Research On Fault Attacks And Defense Methods Of The Lightweight Ciphers

As a kind of classical side channel attack,differential fault attack(DFA)mainly relies on maliciously injecting faults during the execution of encryption devices,and then the key information is derived by analyzing the difference between the fault output and the non-fault output.Due to the characteristics of flexible fault injections and lower attack complexity,DFA usually induces a serious threat to the engineering application of encryption algorithms.At present,how to resist DFA has became an important research topic.In this thesis,based on the basic ideas of fault injection,infection calculation and fault detection,the lightweight ciphers ANU and Pyjamask are studied for DFA and protection schemes.The main research contents are as follows:1.An effective differential fault attack method for ANU-128 algorithm is proposed.This method mainly studies the differential fault attack of ANU-128.According to the key arrangement and linear permutation law of ANU-128 algorithm,a single bit fault is introduced randomly.Then,the fault is propagated by shifting operation and S-box substitution,and the optimized differential fault attack method is used to attack the whole encryption process.Finally,the results show that the master key of ANU-128 can be recovered by obtaining the last 9 rounds of the wheel key,and the average number of fault needed to recover the wheel key of each round is 10 bits.Compared with the existing attack methods,this method adopts random single-bit fault,the number of fault bits and fault ciphertext needed to recover the key of each round is less.2.A protection scheme against differential fault attack by locating fault source is proposed.The scheme is mainly based on the basic idea of fault detection and infective countermeasure.Specififically,in this scheme,some fresh random values are used to scramble the difference of ciphertexts and the infective function so that the secret key information in the encryption process cannot be derived.As an application,the scheme is applied to the protection of Pyjamask and SM4.It is illustrated this scheme can effectively protect Pyjamask and SM4 algorithm from DFA by scrambling the key information and accurately locating the fault source,which also verifies the effectiveness and universality of the scheme.Different from the existing schemes,the new scheme can not only quickly determine the exact fault injected location of the target encryption cipher,but also has the advantages of higher accuracy,easier implementation and less time complexity.3.A protection scheme against double fault injection is proposed.On the basis of the scheme which can locate the fault source,the protection scheme can resist the double fault attack by adding a message authentication code as the authentication label.In order to verify the applicability of the scheme,it is also applied to the lightweight cipher Pyjamask.It is illustrated this scheme can not only accurately locate the fault source bit in Pyjamask,but also accurately determine whether the injected fault is a double fault.Compared with the existing schemes,this scheme can not only locate the fault source but also effectively resist double faults,and can be effectively applied to all types of encryption algorithms.