Algebraic Attack Error Lightweight Block Cipher Nonlinear Module

With the development of computer technology, the security in the aspect of data storage andtransmission has become a challenge. The appearance of the Internet of things, brings a largenumber of mini computing devices. These devices have limited computing power, low storagecapacity and low performance, so the traditional block cipher looks large in this equipment. Thelightweight block cipher emerge as the times require. In view of the limited environments, andthe high performance will impact the security of it, so we should try our best to find the balancebetween security and performance.The traditional attacks are to consider the safety from the point of algorithm’s design, butwith the enhancement of cipher designers’ rigors, it has become a hot spot to considerthe realizing of the algorithm. Thus, the differential fault attack rise. This paper is based on thecombination of differential fault attack, meet in the middle attack and algebraic methods, and weexplore the safety of lightweight block cipher using KATAN and LED as two examples.In this paper, we detailly describe the attack process. The method needs to induce faultfirstly, in order to produce faulse state vector. And then find the attack’s breach by usingmathematical features from the algorithm. Match the intermediate state and deduct thedifferential fault expressions to recover the keys. In these expressions, there are many linearequations, which are solved very easily. The method of calculation in the whole process is purealgebraic. Without the need of storage space, the method reduces the time complexity. In theanalysis of KATAN, we recover correct key with using the weakness from linear feedback shiftregister, and reduce complexity from2128to2124. In the attack on LED, we use two methods toattack, which inject fault in advance. Thus this increases the difficulty on the attack. Finally thedata complexity of attack is232and the time complexity is234. The practice shows that thecipher KATAN and LED do not have immunity on the algebraic faulty attack.