针对SM4算法的约减轮故障攻击

doi:10.11959/j.issn.1000-436x.2016254

通信学报 ›› 2016, Vol. 37 ›› Issue (Z1): 98-103.doi: 10.11959/j.issn.1000-436x.2016254

针对SM4算法的约减轮故障攻击

王敏,吴震,饶金涛,凌杭

成都信息工程大学信息安全工程学院，四川成都 610225

出版日期:2016-10-25 发布日期:2017-01-17
基金资助:
“核高基”国家科技大专项基金资助项目;国家高技术研究发展计划（“863”计划）基金资助项目;四川省科技支撑计划基金资助项目;四川省教育厅重点科研基金资助项目;成都信息工程大学科研人才基金资助项目

Round reduction-based fault attack on SM4 algorithm

Min WANG,Zhen WU,Jin-tao RAO,Hang LING

College of Information Security Engineering,Chengdu University of Information Technology,Chengdu 610225,China

Online:2016-10-25 Published:2017-01-17
Supported by:
The National Science and Technology Major Project of Hegaoji;The National High Technology Research and Development Program (863 Program);The Key Technology Research and Devel-opment Program of Sichuan Province;The Major Scientific Research of Sichuan Educational Commission;The Scientific Research Talent Fund of CUIT

摘要/Abstract

摘要：

提出了一种新型的针对 SM4算法的约减轮故障攻击，该攻击在加密算法的后4轮中导入故障，诱导缩减加密算法的迭代轮数，经过对故障数据的简单筛选，最终仅需4个错误密文即可恢复出完整的128 bit初始密钥，从而实现了对SM4的故障注入攻击。利用该方法对无防护SM4算法的能量曲线进行了实际故障注入攻击的实验表明，该攻击方法行之有效，并简化了现有针对SM4的差分故障攻击方法，提高了攻击效率。

关键词: SM4算法, 故障注入, 约减轮, 故障样本筛选, 分组密码

Abstract:

A novel method of fault attack based on round reduction against SM4 algorithm was proposed.Faults were in-jected into the last four rounds of the SM4 encryption algorithm,so that the number of the algorithm's rounds can be re-duced.In known-ciphertext scenario,four traces are enough to recover the total 128 bit master key by screening these faults easily.The proposed attack is made to an unprotected SM4 smart card.Experiment shows that this attack method is efficient,and which not only simplifies the existing differential fault attack,but also improves the feasibility of the attack.

Key words: SM4 algorithm, fault injection, round reduction, fault sample selection, block cipher

王敏,吴震,饶金涛,凌杭. 针对SM4算法的约减轮故障攻击[J]. 通信学报, 2016, 37(Z1): 98-103.

Min WANG,Zhen WU,Jin-tao RAO,Hang LING. Round reduction-based fault attack on SM4 algorithm[J]. Journal on Communications, 2016, 37(Z1): 98-103.

图/表 5

参考文献 14

[1]	国家商用密码管理办公室. 无线局域网产品使用的 SMS4密码算法[EB/OL]. , 2006.National office of business password management. SMS4 cipher algo-rithm for wireless local area network products[EB/OL]. , 2006.
[2]	DAN B , RICHARD A , DEMILLO R , et al. On the importance of checking cryptographic protocols for faults[C]// 1997:1175-1213.
[3]	BIHAM E , SHAMIR A . Differential fault analysis of secret key cryptosystems[J]. Lncs, 1999,1294:513-525.
[4]	JOHANNES , JEAN P S . Fault based cryptanalysis of the advanced encryption standard (AES)[M]. Springer Berlin Heidelberg, 2002:162-181.
[5]	PIRET G , QUISQUATER J J . A differential fault attack technique against spn structures,with application to the AES and khazad[C]//Cryptographic Hardware and Embedded Systems-CHES 2003, International workshop. 2003:77-88.
[6]	KIRCANSKI A , YOUSSEFA M . Differential fault analysis of HC-128[C]//Progress in Cyptology-africacrypt 2010, Third International Conference on Cryptology in Africa, 2010:261-278.
[7]	INGRID B , BERND M , VOLKER M . Differential fault attacks on elliptic curve cryptosystems[M]. Springer Berlin Heidelberg, 2000:131-146.
[8]	张蕾，吴文玲 . SMS4密码算法的差分故障攻击[J]. 计算机学报， 2006,29(9):1596-1602. ZHANG L , WU W L . Differential fault analysis on SMS4[J]. Chinese Journal of Computers, 2006,29(9):1596-1602.
[9]	LI W , GU D . An improved method of differential fault analysis on the SMS4 cryptosystem[C]//International Symposium on Data Privacy,and E-commerce. 2007:156-180.
[10]	李玮，谷大武 . 基于密钥编排故障的SMS4算法的差分故障分析[J]. 通信学报， 2008,29(10):135-142. LI P , GU D W . Differential fault analysis on the SMS4 cipher by inducing faults to the key schedule[J]. Journal on Communications, 2008,29(10):135-142.
[11]	LI R L , SUN B , LI C , et al. Differential fault analysis on SMS4 using a single fault[J]. Information Processing Letters, 2011,111(4): 156-163.
[12]	荣雪芳，吴震，王敏，等. 基于随机故障注入的SM4差分故障攻击方法[J]. 计算机工程， 2016,42(7):129-133. RONG X F , WU Z , WANG M , et al. Differential fault attack method on sm4 based on random fault injection[J]. Computer Engineering, 2016,42(7):129-133.
[13]	ROSS A , MARKUS K . Low cost attacks on tamper resistant devices[C]. Springer, 1997:125-136.
[14]	HAMID C , MICHAEL T . Round reduction using faults[J]. FDTC, 2005,5:13-24.

设备	说明
基础设备	智能卡+Riscure Power Tracer
数字示波器	WaveRunner 6 Zi Oscilloscopes
故障注入	Riscure VC Glitcher
侧信道分析	Riscure Inspector
服务器	DELL PowerEdge T330

[1]	胡斌, 谈潇, 王森鹏. 基于分治策略的SAT差分自动化搜索算法及其应用[J]. 通信学报, 2023, 44(4): 137-144.
[2]	杜少宇. 积分攻击改进——随机线性区分与密钥恢复攻击[J]. 通信学报, 2023, 44(4): 145-153.
[3]	刘正斌, 李永强, 朱朝熹. 分组密码最小活跃S盒个数快速搜索算法[J]. 通信学报, 2023, 44(1): 118-128.
[4]	李曼曼, 陈少真. 改进的减轮Kiasu-BC算法的中间相遇攻击[J]. 通信学报, 2022, 43(7): 41-48.
[5]	蒋梓龙, 金晨辉. Saturnin算法的不可能差分分析[J]. 通信学报, 2022, 43(3): 53-62.
[6]	谢敏,李嘉琪,田峰. FeW的差分故障攻击[J]. 通信学报, 2020, 41(4): 143-149.
[7]	武小年,李迎新,韦永壮,孙亚平. GRANULE和MANTRA算法的不可能差分区分器分析[J]. 通信学报, 2020, 41(1): 94-101.
[8]	谢敏,田峰,李嘉琪. TWINE算法的相关密钥不可能飞来去器攻击[J]. 通信学报, 2019, 40(9): 184-192.
[9]	沈煜,李玮,谷大武,吴益鑫,曹珊,刘亚,刘志强,周志洪. ARIA密码的积分故障分析[J]. 通信学报, 2019, 40(2): 164-173.
[10]	高杨,王永娟,王磊,王涛. 轻量级分组密码算法TWINE差分故障攻击的改进[J]. 通信学报, 2017, 38(Z2): 178-184.
[11]	谢敏,牟彦利. LBlock算法的相关密钥不可能飞来去器分析[J]. 通信学报, 2017, 38(5): 66-71.
[12]	崔杰,左海风,仲红. 对轻量级分组密码I-PRESENT-80和I-PRESENT-128的biclique攻击[J]. 通信学报, 2017, 38(11): 13-23.
[13]	王永娟,任泉宇,张诗怡. 轻量级分组密码Klein的差分故障攻击[J]. 通信学报, 2016, 37(Z1): 111-115.
[14]	黄静,赵新杰,张帆,郭世泽,周平,陈浩,杨建. PRESENT代数故障攻击的改进与评估[J]. 通信学报, 2016, 37(8): 144-156.
[15]	李荣佳,金晨辉. FOX算法的中间相遇攻击[J]. 通信学报, 2016, 37(8): 185-190.

针对SM4算法的约减轮故障攻击

Round reduction-based fault attack on SM4 algorithm

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 14

相关文章 15

Metrics

推荐阅读 0