Research On The Fault Analysis Of The LED And The TWINE Lightweight Block Ciphers

Cryptography is the foundation of information security technology. As one of the core contents of cryptography research, the block cipher is widely used for its security and efficiency. With the advancement and deployment of the Internet of Things, the vehicular ad-hoc networks and other technologies, the encryption unit of cryptosystem becoming more limited in processing capability, storage space and power supply. It is very critical to realize that efficient cryptosystems, i.e., lightweight cryptosystems are mostly desired. The lightweight cryptosystems have a broad application prospect due to the advantages of high encryption efficiency and good implementation ability. Therefore, its security has drawn much attention in both domestic and overseas. Fault analysis is one of the most important attacks on cryptographic devices in the Internet of Things, and is much more powerful than classical cryptanalysis. The attackers could inject faults into the cryptosystems of the RFID and other highly constrained devices, and derive the secret keys by amplifying and evaluating leaked information with the help of statistical methods. The result of fault attack on lightweight block cipher algorithm is helpful to discover the vulnerabilities and shortcomings of the algorithm, and will be beneficial to the analysis of the same type of other iterated lightweight cryptosystems.The paper analyzes the security of some new block ciphers. On the basis of 4-bit fault model, differential analysis and impossible differential analysis, the paper presents an effective impossible differential fault attack on the LED which takes SPN structure and a new differential fault attack on the TWINE that takes Feistel-base structure to recover the secret keys of the two algorithms.The LED, proposed by J. Guo et al. in CHES 2011, is a typical substitution-permutation network lightweight cryptosystem. The LED has a good compact hardware implementation and maintains good software-friendly features. Since its introduction, some research of fault analysis has been devoted to attacking the last three rounds of LED. It is an open problem to know whether provoking faults at a former round of LED allows to recovering the secret key. This paper shows a new impossible differential fault analysis on one round earlier of all LED keysize variants. Mathematical analysis and simulating experiments show that the attack could recover the 64-bit and 128-bit secret keys of LED by introducing 48 faults and 96 faults in average, respectively. The result describes that the LED is vulnerable to a half-byte impossible differential fault analysis. It will beneficial to the analysis of the same type of other iterated lightweight cryptosystems taking SPN structure.The TWINE is a new lightweight cryptosystem that takes generalized Feistel-based structure. Since its introduction, the TWINE has been the target of classical cryptanalytic efforts, which achievements are limited to the analysis of algorithm’s structure and the complexity of attack is generally high. The paper proposes an effective differential fault attack on the TWINE cryptosystem on the basis of the 4-bit fault model and the differential analysis. Mathematical analysis and simulating experiments show that the attack could recover its 80-bit and 128-bit secret keys by introducing 8 faulty ciphertexts and 18 faulty ciphertexts on average, respectively. The result describes that the TWINE is vulnerable to differential fault analysis, and will be beneficial to the analysis of the same type of other iterated lightweight with Feistel-base structure cryptosystems.