Research On Ciphertext–only Fault Analysis Of Several Lightweight Cryptosystems

Lightweight cryptosystems are the focus and hotspot of cryptographic research in recent years.Compared with traditional cryptosystems,it has the characteristics of low resource consumption and efficient implementation.With the development of Internet of Things and information technology,lightweight cryptosystems are also widely used in the field of data security and protection in the Internet of Things.In recent years,side–channel analysis has become one of the important methods of security analysis of lightweight cryptosystems,that is,to recover the master key by using the information leaked during the operation of cryptographic devices,including energy loss,electromagnetic radiation,optical information and execution time,etc.Ciphertext–only fault analysis belongs to side–channel analysis with the basic assumption of ciphertext–only.The attackers only need to have the ability of inducing faults and achieving ciphertext samples.The ciphertext–only fault analysis requires the weakest ability of the attacker.Therefore,it is a great significance to the security implementation of cryptosystems.The PRESENT algorithm is a lightweight cryptographic algorithm proposed at the Encryption Hardware and Embedded Systems Conference(CHES)in 2007.In 2019,it became the latest international lightweight cryptographic standard ISO/IEC–29192–2:2019,which is used to ensure resource–constrained devices in the Internet of Things.security.By combining the meet–in–the–middle analysis,this paper proposes the meet–in–the–middle statistical fault analysis,and designs and implements new distinguisher such as PCC–HW,KLD–HW and JSC–HW–MLE.The innovative fault analysis optimizes the existing ciphertext–only fault analysis methods.This method uses space for time by precomputing and storing part of the analysis process,and combines a new type of distinguisher.The performance of important indicators such as the number of injection fault round,time consumption,number of faults and accuracy is better,which effectively expands the attack range and improves the attack efficiency.SUNDAE–GIFT and GIFT–COFB are both lightweight authenticated encryption algorithms with GIFT–128 as the underlying block cipher.The two cryptographic algorithms were selected for the second round of selection and the finalist of the Lightweight cryptography standardization project initiated by the National Institute of Standards and Technology(NIST),respectively.To the best of our knowledge,there is no relevant research on ciphertext–only fault analysis under the condition of the weakest attackers ability.This paper firstly implements statistical fault analysis for SUNDAE–GIFT,that proves that ciphertext–only fault analysis threatens the authenticated encryption algorithm with GIFT as the underlying block cipher.Then,for the GIFT–COFB,the statistical ineffective fault analysis is firstly realized.The attackers introduce fault in the penultimate round,the countermeasures designed by the authenticated mechanism of the authenticated encryption algorithm can be overcome.At last,this paper combines with meet–in–the–middle analysis,the location of the injection fault was deepened to the third–to–last round,and the number of faults has been reduced from 1088 ineffective faults to 624 ineffective faults.At present,there are relevant ciphertext–only fault analysis for lightweight block ciphers and lightweight authenticated encryption algorithms.This paper applies a variety of ciphertext–only fault analysis methods to lightweight block cipher PRESENT,lightweight authenticated encryption algorithms SUNDAE–GIFT and GIFT–COFB.The research results provide a reference for security analysis of lightweight ciphers and new ideas for improving the attack efficiency of ciphertext–only fault analysis.