ARIA密码的积分故障分析
|
摘要
ARIA算法作为韩国国家标准分组密码,为信息系统中的软硬件应用实现提供安全保障。在ARIA算法的故障攻击研究中,故障导入的范围仅为最后两轮运算。结合应用环境及组件的计算能力,如何扩大故障分析的攻击范围已成为目前研究的难点,为此,提出了针对ARIA算法的新型积分故障分析方法、所提方法可以将故障导入扩展到算法的倒数第三轮和第四轮,从而成功地恢复出原始密钥并破译算法。实验结果表明,ARIA算法的内部轮运算容易受到积分故障攻击的威胁,同时也为其他分组密码标准的安全性分析提供了重要参考。
ARIA is a Korean standard block cipher, which is ?exible to provide security for software and hardware im-plementation. Since its introduction, some research of fault analysis is devoted to attacking the last two rounds of ARIA.It is an open problem to know whether provoking faults at some former rounds of ARIA allowed recovering the secret key.An answer was given to solve this problem by showing a novel integral differential fault analysis on two rounds earlier ofARIA. The mathematical analysis and simulating experiments show that the attack can successfully recover its secret keyby fault injections. The results in this study describe that the integral fault analysis is a strong threaten to the security ofARIA. The results are bene?cial to the analysis of the same type of other block ciphers.
ARIA is a Korean standard block cipher, which is ?exible to provide security for software and hardware im-plementation. Since its introduction, some research of fault analysis is devoted to attacking the last two rounds of ARIA.It is an open problem to know whether provoking faults at some former rounds of ARIA allowed recovering the secret key.An answer was given to solve this problem by showing a novel integral differential fault analysis on two rounds earlier ofARIA. The mathematical analysis and simulating experiments show that the attack can successfully recover its secret keyby fault injections. The results in this study describe that the integral fault analysis is a strong threaten to the security ofARIA. The results are bene?cial to the analysis of the same type of other block ciphers.
引文
[1]ALIOTO M,SHAHGHASEMI M.The Internet of things on its edge:trends toward its tipping point[J].IEEE Consumer Electronics Magazines,2018,7(1):77-87.
[2]BAKER T,UGLJANIN E,FACI N,et al.Everything as a resource:foundations and illustration through Internet-of-things[J].Computers in Industry,2018,94(1):62-74.
[3]KWON D,KIM J,PARK S,et al.New block cipher:ARIA[C]//International Conference of Information Security and Cryptology.2003:432-445.
[4]BIRYUKOV A,CANNIERE D C,LANO J,et al.Security and performance analysis of ARIA[J].Internal Report,KU Leuven ESAT/SCD-COSIC,2004:1-55.
[5]LI P,SUN B,LI C.Integral cryptanalysis of ARIA[C]//International Conference of Information Security and Cryptology.2009:1-14.
[6]LIU Z,GU D,LIU Y,et al.Linear cryptanalysis of ARIA block cipher[C]//International Conference of Information and Communications Security,2011:242-254.
[7]LI Y,WU W,ZHANG L.Integral attacks on reduced-round ARIAblock cipher[C]//International Conference of Information Security,Practice and Experience.2010:19-29.
[8]WU W,ZHANG W,FENG D.Impossible differential cryptanalysis of reduced-round ARIA and Camellia[J].Journal of Computer Science and Technology,2007,22(3):449-456.
[9]HESS E,JANSSEN N,MEYER B,et al.Information leakage attacks against smart card implementations of cryptographic algorithms and countermeasures-a survey[C]//International Conference on Research in Smart Cards.2000:55-64.
[10]JOYE M,QUISQUATER J J,YEN S M,et al.Observability analysis-detecting when improved cryptosystems fail[C]//The Cryptographer's Track at the RSA Conference on Topics in Cryptology.2002:17-29.
[11]KELSEY J,SCHNEIER B,WAGNER D,et al.Side channel cryptanalysis of product ciphers[C]//European Symposium on Research in Computer Security.1998:97-110.
[12]LIN I C,CHANG C C.Security enhancement for digital signature schemes with fault tolerance in RSA[J].Information Sciences,2007,177(19):4031-4039.
[13]BIHAM E,SHAMIR A.Differential fault analysis of secret key cryptosystems[C]//Annual International Cryptology Conference.1997:513-525.
[14]BONEH D,DEMILLO R A,LIPTON R J.On the importance of checking cryptographic protocols for faults[C]//International Conference on Theory and Application of Cryptographic Techniques.1997:37-51.
[15]BONEH D,DEMILLO R A,LIPTON R J.On the importance of eliminating errors in cryptographic computations[J].Journal of Cryptology,2001,14(2):101-119.
[16]BIEHL I,MEYER B,MULLER V.Differential fault attacks on elliptic curve cryptosystems[C]//International Cryptology Conference on Advances in Cryptology.2000:131-146.
[17]FISCHER W,REUTER C A.Differential fault analysis on Gr?stl[C]//Workshop on Fault Diagnosis and Tolerance in Cryptography.2012:44-54.
[18]HEMME L,HOFFMANN L.Differential fault analysis on the SHA1compression function[C]//Workshop on Fault Diagnosis and Tolerance in Cryptography.2011:54-62.
[19]HOCH J J,SHAMIR A.Fault analysis of stream ciphers[C]//International Workshop on Cryptographic Hardware and Embedded Systems.2004:240-253.
[20]LI W,GU D,LI J.Differential fault analysis on the ARIA algorithm[J].Information Sciences,2008,178(19):3727-3737.
[21]PARK J H,HA J C.Improved differential fault analysis on block cipher ARIA[C]//International Workshop on Information Security Applications.2012:82-95.
[22]KIM H C.Differential fault analysis of ARIA in multi-byte fault models[J].Journal of Systems and Software,2012,85(9):2096-2103.
[23]PHAN R C W,YEN M.Amplifying side-channel attacks with techniques from block cipher cryptanalysis[J].International Conference on Smart Card Research and Advanced Applications,2006:135-150.
[24]DAEMEN J,KNUDSEN L R,RIJMEN V.The block cipher square[C]//International Workshop on Fast Software Encryption.1997:149-165.
[25]LIDL R,NIEDERREITER H.Finite fields[M].Cambridge:Cambridge University Press,1997.
[2]BAKER T,UGLJANIN E,FACI N,et al.Everything as a resource:foundations and illustration through Internet-of-things[J].Computers in Industry,2018,94(1):62-74.
[3]KWON D,KIM J,PARK S,et al.New block cipher:ARIA[C]//International Conference of Information Security and Cryptology.2003:432-445.
[4]BIRYUKOV A,CANNIERE D C,LANO J,et al.Security and performance analysis of ARIA[J].Internal Report,KU Leuven ESAT/SCD-COSIC,2004:1-55.
[5]LI P,SUN B,LI C.Integral cryptanalysis of ARIA[C]//International Conference of Information Security and Cryptology.2009:1-14.
[6]LIU Z,GU D,LIU Y,et al.Linear cryptanalysis of ARIA block cipher[C]//International Conference of Information and Communications Security,2011:242-254.
[7]LI Y,WU W,ZHANG L.Integral attacks on reduced-round ARIAblock cipher[C]//International Conference of Information Security,Practice and Experience.2010:19-29.
[8]WU W,ZHANG W,FENG D.Impossible differential cryptanalysis of reduced-round ARIA and Camellia[J].Journal of Computer Science and Technology,2007,22(3):449-456.
[9]HESS E,JANSSEN N,MEYER B,et al.Information leakage attacks against smart card implementations of cryptographic algorithms and countermeasures-a survey[C]//International Conference on Research in Smart Cards.2000:55-64.
[10]JOYE M,QUISQUATER J J,YEN S M,et al.Observability analysis-detecting when improved cryptosystems fail[C]//The Cryptographer's Track at the RSA Conference on Topics in Cryptology.2002:17-29.
[11]KELSEY J,SCHNEIER B,WAGNER D,et al.Side channel cryptanalysis of product ciphers[C]//European Symposium on Research in Computer Security.1998:97-110.
[12]LIN I C,CHANG C C.Security enhancement for digital signature schemes with fault tolerance in RSA[J].Information Sciences,2007,177(19):4031-4039.
[13]BIHAM E,SHAMIR A.Differential fault analysis of secret key cryptosystems[C]//Annual International Cryptology Conference.1997:513-525.
[14]BONEH D,DEMILLO R A,LIPTON R J.On the importance of checking cryptographic protocols for faults[C]//International Conference on Theory and Application of Cryptographic Techniques.1997:37-51.
[15]BONEH D,DEMILLO R A,LIPTON R J.On the importance of eliminating errors in cryptographic computations[J].Journal of Cryptology,2001,14(2):101-119.
[16]BIEHL I,MEYER B,MULLER V.Differential fault attacks on elliptic curve cryptosystems[C]//International Cryptology Conference on Advances in Cryptology.2000:131-146.
[17]FISCHER W,REUTER C A.Differential fault analysis on Gr?stl[C]//Workshop on Fault Diagnosis and Tolerance in Cryptography.2012:44-54.
[18]HEMME L,HOFFMANN L.Differential fault analysis on the SHA1compression function[C]//Workshop on Fault Diagnosis and Tolerance in Cryptography.2011:54-62.
[19]HOCH J J,SHAMIR A.Fault analysis of stream ciphers[C]//International Workshop on Cryptographic Hardware and Embedded Systems.2004:240-253.
[20]LI W,GU D,LI J.Differential fault analysis on the ARIA algorithm[J].Information Sciences,2008,178(19):3727-3737.
[21]PARK J H,HA J C.Improved differential fault analysis on block cipher ARIA[C]//International Workshop on Information Security Applications.2012:82-95.
[22]KIM H C.Differential fault analysis of ARIA in multi-byte fault models[J].Journal of Systems and Software,2012,85(9):2096-2103.
[23]PHAN R C W,YEN M.Amplifying side-channel attacks with techniques from block cipher cryptanalysis[J].International Conference on Smart Card Research and Advanced Applications,2006:135-150.
[24]DAEMEN J,KNUDSEN L R,RIJMEN V.The block cipher square[C]//International Workshop on Fast Software Encryption.1997:149-165.
[25]LIDL R,NIEDERREITER H.Finite fields[M].Cambridge:Cambridge University Press,1997.