Please wait a minute...
浙江大学学报(工学版)  2017, Vol. 51 Issue (9): 1770-1779    DOI: 10.3785/j.issn.1008-973X.2017.09.011
计算机技术     
SIMON系列轻量级分组密码故障立方攻击
马云飞1, 王韬1, 陈浩1, 张帆2, 楼潇轩2, 许鲁珉2, 杨文兵3
1. 军械工程学院 信息工程系, 河北 石家庄 050003;
2. 浙江大学 信息与电子工程学院, 浙江 杭州 310027;
3. 九八〇四厂军代室, 云南 曲靖 655000
Fault-cube attack on SIMON family of lightweight block ciphers
MA Yun-fei1, WANG Tao1, CHEN Hao1, ZHANG Fan2, LOU Xiao-xuan2, XU Lu-min2, YANG Wen-bing3
1. Department of Information Engineering, Ordnance Engineering College, Shijiazhuang 050003, China;
2. College of Information Science and Electrical Engineering, Zhejiang University, Hangzhou 310027, China;
3. The Nine Eight Zero Four Military Representative Office, Qujing 655000, China
 全文: PDF(1191 KB)   HTML
摘要:

针对SIMON密码按位与&运算特性以及现有立方攻击与故障攻击的不足,给出一种故障立方攻击方法.根据线性和二次多项式数量确定候选故障注入轮;利用差分特征表确定故障注入的具体位置;利用离线阶段求得的大量低次多项式,恢复部分轮密钥,并结合密钥猜测攻击恢复全轮密钥.结果表明:对SIMON32/64进行故障立方攻击,需要平均注入故障69次,计算复杂度为247.91,优于现有立方攻击;相比于差分故障攻击,采用故障立方攻击方法确定故障位置更有效,故障模型更易实现,且整个攻击过程具有自动化程度高的特点.该方法可为核心运算次数较低的轻量级分组密码提供借鉴.

Abstract:

A fault-cube method was given aiming at the special property of And operation (&) in SIMON and the problem in previous cube attack and fault attack. The round-candidates for fault injection were identified according to the number of linear and quadratic equations. Positions for fault injection were determined by using a difference-characteristics table. Some round-keys were recovered by extracting low-degree equations during the off-line phase. Then, the entire round-keys were obtained with combination of guess-and-determine attack. The experimental results show that the attack on SIMON32/64 needs 69 fault injections on average and requires a compute complexity of 247.91, which is better than the previous cube attack. Compared to differential fault attack, the fault-cube method is more effective in determining fault positions. Moreover, using the fault model is easier to realize and the attack process is of high automation. The fault-cube method will provide some ideas on other lightweight block ciphers with low-degree core operations as well.

收稿日期: 2016-12-01 出版日期: 2017-08-25
CLC:  TP309  
基金资助:

国家自然科学基金资助项目(61272491,61309021,61472357);保密通信重点实验室基金资助项目(9140C110602150C11053).

通讯作者: 王韬,男,教授.orcid.org/0000-0002-9327-6019.     E-mail: T_Wang_mail@163.com
作者简介: 马云飞(1992-),男,硕士生,从事旁路立方攻击研究.orcid.org/0000-0002-2528-309X.E-mail:fcz1992@sina.com
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
作者相关文章  

引用本文:

马云飞, 王韬, 陈浩, 张帆, 楼潇轩, 许鲁珉, 杨文兵. SIMON系列轻量级分组密码故障立方攻击[J]. 浙江大学学报(工学版), 2017, 51(9): 1770-1779.

MA Yun-fei, WANG Tao, CHEN Hao, ZHANG Fan, LOU Xiao-xuan, XU Lu-min, YANG Wen-bing. Fault-cube attack on SIMON family of lightweight block ciphers. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2017, 51(9): 1770-1779.

链接本文:

http://www.zjujournals.com/eng/CN/10.3785/j.issn.1008-973X.2017.09.011        http://www.zjujournals.com/eng/CN/Y2017/V51/I9/1770

[1] BEAULIEU R, SHORS D, SMITH J, et al. The SIMON and speck families of lightweight block ciphers[EB/OL]. (2013-06-19)[2016-11-30]. http://eprint.iacr.org/2013/404.pdf.
[2] ALIZADEH J, BAGHERI N, GAURAVARAM P,et al. Linear cryptanalysis of round reduced SIMON[EB/OL]. (2014-10-16)[2016-11-30]. http://eprint.iacr.org/2013/663.pdf.
[3] KÖLBL S, LEANDER G, TIESSEN T. Observations on the SIMON block cipher family[C]//Proceedings of the 35th International Cryptology Conference. SantaBarbara:Springer, 2015:161-185.
[4] ALIZADEH J, ALKHZAIMI H A, AREF M R, et.al. Cryptanalysis of SIMON variants with connections[C]//Proceedings of the 10th workshop on RFID Security. Oxford:Springer, 2014:90-107.
[5] BIRYUKOV A, ROY A, VELICHKOV V. Differential analysis of block ciphers SIMON and SPECK[C]//Proceedings of the 21st International Workshop on Fast Software Encryption. London:Springer, 2015:546-570.
[6] ABED F, LIST E, LUCKS S, et al. Differential cryptanalysis of round-reduced simon and speck[C]//Proceedings of the 21st International Workshop on Fast Software Encryption. London:Springer, 2015:525-545.
[7] RADDUM H. Algebraic analysis of the simon blockcipher family[C]//Proceedings of the Fourth International Conference on Cryptology and Information Security in Latin America. Guadalajara:Springer, 2015:157-169.
[8] RABBANINEJAD R, AHMADIAN Z, SALMASIZADEH M, et al. Cube and dynamic cube attacks on SIMON32/64[C]//Proceedings of the 11th International ISC Conference on Information Security and Cryptology. Piscataway:IEEE, 2014:98-103.
[9] TUPSAMUDRE H, BISHT S, MUKHOPADHYAY D. Differential fault analysis on the families of SIMON and SPECK ciphers[EB/OL]. (2014-05-30)[2016-11-30]. http://eprint.iacr.org/2014/267.pdf.
[10] YANG L, WANG M Q, QIAO S Y. Side channel cube attack on PRESENT[C]//Proceedings of the International Conference on Cryptology and Network Security. Kanazawa:Springer, 2009:379-391.
[11] ABDUL-LATIP S F, REYHANITABAR M R, SUSILO W, et al. On the security of NOEKEON against side channel cube attacks[C]//Proceedings of the 6th Information Security Practice and Experience Conference. Seoul:Springer, 2010:45-55.
[12] 赵新杰,郭世泽,王韬,等.EPCBC密码旁路立方体攻击[J].成都信息工程学院学报,2012, 27(6):525-530. ZHAO Xin-jie, GUO Shi-ze, WANG Tao, et al. Side-channel cube attacks on EPCBC[J]. Journal of Chengdu University of Information Technology, 2012, 27(6):525-530.
[13] LI Z Q, ZHANG B, YAO Y, et al. Cube cryptanalysis of LBlock with noisy leakage[C]//Proceedings of the 15th Annual International Conference on Information Security and Cryptology. Seoul:Springer, 2013:141-155.
[14] 曾文.Trivium算法的Fault Cube攻击与可滑动对研究[D].郑州:信息工程大学,2011. ZENG Wen. The fault cube attack and slid pairs research on trivium[D]. Zhengzhou:Information Engineering University, 2011.
[15] ABDUL-LATIP S F, REYHANITABAR M R, SUSILO W, et al. Fault analysis of the KATAN family of block ciphers[C]//Proceedings of the 8th Information Security Practice and Experience Conference. Hangzhou:Springer, 2012:319-336.
[16] DINUR I, SHAMIR A. Cube attacks on tweakable black box polynomials[C]//Proceedings of the 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Cologne:Springer, 2009:278-299.
[17] 郭世泽,王韬,赵新杰.密码旁路分析原理与方法[M].北京:科学出版社,2014:248-277.
[18] BONEH D, DEMILLO R A, LIPTON R J. On the Importance of checking cryptographic protocols for faults[C]//Proceedings of the 15th Annual EUROCRYPT Conference on the Theory and Applications of Cryptologic Techniques. Konstanz:Springer, 1997:37-51.
[19] BIHAM E, SHAMIR A. Differential fault analysis of secret key cryptosystems[C]//Proceedings of the 17th Annual International Cryptology Conference. Santa Barbara, US:Springer, 1997:513-525.
[20] 马克裘依,腾斯托尔.密码故障分析与防护[M].赵新杰,郭世泽,张帆,等,译.北京:科学出版社,2015:240-245.

[1] 罗娜, 魏松杰, 时召伟, 吴高翔. 采用LSTM模型的Android应用行为一致性检测[J]. 浙江大学学报(工学版), 2018, 52(6): 1097-1106.
[2] 张宝军, 潘雪增, 王界兵, 等. 基于多代理的混合式入侵检测系统模型[J]. J4, 2009, 43(6): 987-993.
[3] 贝毅君, 陈刚, 董金祥. 面向Web活跃用户的树型访问模式挖掘算法[J]. J4, 2009, 43(6): 1005-1013.