针对密码算法的执行时间可能存在遭受旁路攻击的问题,以 NTRU 公钥密码算法为分析对象,分析算法在计时攻击存在的安全漏洞,主要是算法实现过程中对于不同的输入调用哈希函数的次数不同导致的时间差异,提出针对一般 NT-RU 算法的计时攻击算法,以形式为 f=1+2F 的密钥为分析对象,提出相应的攻击算法和密钥验证算法。分析结果表明,该攻击算法能够获取密钥 F 的部分信息,给出两种抵御计时攻击的措施。%Aiming at the problem that the executing timing of the cryptogram can be attacked by the side channel,focusing on NTRU cryptosystems,the security vulnerability of NTRU in timing attack was analyzed,because the times required of a hash call were nontrivial for different inputs,a timing attack algorithm based on variable number of hash calls was proposed.Further-more,analyzing the key of f=1+2F,the corresponding timing attack algorithm and key validating algorithm were proposed. The analysis results show that this attack algorithm can get partial information of the key F,two countermeasures for this attack are advanced.
展开▼
