An improved differential fault analysis on Camellia

被引：0

作者：

Zhao X.-J. ^{[1
]}

Wang T. ^{[1
]}

Guo S.-Z. ^{[2
]}

机构：

[1] Department of Computer Engineering, Ordnance Engineering College

[2] The Institute of North Electronic Equipment

来源：

Jisuanji Xuebao/Chinese Journal of Computers | 2011年 / 34卷 / 04期

基金：

欧盟地平线“2020”;

关键词：

Block cipher; Camellia; Differential fault analysis; Feistel structure; S-box lookup; SPN structure;

D O I：

10.3724/SP.J.1016.2011.00613

中图分类号：

学科分类号：

摘要：

The S-box lookup is an important operation in block cipher design, and is also an effective part to prevent traditional linear and differential attacks, however, when the physical implementation of the algorithm is considered, it becomes the weakest part of cryptosystems. This paper studies fault attacks on block ciphers with S-box, and presents an improved differential fault analysis method on Camellia. Firstly, it summarizes the differential fault analysis on block cipher with S-box into computing the S-box input and output differential problem, and presents a basic differential fault analysis model and then evolves it into two models for SPN and Feistel structure block ciphers. Secondly, it proposes an improved differential fault analysis method on Camellia, makes the attack complexity analysis, and then verifies it through software simulation. Experiments demonstrate: due to its reversible permutation function and Feistel structure, Camellia is vulnerable to deep differential fault analysis, 16 and 24 faulty ciphertexts are enough to retrieve Camellia-128 and Camellia-192/256 key effectively. Finally, the contradictions between traditional cryptography and implementation attacks are analyzed, the state of the art and future directions of the fault attacks on Block ciphers are discussed.

引用

页码：613 / 627

页数：14

共 39 条

[1] Kocher Paul C., Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, Proceedings of the CRYPTO 96, 1109, pp. 104-113, (1996)
[2] Boneh D., DeMillo R.A., Lipton R.J., On the importance of checking cryptographic protocols for faults, Proceedings of the EUROCRYPT, 1233, pp. 37-51, (1997)
[3] Kocher P., Jaffe J., Jun B., Differential power analysis, Proceedings of the CRYPTO'99, 1666, pp. 388-397, (1999)
[4] Quisquater J.J., Samyde D., Electromagnetic analysis (EMA): Measures and countermeasures for smart cards, Proceedings of the Smart Cards Programming and Security (E-Smart 2001), 2140, pp. 200-210, (2001)
[5] Shamir A., Tromer E., Acoustic cryptanalysis: On nosy people and noisy machines, Proceedings of the Rump Session of EuroCrypt, (2004)
[6] Biham E., Shamir A., Differential fault analysis of secret key cryptosystem, Proceedings of the CRYPTO, 1294, pp. 513-525, (1997)
[7] Biehl I., Meyer B., Muller V., Differential fault analysis on elliptic curve cryptosystems, Proceedings of the CRYPTO, 1880, pp. 131-146, (2000)
[8] Hemme L., A differential fault attack against early rounds of (Triple-) DES, Proceedings of the CHES, 3156, pp. 254-267, (2004)
[9] Blomer J., Seifert J.P., Fault based cryptanalysis of the Advanced Encryption Standard (AES, Proceedings of the FC, 2742, pp. 162-181, (2003)
[10] Dusart P., Letourneux G., Vivolo O., Differential fault analysis on AES, Proceedings of the ACNS, 2846, pp. 293-306, (2003)

← 1 2 3 4 →