| In recent years,the combination of internet and traditional industry has received a lot of attention with the introduction of“Internet Plus”strategy.And the new information industry,represented by the Internet of Things?IoT?,is growing faster and faster.Different from the traditional information transmission,the equipments in Internet of Things generally have characteristics of low computing ability,storage capacity,power consumption,which put forward a new challenge to information security transmission and storage.However for traditional cryptographic algorithms,whether block cipher such as AES,or public key cryptology such as RSA,the computing power,storage capacity of equipments and power consumption are higher.Therefore traditional cryptographic algorithms do not apply to the Internet of Things devices.In order to solve this problem,researchers in cryptography proposed lightweight block ciphers based on traditional block cipher,which have achieved the balance of security and applicability with advantages of simple structure,weak requirements for computing power,and low power consumption advantages which can be widely used in the internet of things devices.With the rapid development of the design theory of lightweight block ciphers,the theory of cryptanalysis is also advancing with the times.Since designers of lightweight block cipher with advantages of backwardness have considered most of traditional attacks,it is hard for traditional attacks to threaten these new ciphers with a single analysis method.Therefore,a combined attack based on more than one traditional attack method has become one of the trends in cryptanalysis,which makes full use of all the features of each attack method for every design flaw.Side-channel attack is another trend in cryptanalysis.It is different from the traditional analysis method,which extracts the secret utilizing methods such as errors introduction,radiation analysis and power analysis during the process of the algorithm implementation.The most commonly used method in side-channel attack is differential fault analysis.By injecting fault in the process of algorithm implementation,the correct key can be restored using the difference between correct ciphertexts and wrong ciphertexts based on differential analysis.In this thesis,we use the related key impossible differential analysis to attack ESF cipher for the first time.According to the weakness of the key schedule algorithm in ESF,we choose the non-zero key difference which does not pass the S-box to make the number of active S-box minimum and the length of differential chain longest.Then we construct two10-rounds related key impossible differential path and attack 13-round ESF and 14-round ESF.The analysis results show that the attack of 13-round ESF needs 260 chosen plaintexts,223 encrypting computations and recovers 18-bit key.And the attack of14-round ESF needs 26 2 chosen plaintexts,243.2encrypting computations and recovers37-bit.Compared with the existing single attack on ESF,our results are better,which also verifies the effectiveness of the combined attack.We also use the differential fault analysis to analyze LBlock cipher in this thesis.We have researched the existing methods of differential fault analysis on LBlock and find the disadvantages of these method.Then we propose a new method which called the improved differential fault analysis and use the improved method to attack LBlock cipher.Inject faults in the 29th round to restore all the 32-round key,and then almost all of the 31-round key can be restored by making full use of each pair of ciphertext differences.Next,inject a few nibble faults to the input register of round 28 and 29 to recover the remaining bits of the 31-round key and the 30-round key completely.Then the master key can be restored according to the key schedule algorithm of LBlock.The result of computer simulation show that the master key can be restored completely by injecting up to 8.7 faults on average,which is better than the existing results of differential fault analysis on LBlock.The results also verify the effectiveness of the improved differential fault analysis. |
PDF Full Text Request