高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

轻量级分组密码PUFFIN的差分故障攻击

袁庆军 张勋成 高杨 王永娟

袁庆军, 张勋成, 高杨, 王永娟. 轻量级分组密码PUFFIN的差分故障攻击[J]. 电子与信息学报, 2020, 42(6): 1519-1525. doi: 10.11999/JEIT190506
引用本文: 袁庆军, 张勋成, 高杨, 王永娟. 轻量级分组密码PUFFIN的差分故障攻击[J]. 电子与信息学报, 2020, 42(6): 1519-1525. doi: 10.11999/JEIT190506
Qingjun YUAN, Xuncheng ZHANG, Yang GAO, Yongjuan WANG. Differential Fault Attack on the Lightweight Block Cipher PUFFIN[J]. Journal of Electronics & Information Technology, 2020, 42(6): 1519-1525. doi: 10.11999/JEIT190506
Citation: Qingjun YUAN, Xuncheng ZHANG, Yang GAO, Yongjuan WANG. Differential Fault Attack on the Lightweight Block Cipher PUFFIN[J]. Journal of Electronics & Information Technology, 2020, 42(6): 1519-1525. doi: 10.11999/JEIT190506

轻量级分组密码PUFFIN的差分故障攻击

doi: 10.11999/JEIT190506
基金项目: 国家自然科学基金(61602512),河南省网络密码技术重点实验室开放基金(LNCT2019-S02)
详细信息
    作者简介:

    袁庆军:男,1993年生,讲师,研究方向为侧信道分析

    张勋成:男,1997年生,实习研究员,研究方向为侧信道分析

    高杨:男,1994年生,研究方向为密码算法设计与分析

    王永娟:女,1982年生,研究员,研究方向为侧信道分析与密码系统安全

    通讯作者:

    张勋成 zhangxunc1122@gmail.com

  • 中图分类号: TN918.4; TP309.7

Differential Fault Attack on the Lightweight Block Cipher PUFFIN

Funds: The National Natural Science Foundation of China(61602512), Henan Key Laboratory of Network Cryptography Technology(LNCT2019-S02)
  • 摘要:

    基于代换–置换网络结构的轻量级分组密码算法PUFFIN在资源受限的硬件环境中使用较广泛,差分故障攻击是针对硬件密码算法较为有效的攻击手段。该文针对PUFFIN算法,改进多比特故障模型,通过构建输出差分和可能输入值之间的关系,注入5次故障即可确定单个S盒唯一输入值;在最后一轮加密过程中注入10次故障,成功恢复轮密钥的概率为78.64%,进而可恢复初始密钥。

  • 图  1  PUFFIN算法轮密钥恢复概率

    表  1  S盒映射(16进制表示)

    x0123456789ABCDEF
    S(x)D7329AC1F45E60B8
    下载: 导出CSV

    表  2  P64置换

    0 1 2 3 4 5 6 7
    0 132605051271036
    1 25732611494719
    2 3453162257204841
    3 95263162302811
    4 371758833444659
    5 2455633856391523
    6 14452618544245
    7 213540312294364
    下载: 导出CSV

    表  3  PUFFIN密钥扩展算法

     输入:初始密钥$K$。
     输出:轮密钥${{\rm RK}_i}$, $i \in 1,2, ···,33$。
     (1) 依据轮密钥选择表,从$K$提取64 bit的第1轮轮密钥${\rm{R}}{{\rm{K}}_1}$, 轮
       密钥选择表见文献[1];
     (2) for i in range(2~33), do
     (3)   依据密钥状态置换表,更新主密钥$K$,密钥状态置换表
         见文献[1];
     (4)   if $i \ne (2,5,6,8)$, do
     (5)     翻转主密钥$K$第0, 1, 2, 4个比特;
     (6)  end
     (7)   依据轮密钥选择表,从$K$提取64 bit的第$i$轮轮密钥${\rm{R}}{{\rm{K}}_i}$;
     (8) end
     (9) return ${\rm{R}}{{\rm{K}}_i}$.
    下载: 导出CSV

    表  4  PUFFIN算法S盒差分分布表

    $f$输入差分固定情况下输出差分与输入值的对应关系
    1$f'$136ABD
    $a$2,34,5,E,FC,D0,18,9,A,B6,7
    2$f'$58ABDE
    $a$1,3,4,6D,F8,9,A,B5,7C,E0,2
    3$f'$1468BEF
    $a$8,9,A,B1,25,64,7D,EC,F0,3
    4$f'$3469DEF
    $a$3,70,4,9,DB,F8,C1,5A,E2,6
    5$f'$257DEF
    $a$2,7,9,CB,E0,5A,F1,3,4,68,D
    6$f'$13468ACE
    $a$0,6A,C8,E1,73,52,49,FB,D
    7$f'$5789BCF
    $a$A,D8,FB,C2,51,3,4,60,79,E
    8$f'$23679ACF
    $a$0,81,92,A6,E7,F5,D3,B4,C
    9$f'$4789ACD
    $a$6,F3,A1,80,4,9,D7,E5,C2,B
    A$f'$12689AC
    $a$7,D4,5,E,F3,90,A1,B6,C2,8
    B$f'$1237CD
    $a$4,5,E,F1,A0,B2,7,9,C6,D3,8
    C$f'$6789ABEF
    $a$4,81,D2,E6,A3,F0,C5,97,B
    D$f'$12459BD
    $a$1,C6,B7,A5,83,E2,F0,4,9,D
    E$f'$23456CF
    $a$3,D6,85,B2,7,9,C0,E4,A1,F
    F$f'$34578CEF
    $a$2,D3,C0,F4,B6,91,E7,85,A
    下载: 导出CSV

    表  5  PUFFIN算法S盒局部差分分布表

    $f$输入差分固定情况下输出差分与输入值的对应关系
    1$f'$136ABD
    $a$2,34,5,E,FC,D0,18,9,A,B6,7
    2$f'$58ABDE
    $a$1,3,4,6D,F8,9,A,B5,7C,E0,2
    4$f'$3469DEF
    $a$3,70,4,9,DB,F8,C1,5A,E2,6
    8$f'$23679ACF
    $a$0,81,92,A6,E7,F5,D3,B4,C
    下载: 导出CSV

    表  6  PUFFIN输出差分表

    输出差分$f'$可能的输入值集合
    12, 3
    20, 8
    31, 3, 4, 5, 7, 9, E, F
    40,4,9,D
    51, 3, 4, 6
    62, A, B, C, D, F
    76,E
    8D, F
    97, 8, C, F
    A0, 1, 5, 8, 9, A, B, D
    B5, 7, 8, 9, A, B
    C3, B
    D1, 5, 6, 7, C, E
    E0, 2, A, E
    F2, 4, 6, C
    下载: 导出CSV

    表  7  PUFFIN算法10次故障注入以内单个S盒输入值恢复情况

    $L$2345678910
    ${N_L}$7656429321338057556240324987412401946020389796
    ${N'_L}$6318349313353663102632929584855308491
    $P$0.550.760.860.910.940.960.970.980.99
    下载: 导出CSV
  • CHENG Huiju, HEYS H M, and WANG Cheng. Puffin: A novel compact block cipher targeted to embedded digital systems[C]. The 11th EUROMICRO Conference on Digital System Design Architectures, Methods and Tools, Parma, 2008: 383–390. doi: 10.1109/DSD.2008.34.
    BIHAM E, SHAMIR A. Differential cryptanalysis of DES-like cryptosystems[J]. Journal of Cryptology, 1991, 4(1): 3–72. doi: 10.1007/bf00630563
    MATSUI M. Linear Cryptanalysis Method for DES Cipher[M]. HELLESETH T. Advances in Cryptology - EUROCRYPT ’93. Berlin: Springer, 1994: 386-397. doi: 10.1007/3-540-48285-7_33.
    BIHAM E. New types of cryptanalytic attacks using related keys[C]. The Workshop on the Theory and Application of Cryptographic Techniques, Berlin, Germany, 1994: 398–409.
    MOORE J H and SIMMONS G J. Cycle structure of the DES for keys having palindromic (or Antipalindromic) sequences of round keys[J]. IEEE Transactions on Software Engineering, 1987, 13(2): 262–273. doi: 10.1109/TSE.1987.233150
    LEANDER G. On linear hulls, statistical saturation attacks, PRESENT and a cryptanalysis of PUFFIN[C]. The 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, ESTOnia, 2011: 303–322. doi: 10.1007/978-3-642-20465-4_18.
    魏悦川, 孙兵, 李超. 一种PUFFIN类SPN型分组密码的积分攻击[J]. 国防科技大学学报, 2010, 32(3): 139–143, 148. doi: 10.3969/j.issn.1001-2486.2010.03.026

    WEI Yuechuan, SUN Bing, and LI Chao. An integral attack on PUFFIN and PUFFIN-like SPN Cipher[J]. Journal of National University of Defense Technology, 2010, 32(3): 139–143, 148. doi: 10.3969/j.issn.1001-2486.2010.03.026
    王永娟, 张诗怡, 王涛, 等. 对MIBS分组密码的差分故障攻击[J]. 电子科技大学学报, 2018, 47(4): 601–605. doi: 10.3969/j.issn.1001-0548.2018.04.020

    WANG Yongjuan, ZHANG Shiyi, WANG Tao, et al. Differential fault attack on block cipher MIBS[J]. Journal of University of Electronic Science and Technology of China, 2018, 47(4): 601–605. doi: 10.3969/j.issn.1001-0548.2018.04.020
    欧庆于, 罗芳, 叶伟伟, 等. 分组密码算法抗故障攻击能力度量方法研究[J]. 电子与信息学报, 2017, 39(5): 1266–1270. doi: 10.11999/JEIT160548

    OU Qingyu, LUO Fang, YE Weiwei, et al. Metric for Defences against fault attacks of block ciphers[J]. Journal of Electronics &Information Technology, 2017, 39(5): 1266–1270. doi: 10.11999/JEIT160548
    李卷孺, 谷大武. PRESENT算法的差分故障攻击[C]. 中国密码学会2009年会论文集, 广州, 2009: 1–13.

    LI Juanru and GU Dawu. Differential fault attack on PRESENT[C]. inaCrypt2009, Guangzhou, China, 2009: 1–13.
    GAO Yang, WANG Yongjuan, YUAN Qingjun, et al. Probabilistic analysis of differential fault attack on MIBS[J]. IEICE Transactions on Information and Systems, 2019, 102(2): 299–306. doi: 10.1587/transinf.2018EDP7168
    GRUBER M and SELMKE B. Differential fault attacks on KLEIN[C]. The 10th International Workshop on Constructive Side-Channel Analysis and Secure Design, Darmstadt, Germany, 2019: 80–95. doi: 10.1007/978-3-030-16350-1_6.
    ANAND R, SIDDHANTI A, MAITRA S, et al. Differential fault attack on SIMON with very few faults[C]. Progress in Cryptology-INDOCRYPT 2018: The 19th International Conference on Cryptology in India, New Delhi, India, 2018: 107–119. doi: 10.1007/978-3-030-05378-9_6.
    GAO Yang, WANG Yongjuan, YUAN Qingjun, et al. Methods of differential fault attack on LBlock with analysis of probability[C]. The 3rd IEEE Advanced Information Technology, Electronic and Automation Control Conference, Chongqing, China, 2018: 474–479. doi: 10.1109/IAEAC.2018.8577744.
    AGOYAN M, DUTERTRE J M, MIRBAHA A P, et al. Single-bit DFA using multiple-byte laser fault injection[C]. 2010 IEEE International Conference on Technologies for Homeland Security, Waltham, USA, 2010: 113–119. doi: 10.1109/THS.2010.5655079.
    AYATOLAHI F, SANGCHOOLIE B, JOHANSSON R, et al. A Study of the Impact of Single Bit-flip and Double Bit-flip Errors on Program Execution[M]. BITSCH F, GUIOCHET J, and KAÂNICHE M. Computer Safety, Reliability, and Security. Berlin: Springer, 2013: 265–276. doi: 10.1007/978-3-642-40793-2_24.
    SANGCHOOLIE B, PATTABIRAMAN K, and KARLSSON J. One bit is (not) enough: An empirical study of the impact of single and multiple bit-flip errors[C]. The 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Denver, USA, 2017: 97–108.
    高杨, 王永娟, 王磊, 等. 轻量级分组密码算法TWINE差分故障攻击的改进[J]. 通信学报, 2017, 38(S2): 178–184. doi: 10.11959/j.issn.1000-436x.2017274

    GAO Yang, WANG Yongjuan, WANG Lei, et al. Improvement Differential fault attack on TWINE[J]. Journal on Communications, 2017, 38(S2): 178–184. doi: 10.11959/j.issn.1000-436x.2017274
  • 加载中
图(1) / 表(7)
计量
  • 文章访问数:  3043
  • HTML全文浏览量:  1185
  • PDF下载量:  82
  • 被引次数: 0
出版历程
  • 收稿日期:  2019-07-05
  • 修回日期:  2020-01-23
  • 网络出版日期:  2020-02-25
  • 刊出日期:  2020-06-22

目录

    /

    返回文章
    返回