轻量级分组密码SIMON代数故障攻击

发布时间：2018-03-14 10:48

本文选题：SIMON　切入点：故障攻击　出处：《计算机应用》2017年07期 　论文类型：期刊论文

【摘要】：针对SIMON现有故障攻击中存在的故障深度小、手工推导复杂等问题,给出一种代数故障攻击(AFA)方法。首先给出SIMON核心运算‘’代数表示方法并构建全轮正确加密代数方程组;其次注入故障并将故障信息表示为代数方程,提供故障已知和故障未知两种模型,给出两种模型故障表示方法;最后利用Crypto Minisat-2.9.6解析器求解方程组恢复密钥。实验结果表明:利用单比特故障对SIMON32/64进行攻击,故障位置选取第26轮,故障已知和未知模型仅需5个和6个故障即可恢复全轮密钥;利用n比特宽度故障对SIMON128/128进行攻击,故障位置选取第65轮,两种模型均只需2个故障即可恢复全轮密钥。此外,对比故障已知和未知模型发现,随故障数递增密钥求解时间的决定因素将由故障信息量变为方程组计算量。
[Abstract]:Aiming at the problems of low fault depth and complicated manual derivation in the existing SIMON fault attack, an algebraic fault attack method is presented. Firstly, the representation method of the SIMON kernel operation 'algebra is presented and the correct algebraic equations are constructed. Secondly, the fault is injected and the fault information is expressed as an algebraic equation, which provides two kinds of models, known fault and unknown fault, and gives two methods of fault representation. Finally, the Crypto Minisat-2.9.6 parser is used to solve the system of equations to recover the key. The experimental results show that the single-bit fault is used to attack the SIMON32/64, and the fault location is selected to select the 26th round, and only 5 and 6 faults are needed to recover the full wheel key of the known and unknown model. Using n-bit width fault to attack SIMON128/128, the fault location is selected for the 65th round, both models need only 2 faults to recover the full wheel key. In addition, comparing the known and unknown fault models, we find that, As the number of faults increases, the key solving time will change from the amount of fault information to the computation of equations.
【作者单位】：军械工程学院信息工程系;
【基金】：国家自然科学基金资助项目(61272491,61309021,61472357)~~
【分类号】：TN918.1

【相似文献】