PRIDE轻量级密码的不可能统计故障分析  

作　　者：李玮[1,2,3,4] 孙文倩 谷大武 张爱琳[1] 温云华 LI Wei;SUN Wenqian;GU Dawu;ZHANG Ailin;WEN Yunhua(School of Computer Science and Technology,Donghua University,Shanghai 201620,China;Department of Computer Science and Engineering,Shanghai Jiao Tong University,Shanghai 200240,China;Shanghai Key Laboratory of Scalable Computing and System,Shanghai 200240,China;Shanghai Key Laboratory of Integrate Administration Technologies for Information Security,Shanghai 200240,China)

机构地区：[1]东华大学计算机科学与技术学院,上海201620 [2]上海交通大学计算机科学与工程系,上海200240 [3]上海市可扩展计算与系统重点实验室,上海200240 [4]上海市信息安全综合管理技术研究重点实验室,上海200240

出　　处：《通信学报》2024年第1期141-151,共11页Journal on Communications

基　　金：国家自然科学基金资助项目(No.61772129,No.62172395,No.62102077);国家密码发展基金资助项目(No.MMJJ20180101);信息安全国家重点实验室开放课题基金资助项目(No.2021-MS-05);上海市扬帆计划基金资助项目(No.21YF1401200,No.23YF1401000);中央高校基本科研业务费专项资金资助项目(No.223202D-25)。

摘　　要：针对2014年美密会上提出的PRIDE轻量级密码的实现安全,提出了面向唯密文攻击假设的新型不可能统计故障分析方法,设计了卡方拟合优度-汉明重量区分器、卡方拟合优度-极大似然估计区分器等新型区分器。所提方法基于随机半字节故障模型,结合统计分布状态和不可能关系分析,围绕导入故障前后中间状态的变化,最少仅需432个故障即可恢复出PRIDE算法的128 bit原始密钥,且成功率达99%及以上。实验分析表明,所提方法不仅能减少故障数和耗时,而且进一步提升了准确率。该结果对轻量级密码的实现安全性提供了重要参考。To analyze the implementation security of the PRIDE lightweight cryptosystem proposed at CRYPTO in 2014,a novel method of impossible statistical fault analysis on the ciphertext-only attack assumption was proposed.Furthermore,new distinguishers were designed,such as the Chi-square goodness-of-fit test-Hamming weight,and Chi-square goodness-of-fit test-maximum likelihood estimation.The proposed method had a random nibble-oriented fault model,and combined the statistical distribution states with the impossible relationship.On the difference among the intermediate states before and after the fault injections,at least 432 faults were required to recover the 128 bit secret key of PRIDE with a reliability of at least 99%.The experimental analysis demonstrates that the proposed method can not only reduce injected faults and latency,but also increase the accuracy.The results provide a vital reference for exploring the implementation security of lightweight cryptosystems.

关 键 词：侧信道分析 不可能统计故障分析 轻量级密码 PRIDE 智能无人系统 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]