HIGHT轻量级分组密码容错代数故障攻击研究

南京大学学报(自然科学版) ›› 2017, Vol. 53 ›› Issue (6): 1141–.

HIGHT轻量级分组密码容错代数故障攻击研究

陈　浩1*，王　韬1，赵新杰2，3，张　帆4，马云飞1，王晓晗1

出版日期:2017-11-28 发布日期:2017-11-28
作者简介:1.解放军军械工程学院信息工程系，石家庄，050003；
2.解放军外国语学院指挥系，洛阳，471003；
3．北方电子设备研究所，北京，100191；
4.浙江大学信息与电子工程学院，杭州，310027
基金资助:
基金项目：国家自然科学基金(61173191，61272491，61309021，61472357，61571063)
收稿日期：2017－05－02
*通讯联系人，E－mail：chenhao81823264@163.com

Research on fault－tolerant algebraic fault attack on HIGHT

Chen Hao1*，Wang Tao1，Zhao Xinjie2，3，Zhang Fan4，Ma Yunfei1，Wang Xiaohan1

Online:2017-11-28 Published:2017-11-28
About author:1.Department of Information Engineering，Ordnance Engineering College，Shijiazhuang，050003，China；
2．Department of Command，PLA University of Foreign Language，Luoyang，471003，China；
3．Institute of North Electronic Equipment，Beijing，100191，China；
4.College of Information Science and Electronic Engineering，Zhejiang University，Hangzhou，310027，China

摘要/Abstract

摘要： 针对现有HIGHT轻量级分组密码代数故障攻击方法在故障失效发生的场景下故障位置判定出错进而影响攻击成功率的问题，提出并讨论了一种容错代数故障攻击方法．该方法首先对故障失效特性进行深入研究，利用故障注入位置、故障失效与密文差分之间的对应关系，构建了一个完备的故障位置区分器以实现对各种场景下故障位置的准确判定．然后在此基础上提取故障失效信息以实现故障信息最大化利用，并对故障信息等效代数方程组构建方法进行优化，实现了故障信息等效代数方程组的自动化构建．最后对提出的攻击方法的复杂度和成功率进行了分析和实验验证．实验结果表明，与现有攻击相比，提出的攻击方法容错能力更强，能检测出所有显性故障失效，攻击的成功率达到100%，且故障信息等效代数方程组构建自动化程度更高，解析器平均求解时间更少．

Abstract: HIGHT is built by using ARX(addition modulo 2n，bit rotation and XOR)structure，which is suitable for resource－constrained environment such as Radio Frequency Identification(RFID) tag or ubiquitous computing system and it has been adopted as a standard block cipher by Telecommunications Technology Association(TTA)of Korea and ISO/IEC 18033－3.Since the accurate location of the injected fault cannot be successfully determined when fault failures are occurred，the success rate of the existing algebraic fault attack on HIGHT is always less than 100%.To improve the success rate and efficiency，a fault tolerant algebraic fault attack is proposed in this paper.Firstly，fault failures and its properties are studied and a complete distinguisher based on fault failures，fault locations and cipher differences for determining the accurate fault locations in all different scenarios is built.Then，HIGHT is described as a set of algebraic equations.The faulty ciphertext is generated via fault injections and fault differences are represented with algebraic equations.To make maximum use of the injected faults，fault failures are also described as a set of algebraic equations.In the meantime，the procedure of constructing algebraic equations for the injected faults is optimized to perform automatically to further make the attack easy to launch.Finally，the CryptoMiniSAT solver is applied to solve the equations for the key and the number of fault injections that required and success rate of the proposed attack are analyzed in theory.The simulation experiments show that compared with the existing algebraic fault attack on HIGHT，the success rate of the proposed attack has been improved to 100% and the method of constructing algebraic equations for the injected faults is easier and can be performed automatically，the entire mater key bytes can be fully recovered in a rather smaller time by solving the algebraic equations with the CryptoMiniSAT solver，and the proposed attack can be easily extended to other cipher which has the similar structure.

陈　浩1*，王　韬1，赵新杰2，3，张　帆4，马云飞1，王晓晗1. HIGHT轻量级分组密码容错代数故障攻击研究[J]. 南京大学学报(自然科学版), 2017, 53(6): 1141–.

Chen Hao1*，Wang Tao1，Zhao Xinjie2，3，Zhang Fan4，Ma Yunfei1，Wang Xiaohan1. Research on fault－tolerant algebraic fault attack on HIGHT[J]. Journal of Nanjing University(Natural Sciences), 2017, 53(6): 1141–.

参考文献

[1]　Bogdanov A，Knudsen L R，Leander G，et al.PRESENT：An ultra－lightweight block cipher.In：Paillier P，Verbauwhede I．Cryptographic Hardware and Embedded Systems － CHES 2007.Springer Berlin Heidelberg，2007：4727：450－466.
[2] Hong D，Sung J，Hong S，et al.HIGHT：A new block cipher suitable for low－resource device.In：Goubin L，Matsui M．Cryptographic Hardware and Embedded Systems － CHES 2006.Springer Berlin Heidelberg，2006：4249：46－59.
[3] Guo J，Peyrin T，Poschmann A，et al.The LED block cipher.In：Preneel B，Takagi T．Cryptographic Hardware and Embedded Systems － CHES 2011.Springer Berlin Heidelberg，2011：6917：326－341.
[4] Shibutani K，Isobe T，Hiwatari H，et al.Piccolo：An ultra－lightweight blockcipher.In：Preneel B，Takagi T．Cryptographic Hardware and Embedded Systems － CHES 2011.Springer Berlin Heidelberg，2011：6917：342－357.
[5] Courtois N T，Ware D，Jackson K M．Fault－algebraic attacks on inner rounds of DES.In：Strategies Telecom and Multimedia.Montreuil，France：UCL，2010：22－24.
[6] Zhang F，Zhao X J，Guo S Z，et al.Improved algebraic fault analysis：A case study on piccolo and applications to other lightweight block ciphers.In：The 2nd International Workshop on Constructive Side－Channel Analysis and Secure Design(COSADE 2013)．Springer Berlin Heidelberg，2013，7864，2013：62－79.
[7] 吴克辉，赵新杰，王　韬等．PRESENT密码代数故障攻击．通信学报，2012，33(8)：85－92.(Wu K H，Zhao X J，Wang T，et al.Algebraic fault attack on PRESENT.Journal on Communications，2012，33(8)：85－92.)
[8] 赵新杰，郭世泽，王　韬等．Piccolo密码代数故障分析研究．计算机学报，2013，36(4)：882－894.(Zhao X J，Guo S Z，Wang T，et al.Research of algebraic fault analysis on piccolo.Chinese Journal of Computers，2013，36(4)：882－894.)
[9] Mohamed M S E，Bulygin S，Bchmann J．Using SAT solving to improve differential fault analysis of Trivium.In：Kim T，Adeli H，Robles R J，et al.Information Security and Assurance.Springer Berlin Heidelberg，2011：62－71.
[10] 范伟杰，吴文玲，张　蕾．HIGHT算法的差分故障攻击．中国科学院研究生院学报，2012，29(2)：271－276.(Fan W J，Wu W L，Zhang L．Differential fault analysis on HIGHT.Journal of Graduate University of Chinese Academy of Sciences，2012，29(2)：271－276.)
[11] 陈　浩，王　韬，张　帆等．HIGHT密码代数故障分析．上海交通大学学报，2015，49(12)：1817－1825，1832.(Chen H，Wang T，Zhang F，et al.Algebraic fault analysis of HIGHT.Journal of Shanghai Jiao Tong University，2015，49(12)：1817－1825，1832.)
[12] Joye M，Tunstall M．密码故障分析与防护．赵新杰，张世泽，张　帆等译．北京：科学出版社，2015，239－253.(Joye M，Tunstall M．Fault analysis in cryptography.Zhao X J，Zhang S J，Zhang F，et al.Beijing：Science Press，2015，239－253.)
[13] 郭世泽，王　韬，赵新杰．密码旁路分析原理与方法．北京：科学出版社，2014，169.(Guo S Z，Wang T，Zhao X J．Principles and methodologies of side－channel analysis in cryptography.Beijing：Science Press，2014，169.)

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed