| 引用本文: |
-
索思亮,杜宇轩,李迪,黄剑聪,龚征.基于SM3消息认证码的可移植性深度学习侧信道分析[J].信息安全学报,已采用 [点击复制]
- Suo Siliang,Du Yuxuan,Di Li,Huang Jiancong,Gong Zheng.Portability of Deep Learning–Based Side-Channel Analysis of SM3 Message Authentication Codes[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 侧信道分析通过密码设备在运行过程中泄露的物理信息来实现密钥恢复,是评估密码算法安全性的重要指标。与传统分析方法相比,基于深度学习的建模类侧信道分析在攻击性能和自动特征提取能力方面展现出显著优势。然而,现有研究大多假设建模设备与目标设备在硬件平台和采集条件上高度一致,忽略了实际应用中普遍存在的设备差异与环境扰动,导致攻击模型在跨设备场景下面临严重的可移植性问题。相较于AES等国际通用密码算法,针对国产密码算法SM3的侧信道分析研究仍较为有限,其信噪比较低、算法结构复杂,使得跨设备建模攻击的难度进一步增加。
针对上述问题,本文以HMAC-SM3算法为研究对象,系统分析了该算法在跨设备侧信道分析场景下面临的可移植性挑战。在此基础上,从分布建模角度出发,深入研究了条件分布与边缘分布对齐策略在现实扰动和设备副本差异场景下对侧信道分析性能的影响。本文选取多种具有代表性的建模方法,在不同时钟扰动和高斯噪声强度条件下,对攻击效率与稳定性进行了系统评估。实验结果表明随着高斯噪声强度的增加,基于条件分布对齐的方法对噪声更加敏感,其猜测熵收敛速度和攻击成功率下降显著,而基于边缘分布对齐的方法仍能够保持较为稳定的攻击性能;在时钟抖动逐步增强的情况下,上述差异进一步被放大,条件分布方法易出现攻击失效,而边缘分布方法在时间错位与噪声叠加条件下仍表现出更强的鲁棒性。而在真实设备副本差异导致的可移植性场景下,基于条件分布对齐的方法取得了最优的攻击性能。本文的研究揭示了不同分布对齐策略在HMAC-SM3算法可移植性侧信道分析中的适用差异性,为后续分析与方法设计提供了理论参考。 |
| 关键词: 侧信道分析 深度学习 可移植性 SM3 消息认证码 |
| DOI: |
| 投稿时间:2026-02-04修订日期:2026-04-27 |
| 基金项目:广东省电力系统网络安全重点实验室开放基金项目 |
|
| Portability of Deep Learning–Based Side-Channel Analysis of SM3 Message Authentication Codes |
|
Suo Siliang1, Du Yuxuan2, Di Li2, Huang Jiancong2, Gong Zheng2
|
| (1.Electric Power Research Institute, CSG;2.South China Normal University) |
| Abstract: |
| Side-channel analysis (SCA) recovers secret keys by exploiting physical information leaked during the operation of cryptographic devices, and has become an important approach for evaluating the security of cryptographic implementations. Compared with traditional methods, deep learning-based profiling side-channel attacks have shown clear advantages in both attack performance and automatic feature extraction. However, most existing studies assume that the profiling device and the target device are highly consistent in terms of hardware platform and acquisition conditions, while overlooking the device variations and environmental perturbations commonly encountered in practical scenarios. As a result, attack models often suffer from severe portability issues in cross-device settings. Compared with widely studied cryptographic algorithms such as AES, side-channel analysis on the Chinese standard cryptographic algorithm SM3 remains relatively limited. Its lower signal-to-noise ratio and more complex algorithmic structure further increase the difficulty of cross-device profiling attacks.
To address these issues, this paper takes HMAC-SM3 as the target and investigates the portability challenges of profiling side-channel analysis in cross-device scenarios. From the perspective of distribution alignment, we study the effects of conditional-distribution alignment and marginal-distribution alignment on attack performance under realistic perturbations and device-replica differences. Several representative profiling methods are evaluated systematically under different levels of clock jitter and Gaussian noise, with respect to both attack efficiency and robustness. Experimental results show that, as the intensity of Gaussian noise increases, methods based on conditional-distribution alignment become more sensitive to noise, leading to significantly slower guessing-entropy convergence and a substantial drop in attack success rate, whereas methods based on marginal-distribution alignment maintain relatively stable performance. As clock jitter becomes stronger, this difference is further amplified: conditional-distribution methods are more likely to fail, while marginal-distribution methods exhibit stronger robustness under combined temporal misalignment and noise. In contrast, in portability scenarios caused by real device-replica differences, the method based on conditional-distribution alignment achieves the best attack performance. These results reveal that different distribution-alignment strategies have distinct applicability in portable side-channel analysis of HMAC-SM3, and provide useful guidance for future analysis and method design. |
| Key words: side-channel analysis deep learning portability SM3 hash-based message authentication code |
