PDF下载分享

[1]黄湘蜀,王敏,杜之波,等.针对轻量级分组密码算法PRESENT的随机差分故障攻击[J].成都信息工程大学学报,2022,37(01):8-15.[doi:10.16836/j.cnki.jcuit.2022.01.002]
　HUANG Xiangshu,WANG Min,DU Zhibo,et al.Random Differential Fault Attack Against the Lightweight Block Cipher Algorithm PRESENT[J].Journal of Chengdu University of Information Technology,2022,37(01):8-15.[doi:10.16836/j.cnki.jcuit.2022.01.002]

点击复制

针对轻量级分组密码算法PRESENT的随机差分故障攻击

成都信息工程大学学报[ISSN:1006-6977/CN:61-1281/TN] 卷: 37 期数: 2022年01期页码: 8-15 栏目: 电子信息科学与技术出版日期: 2022-02-21

Title:: Random Differential Fault Attack Against the Lightweight Block Cipher Algorithm PRESENT

文章编号:: 2096-1618(2022)01-0008-08

作者:: 黄湘蜀; 王敏; 杜之波; 吴震; 王燚; (成都信息工程大学网络空间安全学院，四川成都 610225)

Author(s):: HUANG Xiangshu; WANG Min; DU Zhibo; WU Zhen; WANG Yi; (College of Cyberspace Security,Chengdu University of Information Technology,Chengdu 610225,China)

关键词:: PRESENT算法; 多字节故障模型; 随机故障注入; 故障传播路径; 并行S盒分析

Keywords:: PRESENT algorithm; multibyte fault model; random fault injection; fault propagation path; parallel S-box analysis

分类号:: TP309

DOI:: 10.16836/j.cnki.jcuit.2022.01.002

文献标志码:: A

摘要:: 轻量级分组密码算法PRESENT采用了SPN网络结构，具有实现面积小、功耗低等特点，因此广泛使用于资源受限的环境中。针对PRESENT算法，设计多字节故障模型，在PRESENT算法的第30、29轮的任意位置分别进行随机故障注入，注入的字节数不固定。利用PRESNET算法的故障传播路径，构建输出差分和可能输入值之间的关系，通过提出的并行S盒分析方法得到正确输入，进而得到正确的轮子密钥。最后通过分析密钥编排方案，只需要两轮正确的轮子密钥即可推导出初始的80 bits主密钥。实验结果表明，与现有的针对PRESENT算法的故障攻击相比，利用提出的故障模型，可以将攻击复杂度由2³¹降低到2¹⁸，并且轮密钥攻击平均时长由20000 ms降低到1000 ms。与此同时，提出的方法将单字节、固定位置故障模型改进为多字节、任意位置的故障模型，更加符合实际的攻击情况，降低了对故障注入设备的要求，提高方法的实用性。

Abstract:: The lightweight block cipher algorithm PRESENT uses the SPN network structure, which has the characteristics of small implementation area and low power consumption, so it is widely used in resource-constrained environments. This article designs a multi-byte fault model for the PRESENT algorithm. Random fault injection is performed at any position in the 30th and 29th rounds of the PRESENT algorithm, and the number of bytes injected is not fixed. Using the fault propagation path of the PRESNET algorithm, the relationship between the output difference and the possible input value is constructed, and the correct input is obtained through the parallel S-box analysis method proposed in this paper, and then the correct wheel key is obtained. Finally, by analyzing the key arrangement scheme, only two rounds of the correct wheel keys are needed to derive the initial 80 bits master key. The experimental results show that, compared with the existing fault attacks against PRESENT algorithm, the use of the fault model in this paper can reduce the complexity of the attack from 2³¹ to 2¹⁸, and the average duration of the round key attack can be reduced from 20000 ms to 1000 ms.At the same time, the method proposed in this paper improves the single-byte, fixed-location fault model to a multi-byte, arbitrary-location fault model, which is more in line with the actual attack situation, reduces the requirements for fault injection equipment, and improves the practicability of the method.

参考文献/References:

[1] IZADI M,SADEGHIYAN B,SADEGHIAN S S,et al.MIBS:a new lightweight block cipher[C].8th International Conference on Cryptology and Network Security.Berlin:Springer,2009:334-348.
[2] SUZAKI T,MINEMATSU K,SORIOKA S,et al.TWINE:a lightweight block cipher for multiple platforms[C].19th International Conference on Selected Areas in Cryptography.Berlin:Springer,2012:339-354.
[3] HONG D,SUNG J,HONG S,et al.HIGHT:a new block cipher suitable for low-resource device[C].CHES 2006:46-59.
[4] BANIK S,PANDEY S K,PEYRIN T,et al.Gif:a small present[C].Proceedings of the 19th International Conference on Cryptographic Hardware and Embedded System.2017:321-345.
[5] BOGDANOV A,KNUDSEN L R,LEANDER G,et al.PRESENT:An ultralightweight block cipher[J].Lecture Notes in Computer Science,2007,4727:450-466.
[6] WANG M Q,SUN Y,SUN N,et al.Algebraic techniques in differential cryptanalysis revisited[C].Information Security and Privacy.Melbourne,Australia:Springer-Verlag,2011:120-141.
[7] COLLARD B,STANDAERT F X.A statistical saturation attack against the block cipher PRESENT[C].Proceedings of the Topics in Cryptology.Berlin,Germany:Springer,2009:95-210.
[8] 陈伟建,赵思宇,邹瑞杰.PRESENT密码的差分故障攻击[J].电子科技大学学报.2019,48(6):865-869.
[9] 李卷孺,谷大武.PRESENT密码的差分故障攻击[C].中国密码学会2009年会.科学出版社,2009:3-13.
[10] Dusart P,Letourneux G,Vivolo O.Differential fault analysis on AES[C].Applied Cryptography and Network Security.Berlin,Germany:Springer.2003:293.
[11] Kelsey J,Schneier B,Wagner D,et al.Side channel cryptanalysis of product ciphers[J].Lecture Notes in Computer Science,2000,8(2):141-158.
[12] BIHAM E,SHAMIR A.Differential cryptanalysis of DES-like cryptosystems[J].Journal of Cryptology,1991,4(1):3-72.
[13] Bar-El H,Choukri H,Naccache D,et al.The Sorcerer’s Apprentice Guide to Fault Attacks[J].Proceedings of the IEEE,2006,94(2):370-382.
[14] 高靖哲,赵新杰,矫文成.针对CLEFIA的多字节差分故障分析[J].计算机工程,2010,36(19):156-158.
[15] 荣雪芳,吴震,王敏.基于随机故障注入的SM4差分故障攻击方法[J].计算机工程,2016,42(7):129-133.

备注/Memo

收稿日期:2021-06-30
基金项目:“十三五”国家密码发展基金资助项目(MMJJ20180224); 四川省重点研发资助项目(2019YFG0096)。

更新日期/Last Update: 2022-02-21