Research And Implementation Of Persistent Fault Attack Based On Protected Block Cipher

In recent years,fault attacks and side-channel analysis have posed a great threat to the security of traditional cipher chips.Although some protection countermeasures have been proposed,many new fault attack schemes have emerged to overcome protection countermeasures.Persistent fault analysis(PFA)of AES based on S-box proposed in CHES 2018[1],which makes the countermeasures based on redundancy detection invalid.In addition,the persistent fault-based collision analysis(PFCA)proposed in 2021 is not hindered by first-order masking and simple time-redundant countermeasures[22],so persistent fault-based attack has attracted extensive attention.However,except for the statistical invalid fault attack,other fault attack methods are invalid to the combined protection strategy of masking and redundant detection.Therefore,whether PFA and PFCA can resist the combined protection strategy is the concern of everyone.In addition,PFA can break the countermeasures based on spatial redundancy,while PFCA is ineffective for the protection mode using inverse S-box detection in AES.How to expand PFCA to break the countermeasures of spatial redundancy detection becomes a difficult problem.Finally,the above two types of persistent fault-based attacks are currently only used for SPN block ciphers,so how to extend to Feistel block ciphers and solve the diffusion and masking round function output effects caused by branching structure is also a difficult problem.To solve the above problems,the main contributions of this paper are as follows:1)In order to explore the protection effect of the combined countermeasures of high-order masking and different mode redundancy detection against persistent fault attacks,PFA is used to attack the combined countermeasures of high-order masking combined with simple time redundancy and reverse operation respectively.PFCA is used to break the combination of high-order masking and simple time redundancy,only need 4096 ciphertexts can it get 100%success-rate of key recovery.2)In order to analyze the security effect of protection countermeasures under different granularity,a persistent fault attack scheme using side-channel information is proposed.For fine-grained countermeasures,collisions are observed either by direct measurement or by indirect measurement of encryption time using power traces.A dynamic weight sliding window algorithm is proposed to realize the automatic analysis of the threshold at the end of the first round of encryption,and the filtering algorithm in PFCA is improved to improve the success rate of attack.For coarse-grained countermeasures,the plaintext byte set whose intermediate state value collides is identified by the correlation between different plaintext encryption power traces,and the key is recovered.In the case of a single-byte fault,the key can be successfully recovered with nearly 100%probability,and in the case of a multi-byte fault,the attack success rate is more than 90%.3)To explore the applicability of persistent fault attack to protected Feistel block ciphers,this paper proposes to use the encryption power traces to judge the number of rounds of encryption execution,and decrypt the selected plaintexts to get the new initial plaintexts,to implement persistent fault attack against SM4 algorithm protected by fine-grained game.It is verified that this attack scheme is suitable for both single-byte and multi-byte faults,and the correct key can be successfully recovered with about 100%probability under a single-byte fault.At last,through simulation experiments,this paper verifies the feasibility and effectiveness of the proposed attack scheme,broadens the application scope of persistent fault attack,and has certain guiding significance for the design of countermeasures in the future.