摘要
针对SIMON现有故障攻击中存在的故障深度小、手工推导复杂等问题,给出一种代数故障攻击(AFA)方法。首先给出SIMON核心运算‘&’代数表示方法并构建全轮正确加密代数方程组;其次注入故障并将故障信息表示为代数方程,提供故障已知和故障未知两种模型,给出两种模型故障表示方法;最后利用Crypto Minisat-2.9.6解析器求解方程组恢复密钥。实验结果表明:利用单比特故障对SIMON32/64进行攻击,故障位置选取第26轮,故障已知和未知模型仅需5个和6个故障即可恢复全轮密钥;利用n比特宽度故障对SIMON128/128进行攻击,故障位置选取第65轮,两种模型均只需2个故障即可恢复全轮密钥。此外,对比故障已知和未知模型发现,随故障数递增密钥求解时间的决定因素将由故障信息量变为方程组计算量。
To solve the problems of small fault depth and complex manual deduction in previous fault attacks on SIMON, an Algebraic Fault Attack (AFA) method was proposed. Firstly, Correct equations of full-round SIMON encryption was established based on the algebraic representation of SIMON core operation ' &'. Then faults were injected into the internal states and two models were provided for fault representation based on whether attackers knew the exact fault information or not. Finally, a CryptoMinisat-2.9.6 solver was used for round-keys recovery. The simulation results show that the fault-known and fault-unknown model need 5 and 6 faults to recover the entire key set with single-bit faults injected in the 26th round of SIMON32/64. As for SIMON128/128, two models both need only 2 faults to recover the entire key set with n-bit length faults injected in the 65th round. Moreover, it can be found that the influencing factor of average solving time will change from fault information to computation with fault number growing.
出处
《计算机应用》
CSCD
北大核心
2017年第7期1953-1959,共7页
journal of Computer Applications
基金
国家自然科学基金资助项目(61272491
61309021
61472357)~~
