针对轻量级分组密码算法PRESENT的随机差分故障攻击  被引量：1

作　　者：黄湘蜀 王敏 杜之波 吴震 王燚 HUANG Xiangshu;WANG Min;DU Zhibo;WU Zhen;WANG Yi(College of Cyberspace Security,Chengdu University of Information Technology,Chengdu 610225,China)

机构地区：[1]成都信息工程大学网络空间安全学院,四川成都610225

出　　处：《成都信息工程大学学报》2022年第1期8-15,共8页Journal of Chengdu University of Information Technology

基　　金：“十三五”国家密码发展基金资助项目(MMJJ20180224);四川省重点研发资助项目(2019YFG0096)。

摘　　要：轻量级分组密码算法PRESENT采用了SPN网络结构,具有实现面积小、功耗低等特点,因此广泛使用于资源受限的环境中。针对PRESENT算法,设计多字节故障模型,在PRESENT算法的第30、29轮的任意位置分别进行随机故障注入,注入的字节数不固定。利用PRESNET算法的故障传播路径,构建输出差分和可能输入值之间的关系,通过提出的并行S盒分析方法得到正确输入,进而得到正确的轮子密钥。最后通过分析密钥编排方案,只需要两轮正确的轮子密钥即可推导出初始的80 bits主密钥。实验结果表明,与现有的针对PRESENT算法的故障攻击相比,利用提出的故障模型,可以将攻击复杂度由2^(31)降低到2^(18),并且轮密钥攻击平均时长由20000 ms降低到1000 ms。与此同时,提出的方法将单字节、固定位置故障模型改进为多字节、任意位置的故障模型,更加符合实际的攻击情况,降低了对故障注入设备的要求,提高方法的实用性。The lightweight block cipher algorithm PRESENT uses the SPN network structure,which has the characteristics of small implementation area and low power consumption,so it is widely used in resource-constrained environments.This article designs a multi-byte fault model for the PRESENT algorithm.Random fault injection is performed at any position in the 30 th and 29 th rounds of the PRESENT algorithm,and the number of bytes injected is not fixed.Using the fault propagation path of the PRESNET algorithm,the relationship between the output difference and the possible input value is constructed,and the correct input is obtained through the parallel S-box analysis method proposed in this paper,and then the correct wheel key is obtained.Finally,by analyzing the key arrangement scheme,only two rounds of the correct wheel keys are needed to derive the initial 80 bits master key.The experimental results show that,compared with the existing fault attacks against PRESENT algorithm,the use of the fault model in this paper can reduce the complexity of the attack from 2^(31) to 2^(18),and the average duration of the round key attack can be reduced from 20000 ms to1000 ms.At the same time,the method proposed in this paper improves the single-byte,fixed-location fault model to a multi-byte,arbitrary-location fault model,which is more in line with the actual attack situation,reduces the requirements for fault injection equipment,and improves the practicability of the method.

关 键 词：PRESENT算法 多字节故障模型 随机故障注入 故障传播路径 并行S盒分析 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]