相关能量分析中的后向检错方案

After more than 20 years of development, the side-channel analysis technology has become a hotspot in the field of cryptography with its powerful analysis capabilities and broad applications. The correlation power analysis is the most commonly used and effective analysis method in the field of side-channel analysis. This paper proposes a backward error detection method to overcome the deficiency of the correlation power analysis method that cannot confirm the position of the error bytes in a key guess. This method uses the linear relationship between the energy waveform at the output of MixColumn in the AES algorithm and the corresponding intermediate value. By computing this correlation coefficient, the threshold can be determined, and the wrong key byte in the MixColumn can be located. The proposed method can reduce the search space and judge the correctness of the current candidate subkey during the key enumeration process. This method identifies the wrong key position and constructs a key search scheme that can recover the four sets of sub-keys grouped by MixColumns using a divide-and-conquer strategy. Experiments show that even the accuracy rate of single-byte key guessing drops to 70% when the traditional correlation energy analysis method can hardly recover the key, the backward error detection method can still achieve a success rate higher than 60%. The number of required power traces is reduced by 30% while the same success rate can still be reached.