Please wait a minute...
浙江大学学报(工学版)
JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE)  2017, Vol. 51 Issue (9): 1770-1779    DOI: 10.3785/j.issn.1008-973X.2017.09.011
Computer Technology     
Fault-cube attack on SIMON family of lightweight block ciphers
MA Yun-fei1, WANG Tao1, CHEN Hao1, ZHANG Fan2, LOU Xiao-xuan2, XU Lu-min2, YANG Wen-bing3
1. Department of Information Engineering, Ordnance Engineering College, Shijiazhuang 050003, China;
2. College of Information Science and Electrical Engineering, Zhejiang University, Hangzhou 310027, China;
3. The Nine Eight Zero Four Military Representative Office, Qujing 655000, China
Download:   PDF(1191KB) HTML
Export: BibTeX | EndNote (RIS)      

Abstract  

A fault-cube method was given aiming at the special property of And operation (&) in SIMON and the problem in previous cube attack and fault attack. The round-candidates for fault injection were identified according to the number of linear and quadratic equations. Positions for fault injection were determined by using a difference-characteristics table. Some round-keys were recovered by extracting low-degree equations during the off-line phase. Then, the entire round-keys were obtained with combination of guess-and-determine attack. The experimental results show that the attack on SIMON32/64 needs 69 fault injections on average and requires a compute complexity of 247.91, which is better than the previous cube attack. Compared to differential fault attack, the fault-cube method is more effective in determining fault positions. Moreover, using the fault model is easier to realize and the attack process is of high automation. The fault-cube method will provide some ideas on other lightweight block ciphers with low-degree core operations as well.

Received: 01 December 2016      Published: 25 August 2017
CLC:  TP309  
Service
E-mail this article
Add to my bookshelf
Add to citation manager
E-mail Alert
RSS
Articles by authors
Cite this article:

MA Yun-fei, WANG Tao, CHEN Hao, ZHANG Fan, LOU Xiao-xuan, XU Lu-min, YANG Wen-bing. Fault-cube attack on SIMON family of lightweight block ciphers. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2017, 51(9): 1770-1779.

URL:

http://www.zjujournals.com/eng/10.3785/j.issn.1008-973X.2017.09.011     OR     http://www.zjujournals.com/eng/Y2017/V51/I9/1770


SIMON系列轻量级分组密码故障立方攻击

针对SIMON密码按位与&运算特性以及现有立方攻击与故障攻击的不足,给出一种故障立方攻击方法.根据线性和二次多项式数量确定候选故障注入轮;利用差分特征表确定故障注入的具体位置;利用离线阶段求得的大量低次多项式,恢复部分轮密钥,并结合密钥猜测攻击恢复全轮密钥.结果表明:对SIMON32/64进行故障立方攻击,需要平均注入故障69次,计算复杂度为247.91,优于现有立方攻击;相比于差分故障攻击,采用故障立方攻击方法确定故障位置更有效,故障模型更易实现,且整个攻击过程具有自动化程度高的特点.该方法可为核心运算次数较低的轻量级分组密码提供借鉴.

[1] BEAULIEU R, SHORS D, SMITH J, et al. The SIMON and speck families of lightweight block ciphers[EB/OL]. (2013-06-19)[2016-11-30]. http://eprint.iacr.org/2013/404.pdf.
[2] ALIZADEH J, BAGHERI N, GAURAVARAM P,et al. Linear cryptanalysis of round reduced SIMON[EB/OL]. (2014-10-16)[2016-11-30]. http://eprint.iacr.org/2013/663.pdf.
[3] KÖLBL S, LEANDER G, TIESSEN T. Observations on the SIMON block cipher family[C]//Proceedings of the 35th International Cryptology Conference. SantaBarbara:Springer, 2015:161-185.
[4] ALIZADEH J, ALKHZAIMI H A, AREF M R, et.al. Cryptanalysis of SIMON variants with connections[C]//Proceedings of the 10th workshop on RFID Security. Oxford:Springer, 2014:90-107.
[5] BIRYUKOV A, ROY A, VELICHKOV V. Differential analysis of block ciphers SIMON and SPECK[C]//Proceedings of the 21st International Workshop on Fast Software Encryption. London:Springer, 2015:546-570.
[6] ABED F, LIST E, LUCKS S, et al. Differential cryptanalysis of round-reduced simon and speck[C]//Proceedings of the 21st International Workshop on Fast Software Encryption. London:Springer, 2015:525-545.
[7] RADDUM H. Algebraic analysis of the simon blockcipher family[C]//Proceedings of the Fourth International Conference on Cryptology and Information Security in Latin America. Guadalajara:Springer, 2015:157-169.
[8] RABBANINEJAD R, AHMADIAN Z, SALMASIZADEH M, et al. Cube and dynamic cube attacks on SIMON32/64[C]//Proceedings of the 11th International ISC Conference on Information Security and Cryptology. Piscataway:IEEE, 2014:98-103.
[9] TUPSAMUDRE H, BISHT S, MUKHOPADHYAY D. Differential fault analysis on the families of SIMON and SPECK ciphers[EB/OL]. (2014-05-30)[2016-11-30]. http://eprint.iacr.org/2014/267.pdf.
[10] YANG L, WANG M Q, QIAO S Y. Side channel cube attack on PRESENT[C]//Proceedings of the International Conference on Cryptology and Network Security. Kanazawa:Springer, 2009:379-391.
[11] ABDUL-LATIP S F, REYHANITABAR M R, SUSILO W, et al. On the security of NOEKEON against side channel cube attacks[C]//Proceedings of the 6th Information Security Practice and Experience Conference. Seoul:Springer, 2010:45-55.
[12] 赵新杰,郭世泽,王韬,等.EPCBC密码旁路立方体攻击[J].成都信息工程学院学报,2012, 27(6):525-530. ZHAO Xin-jie, GUO Shi-ze, WANG Tao, et al. Side-channel cube attacks on EPCBC[J]. Journal of Chengdu University of Information Technology, 2012, 27(6):525-530.
[13] LI Z Q, ZHANG B, YAO Y, et al. Cube cryptanalysis of LBlock with noisy leakage[C]//Proceedings of the 15th Annual International Conference on Information Security and Cryptology. Seoul:Springer, 2013:141-155.
[14] 曾文.Trivium算法的Fault Cube攻击与可滑动对研究[D].郑州:信息工程大学,2011. ZENG Wen. The fault cube attack and slid pairs research on trivium[D]. Zhengzhou:Information Engineering University, 2011.
[15] ABDUL-LATIP S F, REYHANITABAR M R, SUSILO W, et al. Fault analysis of the KATAN family of block ciphers[C]//Proceedings of the 8th Information Security Practice and Experience Conference. Hangzhou:Springer, 2012:319-336.
[16] DINUR I, SHAMIR A. Cube attacks on tweakable black box polynomials[C]//Proceedings of the 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Cologne:Springer, 2009:278-299.
[17] 郭世泽,王韬,赵新杰.密码旁路分析原理与方法[M].北京:科学出版社,2014:248-277.
[18] BONEH D, DEMILLO R A, LIPTON R J. On the Importance of checking cryptographic protocols for faults[C]//Proceedings of the 15th Annual EUROCRYPT Conference on the Theory and Applications of Cryptologic Techniques. Konstanz:Springer, 1997:37-51.
[19] BIHAM E, SHAMIR A. Differential fault analysis of secret key cryptosystems[C]//Proceedings of the 17th Annual International Cryptology Conference. Santa Barbara, US:Springer, 1997:513-525.
[20] 马克裘依,腾斯托尔.密码故障分析与防护[M].赵新杰,郭世泽,张帆,等,译.北京:科学出版社,2015:240-245.
[1] LUO Na, WEI Song-jie, SHI Zhao-wei, WU Gao-xiang. Behavior consistency detection of Android APP with LSTM model[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2018, 52(6): 1097-1106.
[2] ZHANG Bao-Jun, BO Xue-Ceng, WANG Jie-Bing, et al. Multi-agent based hybrid Intrusion detection system[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2009, 43(6): 987-993.
[3] BEI Yi-Jun, CHEN Gang, DONG Jin-Xiang. Mining access patterns of Web active user based on tree structure[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2009, 43(6): 1005-1013.