Research On Ciphertext-only Fault Attacks Of Lightweight Block Ciphers LED And CRAFT

As an important part of modern cryptography,the lightweight block ciphers are widely used in Internet of Things(Io T)devices for security purpose because of the traits of small cost of implementation,easiness to standardization and fast speed.As one of the leading cryptanalysis,fault analysis is implemented through injecting faults into the cryptographic device by lasers,electromagnetic fields or clock glitches,and then obtaining the faulty output.By analyzing the information contained in the faulty output,the attacker can break the cipher in a short time.This attacking method is powerful and easy to implement.Therefore,fault analysis can effectively appraise the security of cryptographic algorithms in the Io T.Ciphertext-only fault analysis is one kind of fault analysis,which refers to recovering the secret key using the ciphertexts only.This can be collected from a cryptographic device after fault injections.This attacking method has more flexible applications and is of greater threat because it is performed under ciphertext-only attack assumption.This assumption requires minimal capability from the attacker.To ensure the security of cryptographic devices in Io T,appraisals of the resistance to ciphertext-only fault analysis of lightweight block ciphers are necessary.The LED lightweight block cipher was proposed by Guo et al.at CHES in 2011.It can be applied to resource-constrained Io T devices,such as RFID tags and smart cards.This cipher has small cost of implementation and fast speed,and features low power consumption,high throughput and high security.The state-of-the-art ciphertext-only fault analysis on LED relies on the traditional fault model which has limited fault actions and high fault injection requirements.This paper proposes and designs a reality-oriented non-uniform fault model and three novel distinguishers,such as average weight distinguisher,geometric average Hamming weight distinguisher,and geometric average weighted Jaccard distinguisher.The simulation experiments show that the novel distinguishers have advantages in terms of success rate,number of faults,and screening rate.It shows that the novel fault models and distinguishers lower the implementation threshold of ciphertext-only fault analysis.The CRAFT tweakable lightweight block cipher was proposed by Beierle et al.on To SC in2019.The cipher is applicable for resource-constrained Io T devices with low power supply and achieves high security.The tweakable parameters make the CRAFT more complex.So far,there is no research of the CRAFT against the ciphertext-only fault analysis.This paper proposes and designs a new overwriting fault model and four distinguishers,such as decision coefficient,Jaccard similarity,Poisson deviation,and cosine similarity.The simulation shows that the overwriting fault model and the new distinguishers can recover the secret key at the deeper round of fault injections,and require less faulty ciphertexts,greater screening rate and less calculation time.Ciphertext-only fault analysis on CRAFT provides an important reference for the resistance to fault analysis of futural lightweight block ciphers.This paper proposes several new fault models and distinguishers,and conducts simulations with the LED and CRAFT ciphers.The results show a reduction of the implementation threshold and an enhance of attacking performance of ciphertext-only fault analysis,which provide ideas for security analysis and the designing of the lightweight block ciphers.