中文摘要：

为了评测轻量级密码算法Piccolo抗功耗分析攻击的能力，提出一种针对首轮的功耗分析攻击模型，搭建了功耗模拟采集平台，对该算法进行了相关性功耗分析攻击．针对Piccolo算法首轮运算中包含白化密钥和轮置换操作的特点，将首轮相关攻击密钥（包括轮密钥RK0L、RK0R、WK0、WK1）分成6段子密钥，逐个完成各段子密钥的攻击，将80位种子密钥的搜索空间从2^80降低到（2×2^20＋2×2^4＋2×2^8＋2^16），使种子密钥的恢复成为可能．攻击结果表明，只需500条功耗曲线即可恢复首轮攻击密钥，由此可见，未加任何防护措施的Piccolo硬件实现极易遭受相关性功耗分析攻击，研究并采取切实有效的防护措施势在必行．据现有资料，这是首次评估Piccolo密码算法在相关性功耗分析攻击方面的安全性．

英文摘要：

To evaluate an ultra-lightweight blockcipher Piccolo＇ s ability to counteract Power Analysis Attack （PAA）, an attack model, which focuses on the first round of Piccolo, was proposed and Correlation Power Analysis （CPA） was conducted on this cipher based on a power simulation acquisition platform. Due to the whiten keys and round permutation for the first round of Piccolo, attacking keys including RK0L, RK0R, WK0 and WK1 were divided into six sub-keys, which were disclosed one by one. This approach can reduce the 80 -bit primary key search space from 280 to （2×2^20＋2×2^4＋2×2^8＋2^16） and make it possible to recover the primary key. The attack results show that 500 power traces are d＇nough to recover Piccolo＇s 80 -bit primary key. It is concluded that the hardware implementation of Piccolo without any countermeasure is vulnerable to CPA and some countermeasures should be used. This work is the first known report about the security of Piccolo against PAA.