• 学术论文 •

### LiCi密码的差分故障攻击

1. 1 电子科技大学信息与通信工程学院，四川 成都 611731
2 电子科技大学格拉斯哥学院，四川 成都 611731
• 修回日期:2020-12-07 出版日期:2021-04-01 发布日期:2021-04-01
• 作者简介:陈伟建（1956- ），男，浙江杭州人，电子科技大学教授，主要研究方向为无线与移动通信、物联网信息安全、密码学理论与技术。
罗皓翔（1999-），男，四川成都人，主要研究方向为密码学理论、区块链技术。
• 基金资助:
电子科技大学创新创业院长基金(2019007)

### Differential fault attack on LiCi cipher

Weijian CHEN1, Haoxiang LUO2

1. 1 School of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China
2 Glasgow College, University of Electronic Science and Technology of China, Chengdu 611731, China
• Revised:2020-12-07 Online:2021-04-01 Published:2021-04-01
• Supported by:
Dean's Fund of Innovation and Entrepreneurship, UESTC(2019007)

LiCi轻量级分组密码算法是2017年提出的一种新型密码算法，其具有结构微小、消耗能量少等优点，适用于物联网等资源受限的环境。在 LiCi 的设计文档中，对该算法抵御差分攻击和线性攻击的能力进行了分析，但LiCi算法对于差分故障攻击的抵抗能力尚未得到讨论。针对LiCi算法每轮迭代的移位规律，在第31轮迭代时的左半侧多次注入单比特故障，结合其差分性质，可以恢复32 bit长度的轮密钥。根据LiCi算法的密钥编排方案，再对第 30、29、28、27、26 轮迭代进行同样的差分故障攻击，最终可以恢复全部原始密钥。该攻击共需要48个单比特故障，计算复杂度为232，说明LiCi算法难以抵抗差分故障攻击。

Abstract:

LiCi lightweight block cipher is a new algorithm proposed in 2017.With advantages of small structure and low energy consumption, LiCi is more suitable for resource-constrained environments such as the internet of things (IoT).In the design document of LiCi, the ability of LiCi algorithm to resist differential attack and linear attack is analyzed, but the resistance of LiCi algorithm to differential fault attack has not been discussed.According to the permutation law of each round iteration of LiCi algorithm, 32-bit key can be recovered by injecting a single bit fault into the left half of the 31st round iteration combined with its differential property.According to the key choreography scheme of the LiCi algorithm, the same differential fault attack was performed on iterations 30th, 29th, 28th, 27th and 26th round to recover all the original keys.The attack requires a total of 48-bit faults, and the computational complexity is 232, which indicates the LiCi algorithm is difficult to resist differential fault attacks.