| 摘要: |
| 量子计算高速发展,尤其是舒尔算法的提出和大规模量子计算机的加速研制,离散对数求解和大整数分解问题或在未来二十年左右被求解。这意味着现行大多数公钥密码体系到时将不再安全,如RSA、ECC等。后量子密码算法设计和安全性研究成为全世界需共同面对的重大课题。众多科研人员投入到抗量子计算的公钥密码算法研制,一些国家和国际组织开始推动相应标准化工作。基于多样数学困难问题建立的后量子密码系统通过数学理论保证其理论安全,但算法的理论安全无法保障其实现安全,后量子密码在具体实现和应用中易受到侧信道攻击,这严重威胁到后量子密码的实现安全。目前,抗量子计算的密码体制主要基于格、哈希、编码、多变量和同源。其中,格密码体制因运行效率高,并发性强,成为备受关注的后量子密码。本文从FO转换、纠错码、多项式乘法和错误采样等格密码组件的攻击点和攻击方法,总结了基于 LWE 问题的格密码算法在实现密钥封装时所面临的侧信道安全风险;更进一步,我们详细总结了针对现有攻击点和攻击方法的防护策略;最后,提出了潜在的分析与防御方案,这为安全基于格的后量子密码算法设计、分析和评估提供依据。 |
| 关键词: 量子威胁 后量子密码算法 格密码 密钥封装算法 侧信道安全 组件安全 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2025.04.05 |
| 投稿时间:2023-05-25修订日期:2023-09-28 |
| 基金项目:国家重点研发计划(No.2022YFB3103800) |
|
| A Survey of Implementation Security of LWE-based Key-establishment Algorithms |
|
dujianfeng, wangzhu
|
| (INSTITUTE OF INFORMATION ENGINEERING, CAS) |
| Abstract: |
| With the rapid development of quantum computing, especially shor"s algorithm and large-scale quantum computers, discrete logarithm problem and large integer factorization problem are thought to be resolved in about 20 years, which are computationally infeasible by traditional computers. It means that many public-key cryptosystems widely used now, including RSA and elliptic curve cryptosystems, would be no longer secure by then. As a result, algorithm design and security research of post-quantum cryptography have become a new and quite urgent problem that the world needs to face together. Many researchers have begun to work on public key cryptography algorithms resistant to quantum computing, and many countries and international organizations have carried out corresponding standardization work. As we all know, mathematical theory based on a variety of difficult mathematical problems ensure the theoretical security of post-quantum cryptographic algorithms. However, theoretical security of cryptographic algorithms does not guarantee the implementation security. Actually, post-quantum cryptographic algorithms are vulnerable to side-channel attacks in specific implementation and application scenarios, which seriously threatens the implementation security. Now, there are several post-quantum cryptographic algorithms have been proposed, including lattice-based cryptosystems, hash-based cryptosystems, code-based cryptosystems, multivariate cryptosystems and isogeny-based cryptosystems. Among them, lattice-based cryptosystems have become the most concerned post-quantum cryptosystem due to its great efficiency and concurrency. In this paper, we systematically investigate the attack points and attack methods of lattice-based cryptographic components, including Fujisaki-Okamoto transformation, error correcting codes, polynomial multiplication and error sampling, to analyze the side-channel security risks when implementing LWE-based key encapsulation schemes.Furthermore, we summarize the protection strategies against the existing attack points and attack methods in detail. Finally, according to the existing attack points, attack methods and protection strategies, the potential analysis methods and defense schemes have been discussed. This work provides a basis for the design, analysis and evaluation of secure lattice-based post-quantum cryptography algorithms. |
| Key words: quantum threat post-quantum cryptography lattice-based cryptosystems key-establishment mechanism side-channel security components security |
