一种抗弱曲线故障攻击的SM2数字签名算法设计

SM2数字签名算法是中国版的椭圆曲线数字签名算法，尽管该算法的设计在数学理论是安全的，但在算法的具体实现时却容易遭受物理攻击。因此，加强SM2数字签名算法在实现过程中的抗攻击性具有重要意义。本文基于故障感染思想提出了一个针对SM2数字签名算法的抗故障攻击策略，通过改变算法中的标量运算操作，使得算法遭受攻击后故障将在签名过程中扩散，从而破坏攻击者利用错误签名快速检索签名私钥的条件。实验结果表明，此防御策略不仅可以抵御弱曲线故障攻击，还可以防御弱曲线故障和二次故障注入的结合攻击。此外，本文还将椭圆曲线算法中常用点检测抗故障攻击策略和本文提出的故障感染防御策略都在现场可编程逻辑列阵上实现，对两种策略的硬件面积开销、单次签名时间开销进行比较，结果显示，本文提出的策略在硬件性能上比基于点检测的策略更优越。

Design of SM2 Digital Signature Algorithm Against Weak Curve Fault Attack

The SM2 digital signature algorithm is the Chinese version of the Elliptic Curve Digital Signature Algorithm (ECDSA). Although the design of the algorithm is mathematically safe, it is vulnerable to physical attacks when the algorithm is implemented. Therefore, it is of great significance to strengthen the attack resistance of SM2 digital signature algorithm in the implementation process. Based on the idea of fault infection, this paper proposes an anti-fault attack strategy for SM2 digital signature algorithm, which changes the scalar operation in the algorithm so that the fault will spread in the signing process after the algorithm is attacked, thereby destroying the conditions for attackers to quickly retrieve the signature private key by using incorrect signatures. Experimental results show that the proposed defense strategy can not only resist weak curve fault attacks but also defend against combined attacks of weak curve faults and secondary fault injection. In addition, we also implement the common point detection anti-fault attack strategy in elliptic curve algorithm and the fault infection prevention strategy proposed on Field Programmable Logic Array (FPGA) and compare the hardware area overhead and single signature time overhead of the two strategies, and the results show that the proposed strategy is superior to the point detection-based strategy in hardware performance.