轻量级密码MANTIS的唯密文故障分析
Ciphertext-Only Fault Analysis on the MANTIS Lightweight Cipher
- 电子学报 2022年50卷第4期 页码:967-976
- 作者机构:
1.东华大学计算机科学与技术学院,上海 201620
2.上海交通大学计算机科学与工程系,上海 200240
3.上海市可扩展计算机与系统重点实验室(上海交通大学),上海 200240
4.上海市信息安全综合管理技术研究重点实验室(上海交通大学),上海 220240
- 作者简介:
[ "李 玮 女,1980年8月出生,安徽寿县人.现为东华大学教授,博士生导师.主要研究方向为对称密码的设计与分析.E-mail: liwei.cs.cn@gmail.com" ]
[ "张雨希 女,1998年8月出生,黑龙江哈尔滨人.现为东华大学硕士研究生.主要研究方向为轻量级密码的安全分析." ]
[ "谷大武 男,1970年10月出生,河南漯河人.现为上海交通大学教授,博士生导师.主要研究方向为密码学和计算机安全." ]
[ "张金煜 男,1998年2月出生,浙江嘉兴人.现为东华大学硕士研究生.主要研究方向为轻量级密码的故障分析." ]
[ "朱晓铭 男,1998年1月出生,河北邯郸人.现为东华大学硕士研究生.主要研究方向为轻量级密码的安全分析." ]
[ "刘 春 女,2000年3月出生,江西萍乡人.现为东华大学硕士研究生.主要研究方向为轻量级密码的安全分析." ]
[ "蔡天培 男,1996年12月出生,浙江温州人.现为东华大学硕士研究生.主要研究方向为对称密码的安全性分析." ]
[ "李嘉耀 男,1996年4月出生,广东广州人.现为东华大学博士研究生.主要研究方向为对称密码的故障分析." ]
- 基金信息:国家自然科学基金(61772129;61932014);国家密码发展基金(MMJJ20180101);上海市自然科学基金(19ZR14 02000);上海市可扩展计算与系统重点实验室开放课题;上海市信息安全综合管理技术研究重点实验室开放课题;中央高校基本科研业务费专项资金
DOI:10.12263/DZXB.20211026
中图分类号: TP309.7;收稿:2021-08-01,
修回:2022-01-17,
纸质出版:2022-04-25
- 稿件说明:
移动端阅览
李玮,张雨希,谷大武等.轻量级密码MANTIS的唯密文故障分析[J].电子学报,2022,50(04):967-976.
LI Wei,ZHANG Yu-xi,GU Da-wu,et al.Ciphertext-Only Fault Analysis on the MANTIS Lightweight Cipher[J].ACTA ELECTRONICA SINICA,2022,50(04):967-976.
李玮,张雨希,谷大武等.轻量级密码MANTIS的唯密文故障分析[J].电子学报,2022,50(04):967-976. DOI: 10.12263/DZXB.20211026.
LI Wei,ZHANG Yu-xi,GU Da-wu,et al.Ciphertext-Only Fault Analysis on the MANTIS Lightweight Cipher[J].ACTA ELECTRONICA SINICA,2022,50(04):967-976. DOI: 10.12263/DZXB.20211026.
摘要
MANTIS密码是于2016年美密会上提出的一种轻量级可调分组密码,它的设计采用FX结构和TWEAKEY框架,适用于物联网环境中具有低延迟、高实时安全需求的受限设备中.本文基于半字节随机故障模型以及唯密文攻击,提出并讨论一种针对MANTIS密码的新型唯密文故障分析.该分析结合公开调柄,利用故障注入后中间状态的不均匀性,可以破译MANTIS的全部版本.实验结果表明,提出的新型双重区分器狄利克雷分布-汉明重量以及狄利克雷分布-极大似然最少分别需要392和396个故障,以99%及以上的成功率破译MANTIS各版本的128 bit原始密钥,不仅减少了故障注入数,而且提高了攻击效率,因此,MANTIS密码不能抵抗唯密文故障分析的攻击.该结果为其他轻量级可调分组密码的安全性分析和防护提供了重要参考.
Abstract
The lightweight tweakable block cipher MANTIS was published at the international Cryptology conference in 2016. It adopts the FX construction and the TWEAKEY framework
and can be applicable to the devices with the security requirements of low latency and high real time in the Internet of Things. The novel ciphertext-only fault analysis on MANTIS is proposed and discussed on the basis of the random nibble-oriented fault model and the assumption of ciphertext-only attack. On the public tweaks
the attackers can take advantage of the non-uniform property of the nibbles after fault injections
and recover the secret keys of all versions of MANTIS. The experimental results show that the new double distinguishers of Dirichlet distribution-Hamming weight and Dirichlet distribution-maximum likelihood can recover the 128-bit secret key with 392 and 396 faults
respectively. And the probability of success is no less than 99%. The proposed ciphertext-only fault analysis can not only decrease the faults
but improve the attacking efficiency. Thus
MANTIS cannot resist against the ciphertext-only fault analysis. It is vital for the security analysis and protection of other lightweight tweakable block ciphers.
关键词
Keywords
references
ZAINUDDIN N , DAUD M , AHMAD S , et al . A study on privacy issues in Internet of Things(IoT) [C]// Proceedings of the 5th International Conference on Cryptography, Security and Privacy . New York : IEEE , 2021 : 96 - 100 .
SHAIKH E , MOHIUDDIN I , MANZOOR A . Internet of Things(IoT): Security and privacy threats [C]// Proceedings of the 2nd International Conference on Computer Applications & Information Security . New York : IEEE , 2019 : 1 - 6 .
GUO J , PEYRIN T , POSCHMANN A , et al . The LED block cipher [C]// PRENEEL B, TAKAGI T. Proceedings of the 13th International Workshop on Cryptographic Hardware and Embedded Systems . Berlin : Springer , 2011 : 326 - 341 .
WU W , ZHANG L . LBlock: a lightweight block cipher [C]//LOPEZ J, TSUDIK G. Proceedings of the 9th International Conference on Applied Cryptography and Network Security . Berlin : Springer , 2011 : 327 - 344 .
BORGHOFF J , CANTEAUT A , GÜNEYSU T , et al . PRINCE-a low-latency block cipher for pervasive computing applications [C]//WANG X, SAKO K. Proceedings of the 18th International Conference on the Theory and Application of Cryptology and Information Security . Berlin : Springer , 2012 : 208 - 225 .
BANIK S , BOGDANOV A , ISOBE T , et al . Midori: A block cipher for low energy [C]//IWATA T, CHEON J. Proceedings of the 21st International Conference on the Theory and Application of Cryptology and Information Security . Berlin : Springer , 2015 : 411 - 436 .
BEIERLE C , LEANDER G , MORADI A , et al . CRAFT: lightweight tweakable block cipher with efficient protection against DFA attacks [J]. IACR Transactions on Symmetric Cryptology , 2019 , 2019( 1 ): 5 - 45 .
KIM H , JEON Y , KIM G , et al . PIPO: A lightweight block cipher with efficient higher-order masking software implementations [C]//HONG D. Proceedings of the 23rd Information Security and Cryptology . Berlin : Springer , 2020 : 99 - 122 .
BEIERLE C , JEAN J , KÖLBL S , et al . The SKINNY family of block ciphers and its low-latency variant MANTIS [C]//ROBSHAW M, KATZ J. Proceedings of the 36th International Cryptology Conference . Berlin : Springer , 2016 : 123 - 153 .
KILIAN J , ROGAWAY P . How to protect DES against exhaustive key search [J]. Lecture Notes in Computer Science , 1996 , 1109 : 252 - 267 .
LISKOV M , RIVEST R L , WAGNER D . Tweakable block ciphers [J]. Journal of Cryptology , 2002 , 2442 : 531 - 46 .
JEAN J , NIKOLIĆ I , PEYRIN T . Tweaks and keys for block ciphers: The TWEAKEY framework [C]//SARKAR P, IWATA T. Proceedings of the 20th International Conference on the Theory and Application of Cryptology and Information Security . Berlin : Springer , 2014 : 274 - 288 .
DOBRAUNIG C , EICHLSEDER M , KALES D , et al . Practical key-recovery attack on MANTIS 5 [J]. IACR Transactions on Symmetric Cryptology , 2016 , 2016( 2 ): 248 - 260 .
EICHLSEDER M , KALES D . Clustering related-tweak characteristics: application to MANTIS-6 [J]. IACR Transactions on Symmetric Cryptology , 2018 , 2018( 2 ): 111 - 132 .
CHEN S Y , LIU R , CUI T T , et al . Automatic search method for multiple differentials and its application on MANTIS [J]. Science China Information Sciences , 2019 , 62 ( 3 ): 145 - 159 .
ANKELE R , DOBRAUNIG C , GUO J , et al . Zero-correlation attacks on tweakable block ciphers with linear tweakey expansion [J]. IACR Transactions on Symmetric Cryptology , 2019 , 2019( 1 ): 192 - 235 .
BEYNE T . Block cipher invariants as eigenvectors of correlation matrices [J]. Journal of Cryptology , 2020 , 33 ( 3 ): 1156 - 1183 .
BONEH D , DEMILLO R , LIPTON R . On the importance of checking cryptographic protocols for faults [C]//FUMY W. Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques . Berlin : Springer , 1997 : 37 - 51 .
BIHAM E , SHAMIR A . Differential fault analysis of secret key cryptosystems [C]//KALISKI B S. Proceedings of the 17th International Cryptology Conference . Berlin : Springer , 1997 : 513 - 525 .
COURTOIS N T , WARE D , JACKSON K . Fault-algebraic attacks on inner rounds of DES [C]// Proceedings of the European Smart Card Security Conference . Montreuil : Computer Science , 2010 : 22 - 24 .
DERBEZ P , FOUQUE P A , LERESTEUX D . Meet-in-the-middle and impossible differential fault analysis on AES [C]//PRENEEL B, TAKAGI T. Proceedings of the 13th International Workshop on Cryptographic Hardware and Embedded Systems . Berlin : Springer , 2011 : 274 - 291 .
FUHR T , JAULMES E , LOMNÉ V , et al . Fault attacks on AES with faulty ciphertexts only [C]// Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography . New York : IEEE , 2013 : 108 - 118 .
DOBRAUNIG C , EICHLSEDER M , KORAK T , et al . Statistical fault attacks on nonce-based authenticated encryption schemes [C]//CHEON J, TAKAGI T. Proceedings of the 22nd International Conference on the Theory and Application of Cryptology and Information Security . Berlin : Springer , 2016 : 369 - 395 .
LI W , LIAO L F , GU D W , et al . Ciphertext-only fault analysis on the LED lightweight cryptosystem in the Internet of Things [J]. IEEE Transactions on Dependable and Secure Computing , 2019 , 16 ( 3 ): 454 - 461 .
李玮 , 吴益鑫 , 谷大武 , 等 . LBlock轻量级密码算法的唯密文故障分析 [J]. 计算机研究与发展 , 2018 , 55 ( 10 ): 2174 - 2184 .
LI W , WU Y X , GU D W , et al . Ciphertext-only fault analysis of the LBlock lightweight cipher [J]. Journal of Computer Research and Development , 2018 , 55 ( 10 ): 2174 - 2184 . (in Chinese)
李玮 , 吴益鑫 , 谷大武 , 等 . SIMON轻量级密码算法的唯密文故障分析 [J]. 通信学报 , 2019 , 40 ( 11 ): 122 - 137 .
LI W , WU Y X , GU D W , et al . Ciphertext-only fault analysis of the SIMON lightweight cipher [J]. Journal on Communications , 2019 , 40 ( 11 ): 122 - 137 . (in Chinese)
0
浏览量
8
下载量
0
CSCD
- 网络PDF下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies