摘要
Piccolo算法是CHES 2011上提出的一个轻量级分组密码算法,它的分组长度为64-bit,密钥长度为80/128-bit,对应迭代轮数为25/31轮.Piccolo算法采用一种广义Feistel结构的变种,轮变换包括轮函数S-P-S和轮置换RP,能够较好地抵抗差分分析、线性分析等传统密码攻击方法.该文将Piccolo算法的S-P-S函数视为超级S盒(Super Sbox),采用面向半字节的随机故障模型,提出了一种针对Piccolo-80算法的差分故障分析方法.理论分析和实验结果表明:通过在算法第24轮输入的第1个和第3个寄存器各诱导1次随机半字节故障,能够将Piccolo-80算法的密钥空间缩小至约22-bit.因此,为安全使用Piccolo算法,在其实现时必须做一定的防护措施.
Piccolo was proposed at CHES 2011 as a lightweight block cipher with block size 64- bit. The key size of Piccolo is 80-bit/128-bit, and the corresponding round number is 25/31. Pic- colo adopts a variant of generalized Feistel structure, and its round transformation consists of the round function S-P-S and the round permutation PR. The designers show that Piccolo is resistant against most classical attacks, such as differential and linear cryptanalysis. This paper presents a first differential fault analysis on Piccolo-80 based on the random nibble-oriented fault model by treating the S-P-S function as a Super Sbox. Both the theoretical analysis and the experimental result demonstrate that the key space can be reduced from 80-bit to about 22-bit by injecting a fault at the first and third register in the 24th input respectively. This indicates that cryptograph- ic devices supporting Piccolo should be carefully protected.
出处
《计算机学报》
EI
CSCD
北大核心
2012年第9期1918-1926,共9页
Chinese Journal of Computers
基金
国家自然科学基金(61103192
61070215)
信息安全国家重点实验室开放基金(01-02-5)资助~~