LBlock轻量级密码算法的唯密文故障分析

李玮; 吴益鑫; 谷大武; 曹珊; 廖林峰; 孙莉; 刘亚; 刘志强

doi:10.7544/issn1000-1239.2018.20180437

LBlock轻量级密码算法的唯密文故障分析

李玮^1,2,3,4,
吴益鑫¹,
谷大武²,
曹珊¹,
廖林峰¹,
孙莉¹,
刘亚⁵,
刘志强²

¹(东华大学计算机科学与技术学院上海 201620)
²(上海交通大学计算机科学与工程系上海 200240)
³(上海市可扩展计算与系统重点实验室(上海交通大学) 上海 200240)
⁴(上海市信息安全综合管理技术研究重点实验室(上海交通大学) 上海 200240)
⁵(上海理工大学计算机科学与工程系上海 200093) (liwei.cs.cn@gmail.com)

基金项目: 国家自然科学基金项目(61772129);国家密码发展基金项目(MMJJ20180101)

详细信息

中图分类号: TP309.7
计量
- 文章访问数: 1290
- HTML全文浏览量: 4
- PDF下载量: 395
出版历程
- 发布日期: 2018-09-30

Ciphertext-Only Fault Analysis of the LBlock Lightweight Cipher

Li Wei^1,2,3,4,
Wu Yixin¹,
Gu Dawu²,
Cao Shan¹,
Liao Linfeng¹,
Sun Li¹,
Liu Ya⁵,
Liu Zhiqiang²

¹(School of Computer Science and Technology, Donghua University, Shanghai 201620)
²(Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240)
³(Shanghai Key Laboratory of Scalable Computing and Systems (Shanghai Jiao Tong University), Shanghai 200240)
⁴(Shanghai Key Laboratory of Integrate Administration Technologies for Information Security (Shanghai Jiao Tong University), Shanghai 200240)
⁵(Department of Computer Science and Engineering, University of Shanghai for Science and Technology, Shanghai 200093)

摘要

摘要: LBlock算法是在2011年ANCS会议上提出来的一种轻量级分组密码算法. 它是一种具有Feistel结构的典型密码，并且广泛应用于物联网安全中.提出了针对Feistel结构的LBlock密码算法的新型唯密文故障分析方法，通过在算法的倒数第4轮导入故障，分别使用6种区分器对算法进行分析.在原有的SEI区分器、GF区分器、GF-SEI双重区分器、MLE区分器基础上，提出了GF-MLE双重区分器和MLE-SEI双重区分器作为新型区分器.仿真实验结果表明:可以在较短的时间内使用较少的故障数且以99%的成功概率恢复出主密钥并破译算法，其中提出的2种新型区分器比原有区分器所需故障数更少、效率更高.由此说明唯密文故障攻击对LBlock算法的安全性构成了巨大的威胁.
- 轻量级密码 /
- LBlock /
- 唯密文故障攻击 /
- 物联网 /
- 密码分析
Abstract: The lightweight cipher LBlock was proposed at ANCS in 2011. It has the structure of Feistel and is widely applied in the security of Internet of things (IoT). In this paper, a cipher-text fault analysis for LBlock cipher by injecting faults is proposed, and it is analyzed by 6 distinguishers in the last but 3 rounds. On the basis of original distinguishers as SEI, GF, GF-SEI, MLE, we propose GF-MLE and MLE-SEI distinguishers as new distinguishers. The simulation experiments show that the secret key can be recovered with over 99% success probability in a short period of time, and these two new distinguishers can not only improve the attacking efficiency, but also decrease the number of faults. This shows that the ciphertext-only fault analysis poses a great threat to the security of LBlock cipher.
- lightweight cipher /
- LBlock /
- ciphertext-only fault analysis /
- Internet of things (IoT) /
- cryptanalysis