对ABC算法的差分错误攻击

Differential Fault Analysis of ABC

下载PDF

导出

摘要 2002年Klimov和Shamir提出了一类新的非线性函数——T函数,2005年Anashin等人利用一类单字单圈T函数作为主要驱动部件,设计了面向软件实现的ABC流密码算法参与e STREAM计划的征集.根据对ABC算法已有的攻击结果,在弱密钥情况下,可以利用快速相关攻击获得组件A的状态,所以本文主要研究了在已知组件A状态的前提下,组件B与C对差分错误攻击的安全性.攻击利用面向比特的错误模型,在不同时刻向组件B的输出状态注入单比特错误.然后根据正确的输出密钥字与错误的输出密钥字,结合差分分析技术,通过组件C建立起不同时刻组件B状态之间的关系.分析结果显示通过192个错误密钥字和160个正确密钥字可以建立含5个状态方程的方程组;然后根据单圈T函数的性质,本文设计了逐比特求解该方程组的算法,平均得到192组候选解;最后利用正确密钥字对候选解进行筛选.从而使恢复组件B和C的数据复杂度从2^(17.5)降为2^(8.46),计算复杂度从2^(32.84)降为2^(16.32),本文结论显示ABC对于差分错误攻击是不安全的. In 2002 Klimov and Shamir proposed a new class of nonlinear function called T-functions. Then in 2005, Anashin et al. submitted ABC algorithm to the e STREAM Project. ABC is a software-oriented stream cipher which uses a class of single cycle T-functions as its driving part. According to the attack results of ABC, we can apply fast correlation attack to recover the state of component A under the condition of weak keys. Assuming that the state of component A is already known, we analyze the resistance of components B and C against differential fault attack. Bit based fault model is built to inject single bit faults to the output states of component B in different moments. According to the correct and errorous keystream words, we make use of differential analysis techniques to obtain the relationship of component B in different moments by means of component C. The analysis results show that 5 state equations can be established by 192 errorous keystream words and 160 correct keystream words. After that, an algorithm based on the properties of single cycle T-function is designed to solve the equations bit by bit. At last the correct keystream words are used to select the average 192 candidate solutions obtained by the algorithm. The data complexity recovering component B and C reduces from 2^(17.5) to 2^(8.46), and the computational complexity reduces from 2^(32.84) to 2^(16.32). The result shows that ABC stream cipher is not safe against differential fault analysis.

作者王森鹏胡斌刘燕

机构地区信息工程大学

出处《密码学报》 CSCD 2015年第6期549-558,共10页 Journal of Cryptologic Research

基金国家自然科学基金项目(61272041 61502532)

关键词差分错误攻击 ABC流密码算法 T函数单圈性 differential fault attack ABC stream cipher T function single cycle

分类号 TN918.1 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献13

1Biham E,Shamir A.Differential Fault Analysis of Secret Key Cryptosystems. CRYPTO 97 . 1997
2Karmakar S,Chowdhury D R.Differential fault analysis of mickey-128 2.0. 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography—FDTC . 2013
3ZHANG HaiNa,LI Lin,WANG XiaoYun.Fast correlation attack on streamcipher ABC v3[J].Science in China(Series F),2008,51(7):936-947. 被引量：7
4Vladimir Anashin,Andrei Khrennikov,Ekaterina Yurova.??T-functions revisited: new criteria for bijectivity/transitivity(J)Designs, Codes and Cryptography . 2014 (3)
5H. Wu,B. Preneel.Cryptanalysis of the Stream Cipher ABC v2. Selected Areas in Cryptography - SAC 2006 . 2007
6Dey P,Adhikari A.Improved multi-bit differential fault analysis of Trivium. Progress in Cryptology—INDOCRYPT2014 . 2014
7Roy D,Chaturvedi A,Mukhopadhyay S.New constructions of T-function. Information Security Practice and Experience . 2015
8Anashin V,Bogdanov A,Kizhvatov I,et al.ABC:A new fast flexible stream cipher(R/OL)eSTREAM,ECRYPT Stream Cipher Project.Report 2005 /001 . 2005
9Shahram K.Divide and conquer attack on ABC stream ci- pher. eSTREAM,ECRYPT Stream Cipher Project,Report . 2005
10C. Berbain,H. Gilbert.Cryptanalysis of ABC. ECRYPT Stream Cipher Project Report 2005 /48 . 2005

二级参考文献11

1Willi Meier,Othmar Staffelbach.Fast correlation attacks on certain stream ciphers[J].Journal of Cryptology.1989(3)
2Anashin V,Bogdanov A,Kizhvatov I.ABC—-a new fast flexible stream cipher specification, version 3. http:// www.ecrypt.eu.org/stream/p2ciphe-rs/abc/abc p2.pdf .
3Anashin V,Bogdanov A,Kizhvatov I, et al.ABC: A new fast flexible stream cipher. http://www.ecrypt.eu.org/ stream/ciphers/abc/abc.pdf .
4Berbain C,Gilbert H.Cryptanalysis of ABC. http://www.ecrypt.eu.org/stream/papersdir/048.pdf .
5Khazaei S.Divide and conquer attack on ABC stream cipher. http://www.ecrypt.eu.org/stream/papersdir/052.pdf .
6http://crypto.rsuh.ru/papers/abc-spec-v2.pdf .
7http://www.ecrypt.eu.org/stream/papersdir/2006/029.pdf .
8Zhang H N,Wang S H,Wang X Y.Two linear expressions with probability advantages in symmetric ciphers. http://www.ecrypt.eu.org/strea-m/papersdir/2006/046.pdf .
9Meier W,Staffelbach O.Fast correlation attacks on stream ciphers[].Journal of Cryptology.1989
10Anashin V,Bogdanov A,Kizhvatov I.Increasing the ABC stream cipher period. http://www.ecrypt.eu.org/ stream/ papersdir/050.pdf .

共引文献7

1王后珍,张焕国,伍前红,张雨,李春雷,张欣雨.多变量Hash函数的构造理论与方法[J].中国科学：信息科学,2010,40(10):1299-1311. 被引量：4
2周亮,李胜强.流密码与纠错码联合设计新方向——快速相关攻击译码算法研究进展[J].电子科技大学学报,2009,38(5):555-561. 被引量：6
3WANG HouZhen,ZHANG HuanGuo,WU QianHong,ZHANG Yu,LI ChunLei,ZHANG XinYu.Design theory and method of multivariate hash function[J].Science China(Information Sciences),2010,53(10):1977-1987. 被引量：8
4吕喜在,苏绍璟,黄芝平.一种新的自同步扰码多项式盲恢复方法[J].兵工学报,2011,32(6):680-685. 被引量：9
5黄芝平,周靖,苏绍璟,刘纯武,吕喜在.基于游程统计的自同步扰码多项式阶数估计[J].电子科技大学学报,2013,42(4):541-545. 被引量：12
6陆正福,杨慧慧,周宪法.基于分类搜索与快速变换的流密码攻击算法[J].实验室研究与探索,2019,38(4):90-93.
7叶晨东,田甜.Grain-v1的多比特差分故障攻击[J].密码学报,2016,3(3):258-269. 被引量：2

1唐桂明.三值树型电路的简化与综合[J].电子学报,1991,19(6):111-115. 被引量：1
2刘双根,李欢,李发根.针对椭圆曲线密码的差分错误攻击研究综述[J].现代电子技术,2016,39(19):63-66. 被引量：1
3罗小建,胡斌,郝珊珊,张翀.单圈T函数输出序列的稳定性研究[J].电子与信息学报,2011,33(10):2328-2333.
4罗小建,胡斌.单圈T函数输出序列k-错线性复杂度研究[J].电子与信息学报,2011,33(7):1765-1769.
5王璐,胡予濮,张振广.一种针对Grain-v1的新差分错误攻击[J].计算机科学,2011,38(8):80-82. 被引量：3
6刘燕,胡斌.一类改进的T函数生成序列构造方法研究[J].密码学报,2014,1(6):513-524.
7何良生,吴舜皋.关于广义e—Bent函数的注记[J].密码与信息,1994(1):37-40. 被引量：1
8王艳,胡予濮,袁峰.T函数生成的非线性伪随机序列的自相关性[J].北京邮电大学学报,2011,34(2):104-107.
9余昭平.Near-Bent函数的性质研究[J].信息安全与通信保密,1998,20(3):59-62. 被引量：1
10罗小建,胡斌.T函数的圈结构特征[J].计算机科学,2011,38(4):137-140.

密码学报

2015年第6期

浏览历史

内容加载中请稍等...

对ABC算法的差分错误攻击

参考文献13

二级参考文献11

共引文献7

相关作者

相关机构

相关主题

浏览历史