一种基于不可区分混淆的侧信道防护方案设计^*

In order to protect against side-channel attacks, researchers usually use hiding and masking techniques. This paper proposes a new type of side-channel protection scheme based on indistinguishable obfuscation, which combines indistinguishable obfuscation with side-channel protection by improving an indistinguishable obfuscation scheme used in an affine deterministic program. It is applied to the embedded device scenario of the blockchain hierarchical deterministic wallet BIP-0032, where indistinguishable obfuscation against side-channel attacks is performed on the SHA-2 hash algorithm. The efficiency and security of the scheme is verified through Welch’s t-test of the application scenario and the collected power consumption curves. Although the existing indistinguishable obfuscation schemes are theoretically feasible, they are too expensive to be practically applied in real scenarios. This paper effectively applies indistinguishable obfuscation to real side-channel protection, which ensures the security and efficiency at the same time. Compared with the traditional side-channel protection methods, this scheme reduces the use of random numbers and has sound efficiency and maintainability, providing a new way of thinking for the current side-channel protection research.