共查询到20条相似文献,搜索用时 31 毫秒
1.
GIFT,a lightweight block cipher proposed at CHES2017,has been widely cryptanalyzed this years.This paper studies the differential diffusion characteristics of round function of GIFT at first,and proposes a random nibble-based differential fault attack.The key recovery scheme is developed on the statistical properties we found for the differential distribution table of the S-box.A lot of experiments had been done and experimental results show that one round key can be retrieved with an average of 20.24 and 44.96 fault injections for GIFT-64 and GIFT-128 respectively.Further analysis shows that a certain number of fault injections recover most key bits.So we demonstrate an improved fault attack combined with the method of exhaustive search,which shows that the master key can be recovered by performing 216 and 217 computations and injecting 31 and 32 faults on an average for GIFT-64 and GIFT-128 respectively. 相似文献
2.
In order to evaluate the security of the lightweight block cipher FeW,a differential fault attack method was proposed and discussed using a single byte random fault model.In this method,a single byte random fault was introduced on the right side of the last round of FeW to recover the key based on the statistical characteristics of S-box difference distribution,and the difference information was obtained using the characteristics of the linear diffusion function.The experiment results show that the complete key recovery can be achieved with an average of 47.73 and 79.55 fault injections for FeW-64-80 and FeW-64-128 respectively.If 210exhaustive calculations are added to the key recovery process,the number of average fault injections required can be reduced to 24.90 and 41.50.This attack is effective on FeW. 相似文献
3.
提出了一种新的PRESENT密码故障分析方法——代数故障攻击。将代数攻击和故障攻击相结合,首先利用代数攻击方法建立密码算法等效布尔代数方程组;然后通过故障攻击手段获取错误密文信息,并将故障差分和密文差分转化为额外的布尔代数方程组;最后使用CryptoMiniSAT解析器求解方程组恢复密钥。结果表明:在PRESENT-80的第29轮注入宽度为4的故障,故障位置和值未知时,2次故障注入可在50s内恢复64bit后期白化密钥,将PRESENT-80密钥搜索空间降低为216,经1min暴力破解恢复完整主密钥;和现有PRESENT故障攻击相比,该攻击所需样本量是最小的;此外该代数故障分析方法也可为其他分组密码故障分析提供一定思路。 相似文献
4.
A novel method of fault attack based on round reduction against SM4 algorithm was proposed.Faults were in-jected into the last four rounds of the SM4 encryption algorithm,so that the number of the algorithm's rounds can be re-duced.In known-ciphertext scenario,four traces are enough to recover the total 128 bit master key by screening these faults easily.The proposed attack is made to an unprotected SM4 smart card.Experiment shows that this attack method is efficient,and which not only simplifies the existing differential fault attack,but also improves the feasibility of the attack. 相似文献
5.
ARIA is a Korean standard block cipher,which is flexible to provide security for software and hardware implementation.Since its introduction,some research of fault analysis is devoted to attacking the last two rounds of ARIA.It is an open problem to know whether provoking faults at some former rounds of ARIA allowed recovering the secret key.An answer was given to solve this problem by showing a novel integral differential fault analysis on two rounds earlier of ARIA.The mathematical analysis and simulating experiments show that the attack can successfully recover its secret key by fault injections.The results in this study describe that the integral fault analysis is a strong threaten to the security of ARIA.The results are beneficial to the analysis of the same type of other block ciphers. 相似文献
6.
7.
Due to the strong attacking ability, fast speed, simple implementation and other characteristics, differential fault analysis has become an important method to evaluate the security of cryptosystem in the Internet of Things. As one of the AES finalists, the Serpent is a 128-bit Substitution-Permutation Network (SPN) cryptosystem. It has 32 rounds with the variable key length between 0 and 256 bits, which is flexible to provide security in the Internet of Things. On the basis of the byte-oriented model and the differential analysis, we propose an effective differential fault attack on the Serpent cryptosystem. Mathematical analysis and simulating experiment show that the attack could recover its secret key by introducing 48 faulty ciphertexts. The result in this study describes that the Serpent is vulnerable to differential fault analysis in detail. It will be beneficial to the analysis of the same type of other iterated cryptosystems. 相似文献
8.
数据加密算法IDEA的错误引入攻击研究 总被引:1,自引:1,他引:0
文中研究对IDEA的一个差分错误分析方法。它基于暂时随机的比特错误,并利用IDEA中群运算的差分特性。模拟实验表明,该攻击方法能够确定IDEA初始密钥中的62个比特。给出对IDEA的一个基于永久性错误的错误引入攻击方法。该攻击要求攻击者能够永久地毁掉密码设备中的几个寄存器,并使得它们寄存的值总为零。利用该攻击,攻击者可以找出IDEA初始密钥中的96个比特。 相似文献
9.
FOX算法是用于欧洲有线电视的分组密码算法,该算法整体采用Lai-Massey结构,其中的圈函数使用SPS结构。FOX算法的设计结构比较典型,实际应用的范围很广,目前对于该算法的分析却并不多见。研究了FOX算法对于差分故障攻击的安全性。提出一种采用面向字节的随机故障模型,并结合差分分析技术的攻击方法。结果显示,差分故障攻击对于FOX算法是有效的;实验结果也验证了这一事实。该攻击方法恢复出全部密钥信息平均需要128个错误密文,计算穷举量为O(215)。 相似文献
10.
11.
12.
13.
14.
15.
为了分析ZUC序列密码算法在相关性能量分析攻击方面的免疫能力,该文进行了相关研究。为了提高攻击的针对性,该文提出了攻击方案的快速评估方法,并据此给出了ZUC相关性能量分析攻击方案。最后基于ASIC开发环境构建仿真验证平台,对攻击方案进行了验证。实验结果表明该方案可成功恢复48 bit密钥,说明ZUC并不具备相关性能量分析攻击的免疫力,同时也证实了攻击方案快速评估方法的有效性。相比Tang Ming等采用随机初始向量进行差分能量攻击,初始向量样本数达到5000时才能观察到明显的差分功耗尖峰,该文的攻击方案只需256个初始向量,且攻击效果更为显著。 相似文献
16.
17.
LiCi是由Patil等人(2017)提出的轻量级分组密码算法。由于采用新型的设计理念,该算法具有结构紧凑、能耗低、占用芯片面积小等优点,特别适用于资源受限的环境。目前该算法的安全性备受关注,Patil等人声称:16轮简化算法足以抵抗经典的差分攻击及线性攻击。该文基于S盒的差分特征,结合中间相遇思想,构造了一个10轮的不可能差分区分器。基于此区分器,向前后各扩展3轮,并利用密钥编排方案,给出了LiCi的一个16轮的不可能差分分析方法。该攻击需要时间复杂度约为283.08次16轮加密,数据复杂度约为259.76选择明文,存储复杂度约为276.76数据块,这说明16轮简化的LiCi算法无法抵抗不可能差分攻击。 相似文献
18.
19.
20.
The secret key used in a cryptosystem can be retrieved by physical attacks such as side-channel analysis (SCA) and fault analysis (FA) attacks. Traditionally, countermeasures for different physical attacks are developed in a separate fashion. To lay a solid foundation for countermeasure development for the emerging combined attacks, it is imperative to thoroughly study how the countermeasure for one attack affects the efficiency of other attack. In this work, we use a FPGA-based platform to investigate whether and how the FA countermeasure can influence the efficiency of the correlation power analysis (CPA) attack. Unlike the previous work using simulations on the S-Box only, our assessments are based on the FPGA emulation of the entire AES. In addition to considering different error detection codes, we compare the key retrieval speed of the CPA attack in the scenarios of using different power models, redundancy types for fault detection, modules under fault protection, and practical FPGA synthesis optimization. Furthermore, we propose a new countermeasure that integrates dynamic masking and error deflection to simultaneously thwart CPA and FA attacks. Experimental results show that for 100,000 power traces, our method successfully prevents the key leakage while other methods leak at least five AES subkey bytes. Meanwhile, our simulation also confirms that the proposed method reduces the success rate of FA attacks by up to 90 % over the other methods. 相似文献