism, it must be ensured that the corresponding variables in the graph isomorphism have the same type.

在上述示范中,变量y和z的表达式在经过步骤5后的抽象语法树如图4所示。可以发现x、y、z的表达式抽象语法树与x、y1、z1的表达式抽象语法树一次是图同构的,且图同构中对应变量类型相同。因此可以判定集合t={x,y,z}联合概率分布不依赖于密钥变量k。此处的关键是k和k1在图同构是对应变量且都是密钥变量;类似的,r和r1在图同构是对应变量且类型相同且都是随机变量;其他在图同构是对应常量值必须相等。In the above demonstration, the abstract syntax tree of the expressions of variables y and z after step 5 is shown in Figure 4. It can be found that the expression abstract syntax tree of x, y, z and the expression abstract syntax tree of x, y 1 , z 1 are graph isomorphism, and the corresponding variable types in the graph isomorphism are the same. Therefore, it can be determined that the joint probability distribution of the set t = {x, y, z} does not depend on the key variable k. The key here is that k and k 1 are corresponding variables in the graph isomorphism and are both key variables; similarly, r and r 1 are corresponding variables in the graph isomorphism and have the same type and are both random variables; others are the same in the graph. The structure is that the corresponding constant values must be equal.

Claims (4)

1. The proving method of the program high-order power consumption side channel safety based on graph isomorphism is characterized by comprising the following steps:
step 1, inputting programs and variable types thereof, mutually disjoint sets T 1 And T 2 Wherein: any set T 1 The joint statistical distribution of the observable variable sets in (1) is independent of the key, any set T 2 The joint statistical distribution of the observable variable sets in (a) is not independent of the key;
step 2, constructing an intermediate representation form of the input program, wherein the intermediate representation form is an abstract syntax tree or a directed acyclic graph;
for any set t containing d observable variables, the intermediate representation is t abstract syntax trees or directed acyclic graphs; an abstract syntax tree or directed acyclic graph corresponds to a computational expression, intermediate nodes of the abstract syntax tree or directed acyclic graph correspond to operators of the computational expression, and leaf nodes correspond to input variables of the computational expression;
step 3, checking whether the corresponding t abstract syntax trees or directed acyclic graphs contain constants for any set t containing d observable variables, and if so, entering step 4 to simplify and transform the expression; if the constant is not present, the step 6 is entered to perform isomorphism check of the variable type sensitive graph;
step 4, equivalently transforming sub-expressions in t abstract syntax trees or directed acyclic graphs to change the appearance form of each constant c into x ☉ c, wherein x is a variable, ☉ represents any one operator of addition, subtraction and exclusive OR, and x can only be x ☉ c or x ☉ c in the t abstract syntax trees or directed acyclic graphs 1 And c 1 Representing other constants than c;
step 5, iteratively executing the following steps 5.1 and 5.2 to reduce constants for all the sub-expressions of x ☉ c in the t abstract syntax trees or the directed acyclic graph:
step 5.1, replacing all sub-expressions x ☉ c with x;
step 5.2, all sub-expressions x ☉ c 1 Replaced by x ☉ c 2 WhereinIf ☉ is an exclusive OR operator, then +.>Representing an exclusive or operator; if ☉ is the plus or minus operator, +.>Representing a minus operator;
step 6, in the set T 1 Sum set T 2 Find out whether there is an observable variable set t 1 Such that set t and observable variable set t 1 Is a graph isomorphism that is variable type sensitive, i.e., satisfies the following two conditions simultaneously:
condition one) Observable variable set t 1 The size of the set t is the same as that of the set t;
condition two) observable variable set t 1 A one-to-one correspondence h is formed between the set t and the set t, namely t1→t, so that an abstract syntax tree or a directed acyclic graph of any pair of variables (x, h (x)) is graph isomorphic, the types of corresponding variables in the graph isomorphic are the same, and h (x) is a corresponding relation function;
step 7, if in set T 1 Find a set t of observable variables as described in step 6 1 The joint statistical distribution of the attestation set t is independent of the key; if at set T 2 Find a set t of observable variables as described in step 6 1 The joint statistical distribution of the proof set t is not independent of the key; if set T 1 Sum set T 2 None of the set of observable variables t described in step 6 1 It cannot be determined whether the joint statistical distribution of the set t is independent of the key.
2. The method for proving the security of a program high-order power consumption side channel based on graph isomorphism according to claim 1, wherein in step 1, the variable types include a key variable, a plaintext variable and a random variable.
3. The method for proving the high-order power consumption side channel security of a program based on graph isomorphism according to claim 1, wherein in step 2, an intermediate representation of the input program is constructed by a lexical analyzer and a syntax analyzer of a compiling technique.
4. The method for proving the security of the program high-order power consumption side channel based on graph isomorphism as recited in claim 1, wherein in step 4, the sub-expressions in the t abstract syntax trees or directed acyclic graphs are equivalently transformed according to equivalence rules in algebra.
CN202010913876.0A 2020-09-03 2020-09-03 A method to prove the security of high-order power consumption side channels of programs based on graph isomorphism Active CN112364392B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010913876.0A CN112364392B (en) 2020-09-03 2020-09-03 A method to prove the security of high-order power consumption side channels of programs based on graph isomorphism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010913876.0A CN112364392B (en) 2020-09-03 2020-09-03 A method to prove the security of high-order power consumption side channels of programs based on graph isomorphism

Publications (2)

Publication Number Publication Date
CN112364392A CN112364392A (en) 2021-02-12
CN112364392B true CN112364392B (en) 2023-12-15

Family

ID=74516444

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010913876.0A Active CN112364392B (en) 2020-09-03 2020-09-03 A method to prove the security of high-order power consumption side channels of programs based on graph isomorphism

Country Status (1)

Country Link
CN (1) CN112364392B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647639A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 Method for symmetric cryptographic algorithm to resist side-channel analysis
CN108521325A (en) * 2018-03-27 2018-09-11 林喆昊 A kind of anti-side-channel attack algorithm suitable for system data Life cycle
CN108809622A (en) * 2018-06-15 2018-11-13 上海科技大学 A kind of anti-power consumption side-channel attack countermeasure verification method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7764785B2 (en) * 2004-11-08 2010-07-27 King Fahd University Of Petroleum And Minerals Method for communicating securely over an insecure communication channel

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647639A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 Method for symmetric cryptographic algorithm to resist side-channel analysis
CN108521325A (en) * 2018-03-27 2018-09-11 林喆昊 A kind of anti-side-channel attack algorithm suitable for system data Life cycle
CN108809622A (en) * 2018-06-15 2018-11-13 上海科技大学 A kind of anti-power consumption side-channel attack countermeasure verification method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Verifying and Quantifying Side-channel Resistance of Masked Software Implementations;Pengfei Gao, et al.;ACM DIGITAL LIBRARY;第28卷(第3期);全文 *
基于软件指令定位的新型高阶侧信道分析方法;郭志鹏;唐明;胡晓波;李煜光;彭国军;张焕国;;计算机学报(第05期);全文 *

Also Published As

Publication number Publication date
CN112364392A (en) 2021-02-12

Similar Documents

Publication Publication Date Title
TWI837103B (en) Computer-implemented method and system
Aranha et al. LadderLeak: Breaking ECDSA with less than one bit of nonce leakage
Bayrak et al. Sleuth: Automated verification of software power analysis countermeasures
Eldib et al. SMT-based verification of software countermeasures against side-channel attacks
Han et al. Calculation of siphons and minimal siphons in Petri nets based on semi-tensor product of matrices
Zhang et al. SCInfer: Refinement-based verification of software countermeasures against side-channel attacks
CN113010209A (en) Binary code similarity comparison technology for resisting compiling difference
Wang et al. Mitigating power side channels during compilation
Wong et al. Algebraic simplification of GP programs during evolution
CN113158194B (en) Vulnerability model construction method and detection method based on multi-relation graph network
Li et al. Robust decentralized learning using ADMM with unreliable agents
Geng et al. Towards reliable neural specifications
CN108809622B (en) Power consumption side channel attack resisting strategy verification method
Banerjee et al. Extending the FSMD framework for validating code motions of array-handling programs
CN112364392B (en) A method to prove the security of high-order power consumption side channels of programs based on graph isomorphism
Chen et al. Blockchain and trustworthy systems
Büscher et al. Compilation for secure multi-party computation
Guo et al. Reentrancy vulnerability detection based on graph convolutional networks and expert patterns under subspace mapping
Escobar et al. A rewriting-based forwards semantics for Maude-NPA
Larraia et al. How to Redact the Bitcoin Backbone Protocol
Crampton et al. Policy-based access control from numerical evidence
Kiraz et al. How to redact the bitcoin backbone protocol
Chen et al. An abstract domain to infer linear absolute value equalities
Li et al. Binary Program Vulnerability Mining Based on Neural Network.
US20250119293A1 (en) Apparatus and method for facilitating zero-knowledge proofs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant