Differential Fault Attack On Two Lightweight Block Ciphers

Cryptography is the foundation of information security,and block cipher is an important content of cryptography,which is the core system to realize information security.The security analysis of block cipher is always an important part of cryptography.In recent years,with the introduction of the"Internet plus"strategy and the rapid development of the Internet of things,the hardware environment of block cipher has changed,and encryption devices begin to transit to highly constrained devices with low computing power,small storage space and low operation energy consumption.This change puts forward new requirements for the design of block cipher,and the concept of lightweight block cipher is proposed,which quickly becomes an important direction in the field of block cipher research.The security analysis of cipher has been very active in the field of cryptography.Since lightweight block cipher was proposed,it has attracted the attention of many scholars.How to ensure the security of the algorithm under the requirement of lightweight has become an important topic.The traditional cryptanalysis method studies the security from the mathematical structure of lightweight block cipher,but in the practical application,the cipher is usually implemented by various chips,such as smart card,encrypted memory card,etc.These devices may leak some intermediate state information when they are running,so as to face the threat of side-channel attack.Differential fault attack,as one of the most effective and widely used attack methods in side-channel attack,has attracted great attention of scholars engaged in cryptography and microelectronics domestically and abroad.The theoretical analysis and physical excitation of this method have also made great progress,so it is necessary to carry out differential fault analysis on lightweight block cipher.In this thesis,two kinds of lightweight block cipher with Feistel structure,FeW and GOST,are attacked by differential fault attack.Under various fault models,the security of these two ciphers against differential fault attack is evaluated,and complete attack schemes and simulations are given.The research results are of great significance to the security analysis of other iterative block ciphers with Feistel structure.Few is a new lightweight block cipher published by Kumar etc.in 2019.It can be implemented on small hardware and micro controller with high efficiency of hardware and software implementation.In order to evaluate the security of FeW,a differential fault analysis method is proposed and discussed using a single byte random fault model.In this method,a single byte random fault is introduced on the right side of the last round of FeW to recover the key based on the statistical characteristics of S-box difference distribution,and the difference information obtained using the characteristics of the linear diffusion function.The experimental results show that the master key can be recovered with an average of 47.73 and 79.55 fault injections for FeW-64-80 and FeW-64-128 respectively.Furthermore,a key recovery scheme combined with exhaustive search is also proposed.If2¹⁰exhaustive calculations are added in the key recovery process,the number of fault injections required on average can be reduced to 24.90 and 41.50 respectively,which provides a new way for similar attacks.GOST is the encryption standard of the Russian government published in 1994.It has a simple structure and good security performance,and is still widely used in the Russian Federation.In addition,GOST has extremely high hardware implementation efficiency,which conforms to the design criteria of lightweight cryptographic algorithm,and is suitable for resource constrained devices such as RFID.It was submitted to ISO in 2010 to become a global industrial encryption standard.In this thesis,the modular addition component of GOST is analyzed in detail,and the modular addition operation is transformed into exclusive or operation equivalently,which provides the possibility for differential fault attacks.After the differential fault analysis under various fault models,a single byte fault and multi round attack method for GOST is finally determined.The fault time of this method is a single round fault in a limited range,and the fault location is a single byte random fault.The experimental results show that 256 bit master key can be recovered with an average of 7.52 fault injections,and the recovery rate within 12 faults is98%.This method has important reference significance for the differential fault analysis of the same type of algorithm with modular addition components.