轻量级密码算法TWINE的唯密文故障分析

doi:10.11959/j.issn.1000-436x.2021039

通信学报 ›› 2021, Vol. 42 ›› Issue (3): 135-149.doi: 10.11959/j.issn.1000-436x.2021039

轻量级密码算法TWINE的唯密文故障分析

李玮¹^,²^,³^,⁴, 汪梦林¹, 谷大武², 李嘉耀¹, 蔡天培¹, 徐光伟¹

¹ 东华大学计算机科学与技术学院，上海 201620
² 上海交通大学计算机科学与工程系，上海 200204
³ 上海交通大学上海市可扩展计算与系统重点实验室，上海 200204
⁴ 上海交通大学上海市信息安全综合管理技术研究重点实验室，上海 200093

修回日期:2020-11-05 出版日期:2021-03-25 发布日期:2021-03-01
作者简介:李玮（1980- ），女，安徽寿县人，博士，东华大学教授、博士生导师，主要研究方向为对称密码的设计与分析。
汪梦林（1998- ），女，河南信阳人，东华大学硕士生，主要研究方向为轻量级密码的安全性分析。
谷大武（1970- ），男，河南漯河人，博士，上海交通大学教授、博士生导师，主要研究方向为密码学和计算机安全。
李嘉耀（1996- ），男，广东广州人，东华大学博士生，主要研究方向为对称密码的故障分析。
蔡天培（1996- ），男，浙江温州人，东华大学硕士生，主要研究方向为对称密码的安全性分析。
徐光伟（1969- ），男，湖南衡阳人，博士，东华大学教授、硕士生导师，主要研究方向为网络与信息安全。
基金资助:
国家自然科学基金资助项目(61772129);国家密码发展基金资助项目(MMJJ20180101);上海市自然科学基金资助项目(19ZR1402000);上海市可扩展计算与系统重点实验室开放课题基金资助项目;上海市信息安全综合管理技术研究重点实验室开放课题基金资助项目

Ciphertext-only fault analysis of the TWINE lightweight cryptogram algorithm

Wei LI¹^,²^,³^,⁴, Menglin WANG¹, Dawu GU², Jiayao LI¹, Tianpei CAI¹, Guangwei XU¹

¹ School of Computer Science and Technology, Donghua University, Shanghai 201620, China
² Department of Computer and Science and Engineering, Shanghai Jiao Tong University, Shanghai 200204, China
³ Shanghai Key Laboratory of Scalable Computing and System, Shanghai Jiao Tong University, Shanghai 200204, China
⁴ Shanghai Key Laboratory of Integrate Administration Technologies for Information Security, Shanghai Jiao Tong University, Shanghai 200093, China

Revised:2020-11-05 Online:2021-03-25 Published:2021-03-01
Supported by:
The National Natural Science Foundation of China(61772129);The National Cryptography Development Fund(MMJJ20180101);The Natural Science Foundation of Shanghai(19ZR1402000);Shanghai Key Laboratory of Scalable Computing and Systems;Shanghai Key Laboratory of Integrate Administration Technologies for Information Security

摘要/Abstract

摘要：

研究了唯密文攻击下TWINE密码的安全性，即在唯密文故障攻击下，利用SEI、MLE、HW、GF、GF-SEI、GF-MLE、Parzen-HW、MLE-HE、HW-HE和HW-MLE-HE等一系列区分器进行分析，能够以至少99%的成功概率恢复TWINE密码的主密钥。仿真实验表明，所提新型区分器MLE-HE、HW-HE和HW-MLE-HE可以有效地减少故障数并提高攻击效率。研究结果为分析物联网中轻量级密码算法的安全性提供了重要参考。

关键词: 轻量级密码, TWINE, 唯密文故障分析, 物联网

Abstract:

The security analysis of TWINE against the ciphertext-only fault analysis was proposed.The secret key of TWINE could be recovered with a success probability at least 99% using a series of distinguishers of SEI、MLE、HW、GF、GF-SEI、GF-MLE、Parzen-HW、MLE-HE、HW-HE and HW-MLE-HE.Among them, the novel proposed distinguishers of MLE-HE、HW-HE and HW-MLE-HE can effectively reduce the faults and improve the attack efficiency in simulating experiments.It provides a significant reference for analyzing the security of lightweight ciphers in the Internet of Things.

Key words: lightweight cryptogram, TWINE, ciphertext-only fault analysis, Internet of things

中图分类号:

TP309.7

李玮, 汪梦林, 谷大武, 李嘉耀, 蔡天培, 徐光伟. 轻量级密码算法TWINE的唯密文故障分析[J]. 通信学报, 2021, 42(3): 135-149.

Wei LI, Menglin WANG, Dawu GU, Jiayao LI, Tianpei CAI, Guangwei XU. Ciphertext-only fault analysis of the TWINE lightweight cryptogram algorithm[J]. Journal on Communications, 2021, 42(3): 135-149.

图/表 16

表1

表2

图1

图2

图3

表3

图4

图5

图6

表4

表5

各区分器恢复TWINE-80和TWINE-128子密钥的16bit的MAE值"

故障数	SEI	MLE	HW	GF	GF-SEI	GF-MLE	Parzen-HW	MLE-HE	HW-HE	HW-MLE-HE
0	65535.00/65535.00	65535.00/65535.00	65535.00/65535.00	65535.00/65535.00	65535.00/65535.00	65535.00/65535.00	65535.00/65535.00	65535.00/65535.00	65535.00/65535.00	65535.00/65535.00
1	65535.00/65535.00	4095.00/4095.00	4095.00/4095.00	4095.00/4095.00	4095.00/4095.00	4095.00/4095.00	4095.00/4095.00	4095.00/4095.00	4095.00/4095.00	4095.00/4095.00
2	4087.32/4722.52	255.84/288.64	249.80/251.20	2312.88/2296.44	256.92/260.44	2323.32/2299.72	251.32/257.12	253.00/253.04	252.12/257.92	252.12/257.92
3	253.32/254.44	15.31/16.18	15.02/21.31	756.71/769.79	191.23/191.91	773.40/770.70	16.62/13.59	16.20/17.38	15.41/18.72	15.41/18.72
4	15.91/15.37	5.38/5.73	6.76/6.81	60.90/58.96	11.52/11.10	59.34/58.22	7.31/5.58	6.80/5.49	5.83/6.05	5.83/6.05
5	27.27/30.61	3.63/3.15	3.26/3.11	21.38/21.80	14.34/14.13	20.99/21.68	1.09/1.55	0.88/0.91	1.41/1.51	1.41/1.51
6	4.28/4.95	2.23/3.25	2.31/2.51	0.97/1.05	0.90/1.14	0.95/1.04	0.89/1.22	0.76/0.82	0.81/0.71	0.81/0.71
7	1.10/1.22	1.73/1.60	1.42/1.93	1.35/1.21	0.59/0.92	1.27/1.50	0.67/0.56	0.53/0.69	0.77/0.49	0.77/0.49
8	1.49/1.90	1.24/1.66	1.72/1.46	1.85/1.38	0.24/0.33	1.41/1.47	0.28/0.37	0.40/0.42	0.28/0.51	0.28/0.51
9	0.81/1.23	1.56/1.24	0.97/1.17	1.44/1.40	0.30/0.26	2.08/1.18	0.23/0.18	0.23/0.25	0.24/0.33	0.24/0.33
10	1.18/1.10	1.10/1.29	1.27/1.17	1.44/1.51	0.28/0.23	1.11/1.44	0.15/0.14	0.13/0.09	0.13/0.19	0.13/0.19
11	0.30/0.36	1.05/1.09	0.99/1.21	0.88/0.49	0.10/0.11	0.70/0.57	0.18/0.11	0.13/0.12	0.12/0.09	0.12/0.09
12	0.47/0.40	0.31/0.34	0.70/0.83	0.73/0.64	0.11/0.09	0.97/0.86	0.08/0.07	0.05/0.09	0.12/0.13	0.12/0.13
13	0.34/0.25	0.33/0.20	0.65/0.95	0.37/0.26	0.02/0.03	0.27/0.36	0.11/0.08	0.02/0.02	0.03/0.04	0.03/0.04
14	0.13/0.15	0.24/0.15	0.66/0.77	0.13/0.33	0.02/0.02	0.20/0.21	0.02/0.07	0.03/0.01	0.05/0.06	0.05/0.06
15	0.25/0.13	0.30/0.24	0.38/0.66	0.13/0.21	0.02/0.05	0.27/0.37	0.02/0.09	0.02/0.02	0.03/0.05	0.03/0.05
16	0.18/0.26	0.35/0.18	0.66/0.44	0.18/0.22	0.04/0.05	0.25/0.20	0.04/0.02	0.00/0.03	0.04/0.04	0.04/0.04
17	0.05/0.07	0.20/0.15	0.35/0.65	0.14/0.19	0.00/0.02	0.11/0.21	0.07/0.02	0.02/0.00	0.03/0.02	0.03/0.02
18	0.18/0.09	0.15/0.12	0.42/0.55	0.18/0.23	0.03/0.02	0.27/0.17	0.02/0.03	0.01/0.02	0.01/0.00	0.01/0.00
19	0.09/0.10	0.12/0.15	0.33/0.29	0.17/0.13	0.03/0.02	0.16/0.13	0.06/0.03	0.02/0.02	0.04/0.02	0.04/0.02
20	0.06/0.06	0.05/0.12	0.30/0.34	0.15/0.16	0.00/0.01	0.17/0.12	0.03/0.01	0.03/0.01	0.02/0.01	0.02/0.01
21	0.10/0.03	0.06/0.07	0.32/0.29	0.17/0.18	0.00/0.00	0.12/0.16	0.03/0.01	0.00/0.00	0.02/0.00	0.02/0.00
22	0.10/0.08	0.07/0.07	0.32/0.26	0.09/0.08	0.00/0.01	0.11/0.05	0.01/0.00	0.00/0.00	0.02/0.00	0.02/0.00
23	0.03/0.02	0.11/0.08	0.21/0.35	0.04/0.10	0.01/0.00	0.10/0.07	0.00/0.00	0.00/0.00	0.02/0.00	0.02/0.00
24	0.01/0.06	0.03/0.06	0.12/0.14	0.13/0.09	0.01/0.01	0.20/0.16	0.01/0.01	0.00/0.00	0.00/0.01	0.00/0.01
25	0.03/0.03	0.12/0.07	0.20/0.14	0.07/0.08	0.00/0.00	0.09/0.07	0.02/0.00	0.01/0.00	0.00/0.02	0.00/0.02
26	0.04/0.07	0.03/0.02	0.09/0.23	0.02/0.07	0.00/0.00	0.06/0.05	0.01/0.00	0.00/0.00	0.00/0.00	0.00/0.00
27	0.07/0.02	0.02/0.06	0.06/0.25	0.05/0.03	0.00/0.00	0.03/0.05	0.00/0.00	0.00/0.00	0.00/0.00	0.00/0.00
28	0.04/0.06	0.02/0.06	0.07/0.09	0.08/0.06	0.01/0.00	0.05/0.11	0.00/0.00	0.00/0.01	0.00/0.01	0.00/0.01
29	0.02/0.02	0.04/0.02	0.07/0.07	0.06/0.02	0.00/0.00	0.02/0.02	0.00/0.00	0.00/0.00	0.00/0.01	0.00/0.01
30	0.06/0.03	0.06/0.03	0.07/0.07	0.01/0.02	0.00/0.00	0.02/0.05	0.02/0.00	0.00/0.00	0.00/0.00	0.00/0.00
31	0.01/0.00	0.02/0.00	0.03/0.03	0.02/0.03	0.00/0.01	0.02/0.04	0.00/0.01	0.00/0.00	0.00/0.00	0.00/0.00
32	0.05/0.04	0.01/0.02	0.05/0.05	0.03/0.03	0.00/0.00	0.02/0.01	0.00/0.01	0.00/0.00	0.00/0.00	—
33	0.03/0.01	0.04/0.00	0.02/0.02	0.02/0.02	0.00/0.00	0.05/0.00	0.00/0.00	0.00/0.00	—	—
34	0.01/0.00	0.01/0.01	0.02/0.03	0.04/0.04	0.00/0.00	0.01/0.00	0.00/0.00	—	—	—
35	0.02/0.02	0.01/0.00	0.00/0.04	0.00/0.00	0.00/0.00	0.02/0.03	0.00/0.00	—	—	—

表5

（续表5）

表6

（续表6）

故障数	SEI	MLE	HW	GF	GF-SEI	GF-MLE	Parzen-HW	MLE-HE	HW-HE	HW-MLE-HE
17	10/10	43/46	52/43	7/8	11/9	11/9	37/31	50/46	40/47	49/43
18	15/10	47/46	44/53	11/8	15/14	12/8	31/45	50/53	53/45	50/49
19	15/17	58/47	54/56	18/21	17/14	11/17	42/45	56/59	62/57	55/57
20	15/13	56/61	53/57	21/8	23/21	17/6	46/40	67/65	66/59	63/61
21	16/15	61/57	65/64	22/22	17/20	24/21	55/48	73/61	64/61	68/64
22	23/16	64/65	61/61	18/22	24/18	14/28	61/49	72/75	64/68	68/65
23	29/21	70/72	75/69	24/25	24/27	23/25	52/50	69/67	78/68	76/74
24	21/23	79/76	71/71	32/23	40/30	23/26	56/56	74/84	74/74	81/75
25	24/20	75/76	74/76	29/31	28/30	35/25	68/55	85/77	75/75	73/78
26	28/25	83/78	77/78	38/32	41/38	36/31	63/65	81/78	86/84	88/81
27	34/26	86/81	84/83	22/38	39/26	42/33	63/74	89/84	85/82	87/86
28	38/33	82/85	88/79	37/44	37/33	37/37	80/73	87/86	90/87	86/87
29	34/45	84/89	85/80	30/40	51/46	39/44	77/75	88/92	88/89	87/89
30	42/34	89/90	90/87	50/32	49/45	34/44	86/66	90/87	88/89	94/90
31	43/36	90/92	92/88	47/45	46/48	54/36	76/76	91/89	93/91	99/99
32	53/45	92/93	96/94	57/54	50/53	52/51	84/82	94/95	99/99	—
33	41/47	95/92	96/94	64/60	55/49	49/63	82/79	99/99	—	—
34	48/58	94/96	93/92	63/57	61/64	61/59	83/86	—	—	—
35	54/58	97/93	95/95	60/66	64/63	68/66	88/87	—	—	—
36	56/54	99/99	94/96	71/57	61/51	69/71	90/86	—	—	—
37	60/58	—	99/99	70/65	68/64	72/72	91/97	—	—	—
38	66/62	—	—	66/75	72/70	73/62	87/90	—	—	—
39	75/64	—	—	74/73	76/74	75/80	94/94	—	—	—
40	76/76	—	—	68/69	72/80	70/78	92/91	—	—	—
41	71/76	—	—	76/78	74/75	79/77	99/93	—	—	—
42	69/67	—	—	72/83	82/80	82/82	—/93	—	—	—
43	70/81	—	—	85/84	84/76	78/83	—/91	—	—	—
44	78/80	—	—	82/85	82/87	91/80	—/96	—	—	—
45	77/86	—	—	88/85	86/93	85/88	—/99	—	—	—
46	84/81	—	—	90/84	90/90	89/85	—	—	—	—
47	85/77	—	—	85/87	92/86	88/88	—	—	—	—
48	90/86	—	—	85/86	91/88	84/88	—	—	—	—
49	81/86	—	—	88/93	92/92	92/88	—	—	—	—
50	88/98	—	—	91/90	94/93	94/91	—	—	—	—
51	90/89	—	—	95/92	88/93	90/92	—	—	—	—
52	90/86	—	—	92/92	94/93	93/95	—	—	—	—
53	96/91	—	—	93/92	94/93	90/92	—	—	—	—
54	93/96	—	—	99/91	92/99	92/99	—	—	—	—
55	95/93	—	—	—/94	92/—	94/—	—	—	—	—
56	98/91	—	—	—/99	99/—	99/—	—	—	—	—
57	94/95	—	—	—	—	—	—	—	—	—
58	98/95	—	—	—	—	—	—	—	—	—
59	95/100	—	—	—	—	—	—	—	—	—
60	99/-	—	—	—	—	—	—	—	—	—

（续表6）

表7

各区分器恢复TWINE-80和TWINE-128子密钥的16bit的时间"

故障数	SEI	MLE	HW	GF	GF-SEI	GF-MLE	Parzen-HW	MLE-HE	HW-HE	HW-MLE-HE
0	1.20/1.06	1.73/1.73	0.64/0.66	1.63/1.61	2.19/1.22	1.72/2.95	1.03/0.95	2.06/2.08	1.17/1.34	1.27/1.39
1	1.08/1.05	1.91/1.91	0.81/0.80	1.72/1.70	1.64/1.69	1.70/1.70	1.17/1.09	2.17/1.92	1.02/1.34	1.42/1.42
2	1.08/1.06	2.06/2.05	0.83/0.84	1.83/1.80	1.73/1.77	1.70/1.70	1.25/1.23	2.25/1.94	0.92/1.08	1.30/1.27
3	1.09/1.09	2.16/2.14	0.81/0.84	1.86/1.80	1.73/1.78	1.67/1.72	1.36/1.23	2.42/2.12	1.03/1.27	1.39/1.39
4	1.14/1.13	2.25/2.22	0.86/0.86	1.87/1.83	1.89/1.92	1.80/1.81	1.39/1.28	2.48/2.17	0.97/1.20	1.36/1.36
5	1.17/1.17	2.34/2.31	0.87/0.87	1.95/1.89	1.92/1.98	1.84/1.87	1.41/1.31	2.58/2.23	1.00/1.20	1.36/1.38
6	1.20/1.19	2.42/2.42	0.91/0.91	1.98/1.95	1.87/1.94	1.80/2.05	1.42/1.31	2.66/2.31	1.03/1.39	1.42/1.42
7	1.23/1.22	2.52/2.48	0.94/0.94	2.03/1.95	1.92/1.97	1.83/2.19	1.45/1.39	2.75/2.62	1.03/1.34	1.44/1.42
8	1.28/1.25	2.56/2.56	0.97/0.95	2.08/2.02	1.95/2.02	1.94/2.22	1.50/1.41	2.78/2.80	1.08/1.27	1.47/1.45
9	1.30/1.31	2.66/2.59	0.98/0.97	2.13/2.06	1.98/2.03	2.20/2.22	1.53/1.41	2.84/2.81	1.08/1.33	1.48/1.48
10	1.33/1.33	2.70/2.64	1.00/1.03	2.19/2.09	2.05/2.09	2.23/2.33	1.53/1.45	2.86/2.86	1.11/1.30	1.50/1.50
11	1.39/1.36	2.72/2.69	1.03/1.05	2.20/2.16	2.08/2.13	2.28/2.47	1.58/1.47	2.91/2.94	1.13/1.34	1.53/1.53
12	1.36/1.38	2.75/2.77	1.08/1.08	2.22/2.17	2.11/2.17	2.30/3.03	1.62/1.50	2.97/2.97	1.14/1.38	1.55/1.56
13	1.42/1.41	2.80/2.80	1.09/1.09	2.28/2.23	2.14/2.17	2.34/2.62	1.66/1.53	3.01/3.00	1.17/1.42	1.61/1.58
14	1.45/1.44	2.84/2.81	1.11/1.13	2.30/2.23	2.17/2.17	2.34/2.44	1.70/1.56	3.03/3.06	1.22/1.44	1.63/1.61
15	1.47/1.45	2.88/2.86	1.16/1.16	2.38/2.28	2.20/2.23	2.41/2.62	1.73/1.59	3.08/3.06	1.23/1.47	1.69/1.69
16	1.44/1.59	2.89/2.86	1.19/1.20	2.39/2.30	2.23/2.25	2.42/2.48	1.70/1.59	3.11/3.08	1.28/1.48	1.72/1.77
17	1.70/1.72	2.91/2.94	1.23/1.23	2.42/2.34	2.25/2.30	2.47/3.41	1.75/1.63	3.12/3.12	1.41/1.53	1.75/1.92
18	1.77/1.72	2.98/2.92	1.27/1.30	2.45/2.41	2.31/2.33	2.48/2.84	1.80/1.69	3.16/3.14	1.56/1.55	1.78/1.78
19	1.81/1.78	3.00/2.97	1.28/1.28	2.42/2.34	2.27/2.31	2.47/2.66	1.80/1.69	3.20/3.19	1.59/1.61	1.83/1.80
20	1.80/1.78	3.02/2.98	1.33/1.33	2.50/2.47	2.37/2.39	2.55/2.67	1.84/1.72	3.20/3.22	1.59/1.61	1.84/1.84
21	1.84/1.83	3.06/3.02	1.36/1.34	2.58/2.42	2.34/2.39	2.58/2.89	1.91/1.75	3.22/3.22	1.69/1.69	1.92/1.83
22	1.86/1.84	3.08/3.03	1.38/1.38	2.61/2.52	2.41/2.45	2.66/3.05	1.94/1.77	3.27/3.25	1.73/1.72	1.92/1.91
23	1.88/1.84	3.08/3.06	1.39/1.41	2.64/2.52	2.45/2.52	2.69/2.89	1.98/1.83	3.30/3.28	1.75/1.73	1.97/1.89
24	1.91/1.89	3.11/3.13	1.41/1.42	2.62/2.58	2.47/2.52	2.67/3.17	1.95/1.84	3.31/3.37	1.73/1.70	1.94/1.92
25	1.91/1.89	3.13/3.12	1.44/1.44	2.69/2.59	2.50/2.56	2.70/2.97	1.98/1.84	3.34/3.53	1.73/1.73	1.98/1.95
26	1.95/1.94	3.19/3.16	1.47/1.48	2.72/2.67	2.55/2.61	2.76/2.83	2.00/1.88	3.41/3.39	1.78/1.80	2.00/2.02
27	1.95/1.98	3.20/3.17	1.49/1.48	2.72/2.64	2.56/2.61	2.77/2.87	2.03/1.91	3.44/3.41	1.83/1.81	2.05/2.00
28	2.02/2.00	3.25/3.20	1.52/1.52	2.78/2.72	2.63/2.66	2.81/2.94	2.08/1.95	3.44/3.41	1.83/1.84	2.06/2.03
29	2.03/2.03	3.27/3.23	1.56/1.53	2.81/2.72	2.62/2.69	2.83/3.16	2.08/1.97	3.44/3.48	1.88/1.86	2.11/2.06
30	2.19/2.16	3.27/3.25	1.58/1.59	2.83/2.75	2.67/2.83	2.87/3.10	2.17/1.97	3.46/3.48	1.91/1.91	2.14/2.11
31	2.16/2.14	3.31/3.30	1.62/1.63	2.86/2.83	2.70/2.78	3.03/3.66	2.19/2.06	3.51/3.48	1.97/1.95	2.17/2.14
32	2.11/2.11	3.36/3.33	1.66/1.66	2.91/2.98	2.72/2.89	3.03/3.48	2.14/1.98	3.52/3.55	1.95/1.84	—
33	2.20/2.25	3.36/3.36	1.67/1.68	2.92/2.91	2.80/2.95	2.98/3.31	2.22/2.11	3.61/3.58	—	—
34	2.27/2.23	3.39/3.36	1.72/1.73	2.94/2.89	2.80/2.92	3.05/3.58	2.22/2.08	—	—	—
35	2.31/2.27	3.44/3.44	1.77/1.80	2.98/2.89	2.80/2.88	3.09/3.41	2.30/2.11	—	—	—
36	2.27/2.30	3.45/3.45	1.77/1.77	3.00/2.92	2.81/2.87	3.09/3.30	2.28/2.16	—	—	—
37	2.34/2.31	—	1.80/1.80	3.05/2.98	2.86/2.92	3.11/3.28	2.33/2.16	—	—	—
38	2.33/2.36	—	—	3.06/3.05	2.91/2.98	3.14/3.34	2.36/2.22	—	—	—
39	2.39/2.34	—	—	3.17/3.03	2.92/2.97	3.20/3.66	2.45/2.20	—	—	—

表7

（续表7）

参考文献 25

[1]	SABIT H , CHONG P H J , KILBY J . Ambient intelligence for smart home using the Internet of Things[C]// 2019 International Telecommunication Networks and Applications Conference. Piscataway:IEEE Press, 2019: 1-3.
[2]	XIAO F , MIAO Q W , XIE X H ,et al. Indoor anti-collision alarm system based on wearable Internet of things for smart healthcare[J]. IEEE Communications Magazine, 2018,56(4): 53-59.
[3]	VALECCE G , STRAZZELLA S , RADESCA A ,et al. Solarfertigation:Internet of things architecture for smart agriculture[C]// 2019 IEEE International Conference on Communications Workshops. Piscataway:IEEE Press, 2019: 1-6.
[4]	BRINCAT A A , PACIFICI F , MARTINAGLIA S ,et al. The Internet of things for intelligent transportation systems in real smart cities scenarios[C]// 2019 IEEE World Forum on Internet of Things. Piscataway:IEEE Press, 2019: 128-132.
[5]	BUTUN I , ?STERBERG P , SONG H . Security of the Internet of things:vulnerabilities,attacks and countermeasures[J]. IEEE Communications Surveys and Tutorials, 2020,22(1): 616-644.
[6]	ZHOU L , SU C H , YEH K H . A lightweight cryptographic protocol with certificateless signature for the Internet of things[J]. ACM Transactions on Embedded Computing Systems, 2019,18(3): 1-10.
[7]	HE D J , YE R , CHAN S ,et al. Privacy in the Internet of things for smart healthcare[J]. IEEE Communications Magazine, 2018,56(4): 38-44.
[8]	SUZAKI T , MINEMATSU K , MORIOKA S ,et al. TWINE:a lightweight block cipher for multiple platforms[C]// 2012 International Conference on Selected Areas in Cryptography. Berlin:Springer, 2012: 339-354.
[9]	?OBAN M , KARAKO? F , BOZTA? ? , . Biclique cryptanalysis of TWINE[C]// 2012 International Conference on Cryptology and Network Security. Berlin:Springer, 2012: 43-55.
[10]	WANG Y F , WU W L . Improved multidimensional zero-correlation linear cryptanalysis and applications to LBlock and TWINE[C]// 2014 Australasian Conference on Information Security and Privacy. Berlin:Springer, 2014: 1-16.
[11]	TOLBA M , YOUSSEF A M . Generalized MitM attacks on full TWINE[J]. Information Processing Letters, 2016,116(2): 128-135.
[12]	BONEH D , DEMILLO R A , LIPTON R J . On the importance of checking cryptographic protocols for faults[C]// 1997 International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 1997: 37-51.
[13]	DUSRAT P , LETOURNEUX G , VIVOLO O . Differential fault analysis on AES[C]// 2003 International Conference on Applied Cryptography and Network Security. Berlin:Springer, 2003: 293-306.
[14]	BL?MER J , SEIFERT J P . Fault based cryptanalysis of the advanced encryption standard (AES)[C]// 2003 International Conference on Financial Cryptography. Berlin:Springer, 2003: 162-181.
[15]	DERBEZ P , FOUQUE P A , LERESTEUX D . Meet-in-the-middle and impossible differential fault analysis on AES[C]// 2011 International Workshop on Cryptographic Hardware and Embedded Systems. Berlin:Springer, 2011: 274-291.
[16]	NOZAKI Y , ASAHI K , YOSHIKAWA M . Statistical fault analysis for a lightweight block cipher TWINE[C]// 2015 IEEE Global Conference on Consumer Electronics. Piscataway:IEEE Press, 2015: 477-478.
[17]	FUHR T , JAULMES E , LOMNé V ,et al. Fault attacks on AES with faulty ciphertexts only[C]// 2013 Fault Diagnosis and Tolerance in Cryptography. Piscataway:IEEE Press, 2013: 108-118.
[18]	YOSHIKAWA H , KAMINAGA M , SHIKODA A ,et al. Round addition DFA on 80-bit piccolo and TWINE[J]. IEICE Transactions on Information and Systems, 2013,96(9): 2031-2035.
[19]	LI W , ZHANG W W , GU D W ,et al. Security analysis of the lightweight cryptosystem TWINE in the Internet of Things[J]. KSII Transactions on Internet and Information Systems, 2015,9(2): 793-810.
[20]	高杨, 王永娟, 王磊 ,等. 轻量级分组密码算法TWINE差分故障攻击的改进[J]. 通信学报, 2017,38(Z2): 178-184.
	GAO Y , WANG Y J , WANG L ,et al. Improvement differential fault attack on TWINE[J]. Journal on Communications, 2017,38(Z2): 178-184.
[21]	DOBRAUNIG C , EICHLSEDER M , KORAK T ,et al. Statistical fault attacks on nonce-based authenticated encryption schemes[C]// 2016 International Conference on the Theory and Application of Cryptology and Information Security. Berlin:Springer, 2016: 369-395.
[22]	LI W , LIAO L F , GU D W ,et al. Ciphertext-only fault analysis on the LED lightweight cryptosystem in the Internet of things[J]. IEEE Transactions on Dependable and Secure Computing, 2019,16(3): 454-461.
[23]	李玮, 吴益鑫, 谷大武 ,等. SIMON轻量级密码算法的唯密文故障分析[J]. 通信学报, 2019,40(11): 122-137.
	LI W , WU Y X , GU D W ,et al. Ciphertext-only fault analysis of the SIMON lightweight cipher[J]. Journal on Communications, 2019,40(11): 122-137.
[24]	李玮, 曹珊, 谷大武 ,等. 物联网中MIBS轻量级密码的唯密文故障分析[J]. 计算机研究与发展, 2019,56(10): 2216-2228.
	LI W , CAO S , GU D W ,et al. Ciphertext-only fault analysis of the MIBS lightweight cryptosystem in the Internet of things[J]. Journal of Computer Research and Development, 2019,56(10): 2216-2228.
[25]	KORAK T , HUTTER M , EGE B ,et al. Clock glitch attacks in the presence of heating[C]// 2014 Fault Diagnosis and Tolerance in Cryptography. Piscataway:IEEE Press, 2014: 104-114.

分析类型	基本假设	攻击轮数/轮	文献
不可能差分故障分析	CPA	23/24	文献[8]
饱和分析	CPA	22/23	文献[8]
Biclique分析	CPA	36/36	文献[9]
零相关线性分析	KPA	23/25	文献[10]
中间相遇分析	KPA	36/36	文献[11]
差分故障分析	CPA	36/36	文献[18-20]
统计故障分析	CPA	36/36	文献[16]
唯密文故障分析	COA	36/36	本文

区分器	中文全称	取值范围	对比
SEI	平方欧氏距离	最大值	通过最大化实际分布和均匀分布的平方距离和，筛选最不符合均匀分布的实际分布
MLE	极大似然估计	最大值	通过最大化变量的理论概率乘积，筛选出现概率最大的实际分布
HW	汉明权重	最小值	通过最小化变量与相同长度零字符串的汉明距离，筛选使变量二进制字符串中1的个数最少的实际分布
GF	拟合优度	最小值	通过对变量的理论个数与实际个数作运算，找出与理论分布差异最小的实际分布
GF-SEI	拟合优度-平方欧氏距离	GF取最小值，SEI取最大值	先使用GF筛选与理论分布较拟合的实际分布，再使用SEI筛选与均匀分布距离最大的实际分布
GF-MLE	拟合优度-极大似然估计	GF取最小值，MLE取最大值	先使用 GF 筛选与理论分布较拟合的实际分布，再使用 MLE 筛选似然函数值最大的实际分布
Parzen- HW	窗估计?汉明权重	Parzen取最大值， HW取最小值	先使用 Parzen 筛选在指定区域内样本数较多的实际分布，再使用 HW 筛选汉明距离最小的实际分布
MLE-HE	极大似然估计-直方图估计	MLE和HE均取最大值	先使用MLE筛选变量的理论概率乘积较大的实际分布，再使用HE筛选理论个数累加和占比最大的实际分布
HW-HE	汉明权重-直方图估计	HW取最小值，HE取最大值	先使用HW筛选变量二进制字符串中1的个数较少的实际分布，再使用HE筛选概率密度最大的分布
HW-MLE-HE	汉明权重?极大似然估计?直方图估计	HW取最小值， MLE和HE取最大值	先使用HW筛选汉明权重较小的分布，再使用MLE筛选似然函数值较大的分布，最后HE筛选概率密度最大的分布

区分器	TWINE-80		TWINE-128
区分器	时间复杂度	数据复杂度	时间复杂度	数据复杂度
SEI	2^27.91	2^23.91	2^27.88	2^23.88
MLE	2^27.26	2^23.17	2^27.26	2^23.17
HW	2^27.30	2^23.21	2^27.30	2^23.21
GF	2^28.75	2^23.75	2^28.81	2^23.81
GF-SEI	2^28.81	2^23.81	2^28.75	2^23.75
GF-MLE	2^28.81	2^23.81	2^28.75	2^23.75
Parzen-HW	2^28.45	2^23.36	2^28.58	2^23.49
MLE-HE	2^27.13	2^23.04	2^27.13	2^23.04
HW-HE	2^27.09	2^23.00	2^27.09	2^23.00
HW-MLE-HE	2^27.04	2^22.95	2^27.04	2^22.95

轻量级密码算法TWINE的唯密文故障分析

Ciphertext-only fault analysis of the TWINE lightweight cryptogram algorithm

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 16

参考文献 25

相关文章 15

Metrics

推荐阅读 0

区分器	中文全称	AES-128^[17]	LED-128^[22]	SIMON-128^[23]	MIBS-80^[24]	TWINE-80/128
SEI	平方欧氏距离	320	280	∞	108	240/236
MLE	极大似然估计	224	160	264	70	144/144
HW	汉明权重	288	156	—	74	148/148
GF(goodness of fit)	拟合优度	—	240	408	110	216/224
GF-SEI	拟合优度?平方欧氏距离	—	212	376	86	224/216
GF-MLE	拟合优度?极大似然估计	—	—	288	92	224/216
Parzen-HW	窗估计?汉明权重	—	—	—	68	164/180
MLE-HE	极大似然估计?直方图估计	—	—	—	—	132/132
HW-HE	汉明权重?直方图估计	—	—	—	—	128/128
HW-MLE-HE	汉明权重?极大似然估计?直方图估计	—	—	—	—	124/124

[1]	金彪, 李逸康, 姚志强, 陈瑜霖, 熊金波. GenFedRL：面向深度强化学习智能体的通用联邦强化学习框架[J]. 通信学报, 2023, 44(6): 183-197.
[2]	刘帅, 关杰, 胡斌, 马宿东. 基于MILP的轻量级密码算法ACE的差分分析[J]. 通信学报, 2023, 44(1): 39-48.
[3]	王振宇, 郭阳, 李少青, 侯申, 邓丁. 面向轻量级物联网设备的高效匿名身份认证协议设计[J]. 通信学报, 2022, 43(7): 49-61.
[4]	廖海君, 贾泽晗, 周振宇, 刘念, 王飞, 甘忠, 姚贤炯. 面向调控信息新鲜度保障的电力至简物联网资源优化[J]. 通信学报, 2022, 43(7): 203-214.
[5]	杨小东, 田甜, 王嘉琪, 李梅娟, 王彩芬. 基于云边协同的无证书多用户多关键字密文检索方案[J]. 通信学报, 2022, 43(5): 144-154.
[6]	孙海丽, 龙翔, 韩兰胜, 黄炎, 李清波. 工业物联网异常检测技术综述[J]. 通信学报, 2022, 43(3): 196-210.
[7]	张琳, 魏新艳, 刘茜萍, 黄海平, 王汝传. 基于协作信誉和设备反馈的物联网边缘服务器信任评估算法[J]. 通信学报, 2022, 43(2): 118-130.
[8]	张晓茜, 徐勇军. 面向零功耗物联网的反向散射通信综述[J]. 通信学报, 2022, 43(11): 199-212.
[9]	梁晓艳, 杜瑞忠. IoT下CapBAC规则语义表示及其时间间隔粗糙性分析[J]. 通信学报, 2021, 42(9): 43-53.
[10]	杨毅宇, 周威, 赵尚儒, 刘聪, 张宇辉, 王鹤, 王文杰, 张玉清. 物联网安全研究综述：威胁、检测与防御[J]. 通信学报, 2021, 42(8): 188-205.
[11]	王化群, 刘哲, 何德彪, 李继国. 公有云中身份基多源IoT终端数据PDP方案[J]. 通信学报, 2021, 42(7): 52-60.
[12]	范平志, 李里, 陈欢, 程高峰, 杨林杰, 汤小波. 面向大规模物联网的随机接入：现状、挑战与机遇[J]. 通信学报, 2021, 42(4): 1-21.
[13]	田辉, 伍浩, 田洋, 任建阳, 崔亚娟, 艾文宝, 袁健华. 工业物联网中大规模受损边缘计算网络修复机制[J]. 通信学报, 2021, 42(4): 89-99.
[14]	朱政宇, 徐金雷, 孙钢灿, 王宁, 郝万明. 基于IRS辅助的SWIPT物联网系统安全波束成形设计[J]. 通信学报, 2021, 42(4): 185-193.
[15]	郝万明, 谢金坤, 孙钢灿, 朱政宇, 周一青. 基于无线供能反向散射通信系统安全性的稳健机会约束优化算法设计[J]. 通信学报, 2021, 42(3): 100-110.

故障数	SEI	MLE	HW	GF	GF-SEI	GF-MLE	Parzen-HW	MLE-HE	HW-HE	HW-MLE-HE
0	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0
1	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0
2	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0
3	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0
4	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0	0/0
5	0/0	1/0	2/1	0/0	0/0	0/0	2/4	1/1	1/2	2/0
6	0/0	1/0	0/1	0/0	0/0	1/0	1/3	1/3	1/1	2/2
7	2/0	1/2	1/2	0/1	1/1	4/1	3/10	4/6	2/7	3/5
8	0/1	6/4	1/5	1/1	0/1	1/1	8/4	6/11	2/6	7/6
9	1/0	5/9	7/7	1/1	1/1	1/0	5/11	8/8	11/10	9/8
10	2/0	7/12	9/12	2/7	3/2	3/0	10/6	12/13	10/14	10/15
11	1/4	19/18	19/13	4/4	3/5	7/2	20/12	18/13	17/16	21/21
12	1/1	15/19	12/14	1/2	2/3	3/4	16/13	15/21	20/22	21/16
13	3/3	21/21	27/26	2/2	1/4	2/3	16/20	17/15	19/33	21/22
14	6/8	28/26	26/36	2/3	4/3	4/7	16/21	35/30	36/33	23/27
15	2/6	31/37	30/39	7/7	3/10	6/11	31/32	29/30	35/36	43/44
16	5/11	35/30	51/33	6/7	7/10	5/12	34/22	39/31	44/36	40/44