基于ESF密码算法改进的差分故障攻击

利用置换层结构的特点及差分故障的基本思想,提出一种针对ESF算法的差分故障攻击方法.在第30轮多次注入1比特故障,根据S盒的差分特性,由不同的输入输出差分对,得到不同的S盒的输入值集合,取其交集可快速确定唯一的S盒的可能输入值,分析得出最后一轮轮密钥.采用同样的方法,多次在第29轮、28轮注入1比特故障,结合最后一轮轮密钥,同样利用S盒的差分特性分析得出倒数第2轮、第3轮轮密钥.共需约10个故障密文,恢复3轮轮密钥后将恢复主密钥的计算复杂度降为2²².

Improved Differential Fault Attack Based on ESF Cryptographic Algorithm

In light of the structural characteristics of the displacement layer and the basic idea of differential fault, this study proposes a differential fault attack method for the eight-sided fortress (ESF) algorithm. In the 30^th round, a 1-bit fault is injected multiple times. Various input and output differential pairs are used to obtain different input sets for the S-box according to the differential characteristics of the S-box. Taking the intersection of the sets is a quick way to determine the only possible inputs for the S-box. The round key of the last round can then be obtained through analysis. Similarly, a 1-bit fault is injected in the 29^th and 28^th rounds many times. With the round key of the last round, the differential characteristics of the S-box are leveraged again to obtain the round keys of the last but one and last but two rounds. About 10 fault ciphertexts are required. After the round keys of three rounds are recovered, the computational complexity of recovering the master key is reduced to 2²².