Research On Ciphertext-only Fault Analysis Of The MANTIS And LEA Lightweight Block Ciphers

The lightweight block cipher is widely used in the wireless devices of Internet of Things because of its less time-consuming execution and low requirements for equipment computing power,and its security has been paid more and more attention.Fault analysis uses the fault information leaked by the cryptosystem to crack the cipher,which is suitable for the attack of cryptosystem in the Io T devices.Ciphertext-only fault analysis uses the unbalanced distribution of the error intermediate states corresponding to the fault ciphertexts to recover the key.Ciphertext-only fault analysis has a wider application scenario,because it has the weakest requirements for the attacker's ability to control the encryption device and it is easier to threaten the cryptographic devices.At present,there is no ciphertext-only fault analysis researches on MANTIS and LEA lightweight block cipher at home and abroad.This dissertation proposes a ciphertext-only fault analysis method for MANTIS and LEA,and discusses whether there are new distinguishers with higher attack efficiency.The main contents of the dissertation are as follows:The MANTIS lightweight block cipher is an FX-structure tweakable block cipher with the TWEAKEY framework,which is published at the International Cryptology Conference in 2016.MANTIS is a low-latency cipher which is suitable for restricted devices with high real-time security requirements in the Io T environment.At present,the research on MANTIS at home and abroad focuses on the traditional attack.This dissertation explores the security of MANTIS under ciphertext-only fault analysis,using Square Euclidean Imbalance,Hamming Weight,Maximum Likelihood,Goodness of Fit,Goodness of Fit-Square Euclidean Imbalance,Goodness of FitMaximum Likelihood and Goodness of Fit-Hamming Weight distinguishers,as well as Dirichlet Distribution-Maximum Likelihood and Dirichlet Distribution-Hamming Weight distinguishers for statistical analysis.The results show that the Dirichlet Distribution-Maximum Likelihood and Dirichlet Distribution-Hamming Weight new distinguishers can retrieve the secret keys of all variants of MANTIS with only 392 and 396 faults respectively with a success rate of no less than99%,which reduce the faults.The LEA is a lightweight block cipher with ARX structure proposed at WISA conference in2013.It is a lightweight cipher of the international ISO/IEC 29192-2:2019 standard and a national standard of South Korea(KS x 3246).LEA has fast encryption speed,small code size,and it is suitable for high-speed environments and Io T devices.Till now,the security analysis of LEA is mainly based on traditional analysis methods and differential fault analysis,and the basic assumptions are mainly focused on known-plaintext and chosen-plaintext attack.Based on the analysis of ARX structure,this dissertation uses ciphertext-only fault analysis method to test the security of LEA algorithm,and uses Square Euclidean Imbalance,Hamming Weight,Maximum Likelihood,Goodness of Fit and Ratio Distance distinguishers for statistical analysis.According to the experiments,the ciphertext-only fault analysis method can recover all versions of LEA,and the success rate of key recovery is at least 99%.The number of faults required by the new distinguisher to recover the complete keys of LEA-128,LEA-192 and LEA-256 is 113,224 and262 respectively,and the attack effect is the best.According to the experiments in this dissertation,MANTIS and LEA are very fragile when facing ciphertext-only fault analysis.The main findings of this study provide a reference for analyzing the security of lightweight block ciphers with the same structures and new opinions for the design of lightweight block ciphers.