52 Things: Number 40: What is normally considered the difference between SPA and DPA?
52 Things: Number 40: What is normally considered the difference between SPA and DPA?
52件事:第40件:通常认为SPA和DPA之间的区别是什么?
This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know To Do Cryptography': a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. We continue with our side-channel track and discuss the differences between a side-channel attack and a fault attack.
这是一系列博客文章中的最新一篇,旨在解决“每个博士生在做密码学时应该知道的52件事”:这是一组问题,旨在让博士生在第一年结束时了解他们应该知道什么。我们继续我们的侧通道跟踪,并讨论侧通道攻击和故障攻击之间的区别。
SPA and DPA Attacks
这是一系列博客文章中的最新一篇,旨在解决“每个博士生在做密码学时应该知道的52件事”:这是一组问题,旨在让博士生在第一年结束时了解他们应该知道什么。我们继续我们的侧通道跟踪,并讨论侧通道攻击和故障攻击之间的区别。
Power or Electromagnetic (EM) analysis attacks divide into two types of attacks, Simple Power Analysis (SPA) or Differential Power Analysis (DPA). Both of these types of attack work using either electromagnetic or power traces of a device but vary fundamentally in the number of power of traces they require and how these traces are analysed. Before examining the differences between these attacks, it is worth looking at what a power/EM trace is.
功率或电磁(EM)分析攻击分为两种类型的攻击,简单功率分析(SPA)或差分功率分析(DPA)。这两种类型的攻击都使用设备的电磁或功率迹线进行,但它们所需的迹线功率数量以及对这些迹线的分析方式存在根本差异。在研究这些攻击之间的差异之前,有必要先了解什么是电源/EM跟踪。
功率或电磁(EM)分析攻击分为两种类型的攻击,简单功率分析(SPA)或差分功率分析(DPA)。这两种类型的攻击都使用设备的电磁或功率迹线进行,但它们所需的迹线功率数量以及对这些迹线的分析方式存在根本差异。在研究这些攻击之间的差异之前,有必要先了解什么是电源/EM跟踪。
Power traces 电源迹线
The power of CMOS circuits can either be static or dynamic. Static power consumption is the power consumed when the circuit is static (ie. no switching is taking place) and is typically small. Dynamic power consumption is the power consumed by the switching that occurs in the circuit between 0 and 1 or 1 and 0. Dynamic power consumption is typically the greatest contributor to power consumption in a circuit and as it depends on the data being processed by the circuit. Dynamic power consumption comes from two factors. The first is the capacitance charging current and the second is the short-circuit current. Each CMOS cell has a load capacitance connected to the output of the cell. This load capacitance includes the wires that connect the cells to subsequent cells and also the input capacitances of the cells.
CMOS电路的功率可以是静态的,也可以是动态的。静态功耗是指当电路是静态的(即没有发生切换)并且通常很小时所消耗的功率。动态功耗是电路中0和1或1和0之间发生的切换所消耗的功率。动态功耗通常是电路中功耗的最大贡献者,因为它取决于电路正在处理的数据。动态功耗来自两个因素。第一个是电容充电电流,第二个是短路电流。每个CMOS单元具有连接到该单元的输出的负载电容。该负载电容包括将单元连接到后续单元的导线以及单元的输入电容。
CMOS电路的功率可以是静态的,也可以是动态的。静态功耗是指当电路是静态的(即没有发生切换)并且通常很小时所消耗的功率。动态功耗是电路中0和1或1和0之间发生的切换所消耗的功率。动态功耗通常是电路中功耗的最大贡献者,因为它取决于电路正在处理的数据。动态功耗来自两个因素。第一个是电容充电电流,第二个是短路电流。每个CMOS单元具有连接到该单元的输出的负载电容。该负载电容包括将单元连接到后续单元的导线以及单元的输入电容。
A CMOS cell draws current from the power rail Vdd to charge these capacitances which in turn leads to power consumption according to P=αfClV2dd, where α is the average number of 0→1 transitions which occur every clock cycle. \cite{dpabook}. This charging happens when there is a switch from 0→1 at the output. When there is a switch from 1→0, the current is drawn from CL to gnd via the NMOS and not Vdd. The second part of the contribution to power consumption is the short circuit current. This occurs during a switch when it is moving from 0→1 and 1→0 and occurs when both the pmos and nmos transistors are conduction at the same time - though this happens very briefly. This power consumption is in accordance with Psc=αfVddIpeaktsc, where Ipeak is the current peak during switching and tsc is the time for which the short circuit exists. [1].
CMOS单元从电源轨 Vdd 汲取电流以对这些电容充电,这又导致根据 P=αfClV2dd 的功耗,其中 α 是每个时钟周期发生的 0→1 转变的平均次数。\引用{dpabook}。当输出端有来自#4的开关时,就会发生这种充电。当存在从 1→0 的开关时,电流经由NMOS而不是 Vdd 从 CL 汲取到 gnd 。对功耗的贡献的第二部分是短路电流。当开关从 0→1 和 1→0 移动时,这会发生在开关期间,当pmos和nmos晶体管同时导通时,也会发生这种情况——尽管这种情况发生得很短暂。该功耗与 Psc=αfVddIpeaktsc 一致,其中 Ipeak 是切换期间的电流峰值, tsc 是短路存在的时间。1.
CMOS单元从电源轨 Vdd 汲取电流以对这些电容充电,这又导致根据 P=αfClV2dd 的功耗,其中 α 是每个时钟周期发生的 0→1 转变的平均次数。\引用{dpabook}。当输出端有来自#4的开关时,就会发生这种充电。当存在从 1→0 的开关时,电流经由NMOS而不是 Vdd 从 CL 汲取到 gnd 。对功耗的贡献的第二部分是短路电流。当开关从 0→1 和 1→0 移动时,这会发生在开关期间,当pmos和nmos晶体管同时导通时,也会发生这种情况——尽管这种情况发生得很短暂。该功耗与 Psc=αfVddIpeaktsc 一致,其中 Ipeak 是切换期间的电流峰值, tsc 是短路存在的时间。1.
Understanding these two points of dynamic power consumption we can see that all switching 1→0 and 0→1 will consume power through the short circuit current, however switching from 0→1 will consume more power due to the charging of the load capacitance. If we are able to measure the power consumption (or EM field as current of varying strength will produce an EM field of equal variance allowing the measurement of the EM field to give a measurement of power consumption) of a device accurately we can therefore determine the number of switches which will let us look inside the device in two ways. First by allowing us to determine a particular operation (a multiplier for instance may require more switches than an x-or gate for instance) and secondly, and more crucially, the data being operated on by the operation, as this may affect the switching.
了解这两个动态功耗点,我们可以看到,所有开关 1→0 和 0→1 都将通过短路电流消耗功率,而从#2切换将由于负载电容的充电而消耗更多功率。如果我们能够准确地测量设备的功耗(或者EM场,因为不同强度的电流将产生相等方差的EM场,从而允许EM场的测量给出功耗的测量),我们因此可以确定开关的数量,这将使我们从两个方面看设备内部。首先,允许我们确定特定的操作(例如乘法器可能需要比x或门更多的开关),其次,更重要的是,通过操作操作的数据,因为这可能会影响开关。
了解这两个动态功耗点,我们可以看到,所有开关 1→0 和 0→1 都将通过短路电流消耗功率,而从#2切换将由于负载电容的充电而消耗更多功率。如果我们能够准确地测量设备的功耗(或者EM场,因为不同强度的电流将产生相等方差的EM场,从而允许EM场的测量给出功耗的测量),我们因此可以确定开关的数量,这将使我们从两个方面看设备内部。首先,允许我们确定特定的操作(例如乘法器可能需要比x或门更多的开关),其次,更重要的是,通过操作操作的数据,因为这可能会影响开关。
SPA and DPA Attacks
SPA和DPA攻击
The main difference between SPA attacks and DPA attacks is the number of traces required. SPA attacks typically use one or very few traces whereas DPA attacks use many. They also vary in the way they exploit the dynamic power consumption of the device with SPA attacks identifying sequences of operations, however they can also exploit data dependency as in the case of templating attacks for instance. This is illustrated by the well known SPA attack on the square and multiply algorithm for binary expansion in RSA. Here, if the binary value in the exponent is 0, the value is squared and if it is a 1 then the value is squared and multiplied. Viewing this on a single trace it is possible to see the shape of a square operation and the shape of a square and multiply operation and thus read of each bit of the key as a 0 or a 1. The beauty of this attack is that only a single trace is required to make this observation, making it an SPA attack.
SPA攻击和DPA攻击之间的主要区别在于所需的跟踪数。SPA攻击通常使用一个或很少的跟踪,而DPA攻击使用许多跟踪。它们利用SPA攻击识别操作序列的设备动态功耗的方式也各不相同,但它们也可以利用数据依赖性,例如模板攻击。众所周知的SPA攻击RSA中的二进制展开的平方和乘法算法就说明了这一点。这里,如果指数中的二进制值为0,则对其进行平方运算,如果为1,则对该值进行平方和乘法运算。在单个轨迹上观察这一点,可以看到平方运算的形状以及平方和乘法运算的形状,从而将密钥的每个位读取为0或1。这种攻击的美妙之处在于,只需要一个痕迹就可以进行观察,从而使其成为SPA攻击。
SPA攻击和DPA攻击之间的主要区别在于所需的跟踪数。SPA攻击通常使用一个或很少的跟踪,而DPA攻击使用许多跟踪。它们利用SPA攻击识别操作序列的设备动态功耗的方式也各不相同,但它们也可以利用数据依赖性,例如模板攻击。众所周知的SPA攻击RSA中的二进制展开的平方和乘法算法就说明了这一点。这里,如果指数中的二进制值为0,则对其进行平方运算,如果为1,则对该值进行平方和乘法运算。在单个轨迹上观察这一点,可以看到平方运算的形状以及平方和乘法运算的形状,从而将密钥的每个位读取为0或1。这种攻击的美妙之处在于,只需要一个痕迹就可以进行观察,从而使其成为SPA攻击。
DPA attacks on the other hand exploit only the data dependency element of the power consumption by using multiple traces and statistical techniques. They focus on the data dependency of the power consumption and work by creating hypotheses of how much switching (and therefore change in power consumption) there will be for given data. These hypotheses are known as leakage models and are usually hamming weight or hamming distance. If this leakage model is correct, the power traces should reveal information being processed according to it, although in reality this is always combined with noise which distorts the data/power relationship. In DPA attacks, secret data values being operated on can be determined by estimating them and seeing if the representation of them according to a leakage model correlates to a number of different power traces. A DPA attack therefore requires a number of traces – the number can vary between as few as 50 to thousands depending on the level of noise and accuracy of the measurements.
另一方面,DPA攻击通过使用多个跟踪和统计技术仅利用功耗的数据依赖性元素。他们专注于功耗的数据依赖性,并通过创建给定数据将有多少切换(以及功耗的变化)的假设来工作。这些假设被称为泄漏模型,通常是锤击重量或锤击距离。如果这种泄漏模型是正确的,功率轨迹应该揭示根据它处理的信息,尽管事实上这总是与扭曲数据/功率关系的噪声相结合。在DPA攻击中,可以通过估计它们并查看根据泄漏模型的它们的表示是否与多个不同的功率轨迹相关来确定正在操作的秘密数据值。因此,DPA攻击需要多个记录道——根据噪声水平和测量精度的不同,记录道的数量可能在50到数千条之间变化。
另一方面,DPA攻击通过使用多个跟踪和统计技术仅利用功耗的数据依赖性元素。他们专注于功耗的数据依赖性,并通过创建给定数据将有多少切换(以及功耗的变化)的假设来工作。这些假设被称为泄漏模型,通常是锤击重量或锤击距离。如果这种泄漏模型是正确的,功率轨迹应该揭示根据它处理的信息,尽管事实上这总是与扭曲数据/功率关系的噪声相结合。在DPA攻击中,可以通过估计它们并查看根据泄漏模型的它们的表示是否与多个不同的功率轨迹相关来确定正在操作的秘密数据值。因此,DPA攻击需要多个记录道——根据噪声水平和测量精度的不同,记录道的数量可能在50到数千条之间变化。
The Working Class Must Lead!