引用本文: | 魏悦川,贺水喻,潘峰,等.积分故障分析下的Midori128密码算法安全性评估.[J].国防科技大学学报,2024,46(4):229-246.[点击复制] |
WEI Yuechuan,HE Shuiyu,PAN Feng,et al.Security evaluation of Midori128 cryptographic algorithm under integral fault analysis[J].Journal of National University of Defense Technology,2024,46(4):229-246[点击复制] |
|
|
|
本文已被:浏览 2141次 下载 1129次 |
积分故障分析下的Midori128密码算法安全性评估 |
魏悦川1,2,贺水喻1,潘峰1,2,王湘儒1 |
(1. 武警工程大学 密码工程学院, 陕西 西安 710086;2. 网络与信息安全武警部队重点实验室, 陕西 西安 710086)
|
摘要: |
为了研究Midori128密码算法针对积分故障攻击的安全性,建立积分区分器平衡位置、故障密文与轮密钥的关系,通过密钥搜索,可以恢复出算法的最后一轮密钥,进而利用密钥扩展算法恢复出主密钥。理论分析表明,利用3轮和4轮积分区分器进行积分故障攻击时,恢复出正确密钥的时间复杂度分别为221和224。采用准确性、成功率和耗费时间对倒数第4轮注入故障的攻击过程进行仿真,成功恢复出该算法的主密钥,并且针对不同明文分组和密钥进行对比实验。通过两组故障安全性分析方案可知,Midori128算法的轮函数易受到积分故障攻击,在算法运行时至少需要对倒数6轮进行故障检测等额外防护。 |
关键词: 轻量级分组密码 Midori128算法 积分区分器 积分故障分析 |
DOI:10.11887/j.cn.202404025 |
投稿日期:2022-04-12 |
基金项目:陕西省基础研究计划资助项目(2021JM-254) |
|
Security evaluation of Midori128 cryptographic algorithm under integral fault analysis |
WEI Yuechuan1,2, HE Shuiyu1, PAN Feng1,2, WANG Xiangru1 |
(1. College of Password Engineering, Engineering University of PAP, Xi′an 710086, China;2. Key Laboratory of Network and Information Security of PAP, Xi′an 710086, China)
|
Abstract: |
In order to study the security of the Midori128 cryptographic algorithm against integral fault attack, the relationship between integral distinguisher balance position, fault ciphertext, and the round key was established, and the last round key of the algorithm could be recovered by key search, and then the master key could be recovered by using key extension algorithm. The theoretical analysis shows that the time complexity of recovering the correct key is 221 and 224 when using 3 and 4 rounds of integral distinguisher for the integral fault attack, respectively. The accuracy, success rate, and elapsed time were used to simulate the attack process of the fourth round of injection fault, and the master key of the algorithm was successfully recovered. Comparison experiments were conducted for different plaintext groups and keys. The two sets of fault security analysis schemes conclude that the round function of the Midori128 algorithm is vulnerable to integral fault attacks and requires additional protection such as fault detection for at least the last 6 rounds while the algorithm is running. |
Keywords: lightweight block cipher Midori128 algorithm integral distinguisher integral fault analysis |
|
|
|
|
|