中文摘要：

代数侧信道攻击（ASCA）已经成为一种对分组密码非常有效的分析方法.得到ASCA分析所需要的最少轮次,将有利于构造密码算法抗侧信道分析的轻量化防护策略.文中基于信息论方法,提出了一种在汉明重模型下评估分组密码抗ASCA安全性的方法,并给出了一种抗基于汉明重模型ASCA分析的安全性指标,称为汉明重扩散度（HWE）,以度量分组密码的非线性部件及轮函数对抗ASCA分析的能力.文中从理论上证明了在同时考虑ASCA和线性分析或差分分析时,HWE与非线性度以及差分均匀性这两项重要的密码学指标之间存在矛盾.因为差分均匀性和代数免疫度之间的关系,同理可知HWE和代数免疫度指标之间也存在矛盾.文中的实验结果表明,ASCA方法分析MIBS算法时至少需要4个加密轮次,才有足够的泄漏信息满足ASCA中所有方程求解,与文中提出的理论度量结果一致.作者的研究工作从理论上对迭代型分组密码抗ASCA能力进行度量指标的设计与研究,研究结果发现现有分组密码具有ASCA的防御脆弱性.

英文摘要：

The ASCA （Algebraic Side-Channel Attack） has become a very effective analytical method for block ciphers. Considering lightweight countermeasure, it would be helpful to know the minimal number of rounds needed in ASCA. In this paper, based on information theory, we present a method to evaluate the security of block ciphers against ASCA under the Hamming Weight model. We propose a security index referred to as HIVE （Hamming Weight Extension） to measure the resistance of nonlinear operations and round functions of block ciphers to ASCA. Furthermore, we find that the HIVE and two other important cryptographic indices, nonlinearity and differential uniformity, conflict with each other when ASCA and linear analysis or differential analysis are taken into account simultaneously. Considering the propositional relationship between differential uniformity and algebraic immunity, we find that the confliction between HWE and nonlinearity as well as differential uniformity and algebraic immunity. We present our experimental results with the MIBS algorithm and find that it needs to iterate at least 4 rounds of the MIBS to guarantee that the HWE of both nonlinear operations and round functions are nonzero, which are consistent with our analysis.