摘要
基于唯密文假设,利用故障注入后中间状态值的分布特性,使用平方欧氏不平衡、汉明重量、极大似然和拟合优度等现有区分器,以及比例距离、比例距离-汉明重量和比例距离-极大似然等新型区分器对轻量级密码LEA的原始密钥的恢复进行了试验。结果表明,LEA密码不能抵御唯密文故障分析,新型区分器仅需396个故障即可破译LEA密码,成功率达99%及以上,此方法不仅有效减少了故障数,而且提高了攻击效率。研究结果可为物联网环境中具有相同结构的轻量级密码的安全设计与实现提供参考。
Based on the ciphertext-only assumption,the existing distinguishers such as squared Euclidean imbalance,Hamming weight,maximum likelihood and goodness of fit,and new distinguishers such as ratio distance,ratio distance-Hamming weight and ratio distance-maximum likelihood were used to recover the original key of the lightweight cipher LEA using the distribution properties of intermediate state values after fault injection.The results show that LEA cipher cannot resist ciphertext-only fault analysis,and the new distinguishers require at least 396 faults to decipher LEA cipher with a success rate of 99%and above,which not only effectively reduces the number of faults,but also improves the attack efficiency.The research results provide a reference for the secure design and implementation of lightweight cryptosystems with the same structure in the IoT(Internet of Things)environment.
作者
张金煜
张雨希
李玮
ZHANG Jinyu;ZHANG Yuxi;LI Wei(School of Computer Science and Technology,Donghua University,Shanghai 201620,China)
出处
《东华大学学报(自然科学版)》
CAS
北大核心
2023年第6期135-141,共7页
Journal of Donghua University(Natural Science)
基金
国家自然科学基金(61772129,61932014)。
关键词
故障分析
轻量级密码
LEA
唯密文攻击
物联网
fault analysis
lightweight cipher
LEA
ciphertext-only attack
Internet of Things(IoT)
