基于唯密文攻击(ciphertext-only attack,COA)假设,提出了能够破译万物网(Internet of Everything,IoE)中QARMA密码算法所有版本的统计故障分析(statistical fault analysis,SFA).针对调柄的不确定性,利用多种分析策略有助于将故障注入更深的轮数.为了提高分析效率,提出了两种新型区分器:克米试验—汉明重量区分器(Cramér-von Mises test-Hamming weight,CM-HW)和柯伊伯检验—极大似然估计(Kuiper's test-maximum likelihood estimation,KT-MLE)区分器.试验结果表明,攻击者仅需将374 个或者726 个随机故障分别注入到两个版本的QARMA密码的倒数第三轮,即可以 99%的可靠度恢复其128 比特或者256 比特子密钥.综上所述,在万物网的应用环境中,QARMA容易受到统计故障分析的影响.研究结果可为具有反射结构的轻量级可调分组密码和密码设备的保护提供参考.
Based on the ciphertext-only attack(COA)assumption,the statistical fault analysis(SFA)is proposed to break all versions of QARMA in the Internet of Everything(IoE),where suitable strategies are taken into consideration for the uncertainty of tweaks to cover more rounds of fault injections.It also presents the novel double distinguishers of Cramér-von Mises test-Hamming weight(CM-HW)and Kuiper's test-maximum likelihood estimation(KT-MLE)to improve the attacking efficiency.According to the experimental results,the attackers can inject 374 and 726 random faults into the deeper antepenultimate round to recover 128-bit and 256-bit secret keys of QARMA with a reliability of at least 99%,respectively.Hence,QARMA is vulnerable to the SFA in the IoE.The results offer a valuable reference for the lightweight tweakable cryptosystems with the reflection structure and the protection of the cryptographic devices.
李嘉耀;李玮;高建宁;秦梦洋;孙文倩
东华大学 计算机科学与技术学院,上海 201620
计算机与自动化
万物网(IoE);侧信道分析;轻量级可调分组密码;统计故障分析(SFA);QARMA
Internet of Everything(IoE);side-channel analysis;lightweight tweakable block cipher;statistical fault analysis(SFA);QARMA
《东华大学学报(英文版)》 2024 (002)
172-183 / 12
National Natural Science Foundation of China(Nos.61772129 and 61932014);National Cryptography Development Fund,China(No.MMJJ20180101)
10.19884/j.1672-5220.202305005
评论