LBlock轻量级密码算法的唯密文故障分析  被引量：7

作　　者：李玮[1,2,3,4] 吴益鑫[1] 谷大武 曹珊[1] 廖林峰 孙莉 刘亚[5] 刘志强[2] Li Wei;Wu Yixin;Gu Dawu;Cao Shan;Liao Linfeng;Sun Li;Liu Ya;Liu Zhiqiang(School of Computer Science and Technology,Donghua University,Shanghai 201620;Department of Computer Science and Engineering,Shanghai Jiao Tong University,Shanghai 200240;Shanghai Key Laboratory of Scalable Computing and Systems(Shanghai Jiao Tong University),Shanghai 200240;Shanghai Key Laboratory of Integrate Administration Technologies for Information Security(Shanghai Jiao Tong University),Shanghai 200240;Department of Computer Science and Engineering,University of Shanghai for Science and Technology,Shanghai 200093)

机构地区：[1]东华大学计算机科学与技术学院上海201620 [2]上海交通大学计算机科学与工程系上海200240 [3]上海市可扩展计算与系统重点实验室(上海交通大学),上海200240 [4]上海市信息安全综合管理技术研究重点实验室(上海交通大学),上海200240 [5]上海理工大学计算机科学与工程系,上海200093

出　　处：《计算机研究与发展》2018年第10期2174-2184,共11页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(61772129);国家密码发展基金项目(MMJJ20180101)

摘　　要：LBlock算法是在2011年ANCS会议上提出来的一种轻量级分组密码算法.它是一种具有Feistel结构的典型密码,并且广泛应用于物联网安全中.提出了针对Feistel结构的LBlock密码算法的新型唯密文故障分析方法,通过在算法的倒数第4轮导入故障,分别使用6种区分器对算法进行分析.在原有的SEI区分器、GF区分器、GF-SEI双重区分器、MLE区分器基础上,提出了GF-MLE双重区分器和MLE-SEI双重区分器作为新型区分器.仿真实验结果表明:可以在较短的时间内使用较少的故障数且以99%的成功概率恢复出主密钥并破译算法,其中提出的2种新型区分器比原有区分器所需故障数更少、效率更高.由此说明唯密文故障攻击对LBlock算法的安全性构成了巨大的威胁.The lightweight cipher LBlock was proposed at ANCS in 2011.It has the structure of Feistel and is widely applied in the security of Internet of things(IoT).In this paper,a cipher-text fault analysis for LBlock cipher by injecting faults is proposed,and it is analyzed by 6 distinguishers in the last but 3 rounds.On the basis of original distinguishers as SEI,GF,GF-SEI,MLE,we propose GF-MLE and MLE-SEI distinguishers as new distinguishers.The simulation experiments show that the secret key can be recovered with over 99%success probability in a short period of time,and these two new distinguishers can not only improve the attacking efficiency,but also decrease the number of faults.This shows that the ciphertext-only fault analysis poses a great threat to the security of LBlock cipher.

关 键 词：轻量级密码 LBlock 唯密文故障攻击 物联网 密码分析 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]