Due to the strong attacking ability, fast speed, simple implementation and other characteristics, differential fault analysis has become an important method to evaluate the security of cryptosystem in the Internet of ...Due to the strong attacking ability, fast speed, simple implementation and other characteristics, differential fault analysis has become an important method to evaluate the security of cryptosystem in the Internet of Things. As one of the AES finalists, the Serpent is a 128-bit Substitution-Permutation Network(SPN) cryptosystem. It has 32 rounds with the variable key length between 0 and 256 bits, which is flexible to provide security in the Internet of Things. On the basis of the byte-oriented model and the differential analysis, we propose an effective differential fault attack on the Serpent cryptosystem. Mathematical analysis and simulating experiment show that the attack could recover its secret key by introducing 48 faulty ciphertexts. The result in this study describes that the Serpent is vulnerable to differential fault analysis in detail. It will be beneficial to the analysis of the same type of other iterated cryptosystems.展开更多
KLEIN-64 is a lightweight block cipher designed for resource-constrained environment,and it has advantages in software performance and hardware implementation.Recent investigation shows that KLEIN-64 is vulnerable to ...KLEIN-64 is a lightweight block cipher designed for resource-constrained environment,and it has advantages in software performance and hardware implementation.Recent investigation shows that KLEIN-64 is vulnerable to differential fault attack(DFA).In this paper,an improved DFA is performed to KLEIN-64.It is found that the differential propagation path and the distribution of the S-box can be fully utilized to distinguish the correct and wrong keys when a half-byte fault is injected in the 10th round.By analyzing the difference matrix before the last round of S-box,the location of fault injection can be limited to a small range.Thus,this improved analysis can greatly improve the attack efficiency.For the best case,the scale of brute-force attack is only 256.While for the worst case,the scale of brute-force attack is far less than 232 with another half byte fault injection,and the probability for this case is 1/64.Furthermore,the measures for KLEIN-64 in resisting the improved DFA are proposed.展开更多
Feather weight(FeW)cipher is a lightweight block cipher proposed by Kumar et al.in 2019,which takes 64 bits plaintext as input and produces 64 bits ciphertext.As Kumar et al.said,FeW is a software oriented design with...Feather weight(FeW)cipher is a lightweight block cipher proposed by Kumar et al.in 2019,which takes 64 bits plaintext as input and produces 64 bits ciphertext.As Kumar et al.said,FeW is a software oriented design with the aim of achieving high efficiency in software based environments.It seems that FeW is immune to many cryptographic attacks,like linear,impossible differential,differential and zero correlation attacks.However,in recent work,Xie et al.reassessed the security of FeW.More precisely,they proved that under the differential fault analysis(DFA)on the encryption states,an attacker can completely recover the master secret key.In this paper,we revisit the block cipher FeW and consider the DFA on its key schedule algorithm,which is rather popular cryptanalysis for kinds of block ciphers.In particular,by respectively injected faults into the 30th and 29th round subkeys,one can recover about 55/80~69%bits of master key.Then the brute force searching remaining bits,one can obtain the full master secret key.The simulations and experiment results show that our analysis is practical.展开更多
Substitution permutation network (SPN) is one important structure of block cipher cryptosystems. Prior work has shown different fault analyses on SPN. The formalization of fault analysis of both attack and protect on ...Substitution permutation network (SPN) is one important structure of block cipher cryptosystems. Prior work has shown different fault analyses on SPN. The formalization of fault analysis of both attack and protect on SPN have been given. The overhead and time tolerance of fault detection have been discussed. The pseudo-blinding method to detect fault attack is introduced, and the balance of the security, overhead and time tolerance based on the evaluation could be made.展开更多
This article proposes an enhanced differential fault analysis(DFA) method named as fault-propagation pattern-based DFA(FPP-DFA).The main idea of FPP-DFA is using the FPP of the ciphertext difference to predict the...This article proposes an enhanced differential fault analysis(DFA) method named as fault-propagation pattern-based DFA(FPP-DFA).The main idea of FPP-DFA is using the FPP of the ciphertext difference to predict the fault location and the fault-propagation path.It shows that FPP-DFA is very effective on SPN structure block ciphers using bitwise permutation,which is applied to two block ciphers.The first is PRESENT with the substitution permutation sequence.With the fault model of injecting one nibble fault into the r-2nd round,on average 8 and 16 faults can reduce the key search space of PRESENT-80/128 to 214.7 and 221.1,respectively.The second is PRINTcipher with the permutation substitution sequence.For the first time,it shows that although the permutation of PRINTcipher is secret key dependent,FPP-DFA still works well on it.With the fault model of injecting one nibble fault into the r-2nd round,12 and 24 effective faults can reduce the key search space of PRINTcipher-48/96 to 213.7 and 222.8,respectively.展开更多
基金supported by the National Natural Science Foundation of China under Grant No.61003278,No.61073150 and No.61202371Innovation Program of Shanghai Municipal Education Commission under Grant No.14ZZ066+5 种基金the open research fund of State Key Laboratory of Information Securitythe Opening Project of Shanghai Key Laboratory of Integrate Administration Technologies for Information Securitythe Fundamental Research Funds for the Central Universities,National Key Basic Research Program of China under Grant No.2013CB338004China Postdoctoral Science Foundation under Grant No.2012M521829Shanghai Postdoctoral Research Funding Program under Grant No.12R21414500the National Social Science Foundation of China under Grant No.13CFX054
文摘Due to the strong attacking ability, fast speed, simple implementation and other characteristics, differential fault analysis has become an important method to evaluate the security of cryptosystem in the Internet of Things. As one of the AES finalists, the Serpent is a 128-bit Substitution-Permutation Network(SPN) cryptosystem. It has 32 rounds with the variable key length between 0 and 256 bits, which is flexible to provide security in the Internet of Things. On the basis of the byte-oriented model and the differential analysis, we propose an effective differential fault attack on the Serpent cryptosystem. Mathematical analysis and simulating experiment show that the attack could recover its secret key by introducing 48 faulty ciphertexts. The result in this study describes that the Serpent is vulnerable to differential fault analysis in detail. It will be beneficial to the analysis of the same type of other iterated cryptosystems.
基金This work was supported in part by project supported by National Natural Science Foundation of China(Grant Nos.U1936115,61572182).
文摘KLEIN-64 is a lightweight block cipher designed for resource-constrained environment,and it has advantages in software performance and hardware implementation.Recent investigation shows that KLEIN-64 is vulnerable to differential fault attack(DFA).In this paper,an improved DFA is performed to KLEIN-64.It is found that the differential propagation path and the distribution of the S-box can be fully utilized to distinguish the correct and wrong keys when a half-byte fault is injected in the 10th round.By analyzing the difference matrix before the last round of S-box,the location of fault injection can be limited to a small range.Thus,this improved analysis can greatly improve the attack efficiency.For the best case,the scale of brute-force attack is only 256.While for the worst case,the scale of brute-force attack is far less than 232 with another half byte fault injection,and the probability for this case is 1/64.Furthermore,the measures for KLEIN-64 in resisting the improved DFA are proposed.
基金supported in part by the Foundation of State Key Laboratory of Information Security under Grant 2021-MS-04in part by the Natural Science Foundation of Shaanxi Province under grant 2022-JM-365.
文摘Feather weight(FeW)cipher is a lightweight block cipher proposed by Kumar et al.in 2019,which takes 64 bits plaintext as input and produces 64 bits ciphertext.As Kumar et al.said,FeW is a software oriented design with the aim of achieving high efficiency in software based environments.It seems that FeW is immune to many cryptographic attacks,like linear,impossible differential,differential and zero correlation attacks.However,in recent work,Xie et al.reassessed the security of FeW.More precisely,they proved that under the differential fault analysis(DFA)on the encryption states,an attacker can completely recover the master secret key.In this paper,we revisit the block cipher FeW and consider the DFA on its key schedule algorithm,which is rather popular cryptanalysis for kinds of block ciphers.In particular,by respectively injected faults into the 30th and 29th round subkeys,one can recover about 55/80~69%bits of master key.Then the brute force searching remaining bits,one can obtain the full master secret key.The simulations and experiment results show that our analysis is practical.
基金National Natural Science Foundation ofChina(No.60573031)Foundation of Na-tional Laboratory for Modern Communica-tions(No.51436060205JW0305)Founda-tion of Senior Visiting Scholarship of Fu-dan University
文摘Substitution permutation network (SPN) is one important structure of block cipher cryptosystems. Prior work has shown different fault analyses on SPN. The formalization of fault analysis of both attack and protect on SPN have been given. The overhead and time tolerance of fault detection have been discussed. The pseudo-blinding method to detect fault attack is introduced, and the balance of the security, overhead and time tolerance based on the evaluation could be made.
基金Supported by the National Natural Science Foundation ofChina (60772082,61173191,and 61272491)
文摘This article proposes an enhanced differential fault analysis(DFA) method named as fault-propagation pattern-based DFA(FPP-DFA).The main idea of FPP-DFA is using the FPP of the ciphertext difference to predict the fault location and the fault-propagation path.It shows that FPP-DFA is very effective on SPN structure block ciphers using bitwise permutation,which is applied to two block ciphers.The first is PRESENT with the substitution permutation sequence.With the fault model of injecting one nibble fault into the r-2nd round,on average 8 and 16 faults can reduce the key search space of PRESENT-80/128 to 214.7 and 221.1,respectively.The second is PRINTcipher with the permutation substitution sequence.For the first time,it shows that although the permutation of PRINTcipher is secret key dependent,FPP-DFA still works well on it.With the fault model of injecting one nibble fault into the r-2nd round,12 and 24 effective faults can reduce the key search space of PRINTcipher-48/96 to 213.7 and 222.8,respectively.
