积分故障分析下的Midori128密码算法安全性评估
2024,46(4):229-246
魏悦川
武警工程大学 密码工程学院, 陕西 西安 710086;
网络与信息安全武警部队重点实验室, 陕西 西安 710086,wych004@163.com
贺水喻
武警工程大学 密码工程学院, 陕西 西安 710086
潘峰
武警工程大学 密码工程学院, 陕西 西安 710086;
网络与信息安全武警部队重点实验室, 陕西 西安 710086
王湘儒
武警工程大学 密码工程学院, 陕西 西安 710086
武警工程大学 密码工程学院, 陕西 西安 710086;
网络与信息安全武警部队重点实验室, 陕西 西安 710086,wych004@163.com
贺水喻
武警工程大学 密码工程学院, 陕西 西安 710086
潘峰
武警工程大学 密码工程学院, 陕西 西安 710086;
网络与信息安全武警部队重点实验室, 陕西 西安 710086
王湘儒
武警工程大学 密码工程学院, 陕西 西安 710086
摘要:
为了研究Midori128密码算法针对积分故障攻击的安全性,建立积分区分器平衡位置、故障密文与轮密钥的关系,通过密钥搜索,可以恢复出算法的最后一轮密钥,进而利用密钥扩展算法恢复出主密钥。理论分析表明,利用3轮和4轮积分区分器进行积分故障攻击时,恢复出正确密钥的时间复杂度分别为221和224。采用准确性、成功率和耗费时间对倒数第4轮注入故障的攻击过程进行仿真,成功恢复出该算法的主密钥,并且针对不同明文分组和密钥进行对比实验。通过两组故障安全性分析方案可知,Midori128算法的轮函数易受到积分故障攻击,在算法运行时至少需要对倒数6轮进行故障检测等额外防护。
为了研究Midori128密码算法针对积分故障攻击的安全性,建立积分区分器平衡位置、故障密文与轮密钥的关系,通过密钥搜索,可以恢复出算法的最后一轮密钥,进而利用密钥扩展算法恢复出主密钥。理论分析表明,利用3轮和4轮积分区分器进行积分故障攻击时,恢复出正确密钥的时间复杂度分别为221和224。采用准确性、成功率和耗费时间对倒数第4轮注入故障的攻击过程进行仿真,成功恢复出该算法的主密钥,并且针对不同明文分组和密钥进行对比实验。通过两组故障安全性分析方案可知,Midori128算法的轮函数易受到积分故障攻击,在算法运行时至少需要对倒数6轮进行故障检测等额外防护。
基金项目:
陕西省基础研究计划资助项目(2021JM-254)
陕西省基础研究计划资助项目(2021JM-254)
Security evaluation of Midori128 cryptographic algorithm under integral fault analysis
WEI Yuechuan
College of Password Engineering, Engineering University of PAP, Xi′an 710086, China;
Key Laboratory of Network and Information Security of PAP, Xi′an 710086, China,wych004@163.com
HE Shuiyu
College of Password Engineering, Engineering University of PAP, Xi′an 710086, China
PAN Feng
College of Password Engineering, Engineering University of PAP, Xi′an 710086, China;
Key Laboratory of Network and Information Security of PAP, Xi′an 710086, China
WANG Xiangru
College of Password Engineering, Engineering University of PAP, Xi′an 710086, China
College of Password Engineering, Engineering University of PAP, Xi′an 710086, China;
Key Laboratory of Network and Information Security of PAP, Xi′an 710086, China,wych004@163.com
HE Shuiyu
College of Password Engineering, Engineering University of PAP, Xi′an 710086, China
PAN Feng
College of Password Engineering, Engineering University of PAP, Xi′an 710086, China;
Key Laboratory of Network and Information Security of PAP, Xi′an 710086, China
WANG Xiangru
College of Password Engineering, Engineering University of PAP, Xi′an 710086, China
Abstract:
In order to study the security of the Midori128 cryptographic algorithm against integral fault attack, the relationship between integral distinguisher balance position, fault ciphertext, and the round key was established, and the last round key of the algorithm could be recovered by key search, and then the master key could be recovered by using key extension algorithm. The theoretical analysis shows that the time complexity of recovering the correct key is 221 and 224 when using 3 and 4 rounds of integral distinguisher for the integral fault attack, respectively. The accuracy, success rate, and elapsed time were used to simulate the attack process of the fourth round of injection fault, and the master key of the algorithm was successfully recovered. Comparison experiments were conducted for different plaintext groups and keys. The two sets of fault security analysis schemes conclude that the round function of the Midori128 algorithm is vulnerable to integral fault attacks and requires additional protection such as fault detection for at least the last 6 rounds while the algorithm is running.
In order to study the security of the Midori128 cryptographic algorithm against integral fault attack, the relationship between integral distinguisher balance position, fault ciphertext, and the round key was established, and the last round key of the algorithm could be recovered by key search, and then the master key could be recovered by using key extension algorithm. The theoretical analysis shows that the time complexity of recovering the correct key is 221 and 224 when using 3 and 4 rounds of integral distinguisher for the integral fault attack, respectively. The accuracy, success rate, and elapsed time were used to simulate the attack process of the fourth round of injection fault, and the master key of the algorithm was successfully recovered. Comparison experiments were conducted for different plaintext groups and keys. The two sets of fault security analysis schemes conclude that the round function of the Midori128 algorithm is vulnerable to integral fault attacks and requires additional protection such as fault detection for at least the last 6 rounds while the algorithm is running.
收稿日期:
2022-04-12
2022-04-12
