ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2018, Vol. 55 ›› Issue (10): 2174-2184.doi: 10.7544/issn1000-1239.2018.20180437

所属专题: 2018分布式安全与区块链技术研究专题

• 信息安全 • 上一篇    下一篇

LBlock轻量级密码算法的唯密文故障分析

李玮1,2,3,4,吴益鑫1,谷大武2,曹珊1,廖林峰1,孙莉1,刘亚5,刘志强2   

  1. 1(东华大学计算机科学与技术学院 上海 201620);2(上海交通大学计算机科学与工程系 上海 200240);3(上海市可扩展计算与系统重点实验室(上海交通大学) 上海 200240);4(上海市信息安全综合管理技术研究重点实验室(上海交通大学) 上海 200240);5(上海理工大学计算机科学与工程系 上海 200093) (liwei.cs.cn@gmail.com)
  • 出版日期: 2018-10-01
  • 基金资助: 
    国家自然科学基金项目(61772129);国家密码发展基金项目(MMJJ20180101)

Ciphertext-Only Fault Analysis of the LBlock Lightweight Cipher

Li Wei1,2,3,4, Wu Yixin1, Gu Dawu2, Cao Shan1, Liao Linfeng1, Sun Li1, Liu Ya5, Liu Zhiqiang2   

  1. 1(School of Computer Science and Technology, Donghua University, Shanghai 201620);2(Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240);3(Shanghai Key Laboratory of Scalable Computing and Systems (Shanghai Jiao Tong University), Shanghai 200240);4(Shanghai Key Laboratory of Integrate Administration Technologies for Information Security (Shanghai Jiao Tong University), Shanghai 200240);5(Department of Computer Science and Engineering, University of Shanghai for Science and Technology, Shanghai 200093)
  • Online: 2018-10-01

摘要: LBlock算法是在2011年ANCS会议上提出来的一种轻量级分组密码算法. 它是一种具有Feistel结构的典型密码,并且广泛应用于物联网安全中.提出了针对Feistel结构的LBlock密码算法的新型唯密文故障分析方法,通过在算法的倒数第4轮导入故障,分别使用6种区分器对算法进行分析.在原有的SEI区分器、GF区分器、GF-SEI双重区分器、MLE区分器基础上,提出了GF-MLE双重区分器和MLE-SEI双重区分器作为新型区分器.仿真实验结果表明:可以在较短的时间内使用较少的故障数且以99%的成功概率恢复出主密钥并破译算法,其中提出的2种新型区分器比原有区分器所需故障数更少、效率更高.由此说明唯密文故障攻击对LBlock算法的安全性构成了巨大的威胁.

关键词: 轻量级密码, LBlock, 唯密文故障攻击, 物联网, 密码分析

Abstract: The lightweight cipher LBlock was proposed at ANCS in 2011. It has the structure of Feistel and is widely applied in the security of Internet of things (IoT). In this paper, a cipher-text fault analysis for LBlock cipher by injecting faults is proposed, and it is analyzed by 6 distinguishers in the last but 3 rounds. On the basis of original distinguishers as SEI, GF, GF-SEI, MLE, we propose GF-MLE and MLE-SEI distinguishers as new distinguishers. The simulation experiments show that the secret key can be recovered with over 99% success probability in a short period of time, and these two new distinguishers can not only improve the attacking efficiency, but also decrease the number of faults. This shows that the ciphertext-only fault analysis poses a great threat to the security of LBlock cipher.

Key words: lightweight cipher, LBlock, ciphertext-only fault analysis, Internet of things (IoT), cryptanalysis

中图分类号: