PRIDE轻量级密码的不可能统计故障分析

Impossible statistical fault analysis of the PRIDE lightweight cryptosystem

针对2014年美密会上提出的PRIDE轻量级密码的实现安全,提出了面向唯密文攻击假设的新型不可能统计故障分析方法,设计了卡方拟合优度-汉明重量区分器、卡方拟合优度-极大似然估计区分器等新型区分器。所提方法基于随机半字节故障模型,结合统计分布状态和不可能关系分析,围绕导入故障前后中间状态的变化,最少仅需432个故障即可恢复出PRIDE算法的128 bit原始密钥,且成功率达99%及以上。实验分析表明,所提方法不仅能减少故障数和耗时,而且进一步提升了准确率。该结果对轻量级密码的实现安全性提供了重要参考。

To analyze the implementation security of the PRIDE lightweight cryptosystem proposed at CRYPTO in 2014,a novel method of impossible statistical fault analysis on the ciphertext-only attack assumption was proposed.Furthermore,new distinguishers were designed,such as the Chi-square goodness-of-fit test-Hamming weight,and Chi-square goodness-of-fit test-maximum likelihood estimation.The proposed method had a random nibble-oriented fault model,and combined the statistical distribution states with the impossible relationship.On the difference among the intermediate states before and after the fault injections,at least 432 faults were required to recover the 128 bit secret key of PRIDE with a reliability of at least 99%.The experimental analysis demonstrates that the proposed method can not only reduce injected faults and latency,but also increase the accuracy.The results provide a vital reference for exploring the implementation security of lightweight cryptosystems.