[关键词]
[摘要]
DEFAULT是于2021年亚洲密码学年会中提出的一种新型轻量级密码算法, 适用于保护物联网中的微型芯片、微控制器和传感器等设备的信息安全. 本文基于唯密文的基本假设, 针对DEFAULT密码提出了一种基于代数关系的统计故障分析方法. 该方法使用随机半字节故障模型, 通过对代数关系的构造分析并结合故障注入前后中间状态的统计分布变化来破译密码. 此外, 本文采用AD检验—平方欧氏距离、AD检验—极大似然估计和AD检验—汉明重量等新型区分器, 最少仅需1344个故障即可以99%及以上的成功率破解该算法的128比特原始密钥. 理论分析和实验结果表明, DEFAULT密码不能抵抗基于代数关系的统计故障分析的攻击. 该研究为其它轻量级分组密码算法的安全性分析提供了有价值的参考.
[Key word]
[Abstract]
DEFAULT, a new lightweight cryptosystem presented at Asiacrypt in 2021, is designed to protect the information security of Internet of Things (IoT) devices, such as microchips, microcontrollers, and sensors. Based on the ciphertext-only attack assumption, the statistical fault analysis of the DEFAULT cipher with the algebraic relationship is proposed. The statistical fault analysis uses the random nibble-oriented fault model. It not only combines statistical distributions of the intermediate states before and after the fault injections but also takes advantage of the algebraic relationship and novel distinguishers, including Anderson Darling test–Square Euclidean imbalance, Anderson Darling test–Maximum likelihood estimate, and Anderson Darling test–Hamming weight. The analysis requires at least 1344 faults to achieve the reliability of 99% in the recovery of the 128-bit secret key of DEFAULT. The theoretical analysis and experimental results show that the DEFAULT lightweight cryptosystem is not resistant to the statistical fault attack based on the algebraic relationship. This study provides an important reference for the security analysis of the other lightweight cryptosystems.
[中图分类号]
TP309
[基金项目]
国家重点研发计划(2020YFA0712300); 国家自然科学基金(62172395, 62102077, 62072307); 信息安全国家重点实验室开放课题(2021-MS-05); 上海市扬帆计划(21YF1401200); 中央高校基本科研业基金(223202D-25)