Grain-128同步流密码的选择初始向量相关性能量攻击

doi:10.11772/j.issn.1001-9081.2014.05.1318

计算机应用 ›› 2014, Vol. 34 ›› Issue (5): 1318-1321.DOI: 10.11772/j.issn.1001-9081.2014.05.1318

Grain-128同步流密码的选择初始向量相关性能量攻击

杨昌盛,于敬超,严迎建

信息工程大学，郑州 450004

收稿日期:2013-11-20 修回日期:2014-01-02 出版日期:2014-05-01 发布日期:2014-05-30
通讯作者: 杨昌盛
作者简介:杨昌盛（1990-），男，湖北天门人，硕士研究生，CCF会员，主要研究方向：流密码旁道攻击及其防护；于敬超（1989-），男，安徽阜阳人，硕士研究生，主要研究方向：分组密码旁道攻击及其防护；严迎建（1973-），男，河南扶沟人，副教授，博士，主要研究方向：芯片安全防护。

Chosen initial vector correlation power attack on synchronous stream cipher Grain-128

YANG Changsheng¹,YU Jingchao¹,YAN Yingjian²

1. Information Engineering University, Zhengzhou Henan 450004, China
2. Institute of Electronic Technology, Information Engineering University, Zhengzhou Henan 450004, China

Received:2013-11-20 Revised:2014-01-02 Online:2014-05-01 Published:2014-05-30
Contact: YANG Changsheng

摘要/Abstract

摘要：

不同于分组密码，序列密码构造相对简单且大量使用线性运算，因此攻击点功耗与其他功耗成分之间往往存在较强的相关性，使得能量分析攻击难以实施。针对上述现状，提出了一种面向Grain-128同步流密码的选择初始向量（IV）相关性能量攻击方案。首先对Grain-128的输出函数h(x)进行了分析，并基于此确定了攻击点表达式；其次通过选取特定的初始向量，消除了攻击点功耗和其他功耗成分之间的相关性，从而解决了能量攻击所面临的关键问题；最后基于功耗分析工具PrimeTimePX对攻击方案进行了验证。结果表明，该方案仅需736个IV样本即可实施23轮攻击，恢复46比特密钥。

Abstract:

Unlike block cipher, stream ciphers are relatively simple and widely use linear operation, so there is often a strong correlation between the power of attack point and other power components, making it difficult to implement power analysis attacks. For the aforementioned situation, a chosen-Initial Vector (IV) correlation power analysis attack on synchronous stream cipher Grain-128 was proposed. First, the attack point and its power consumption model were gotten by analyzing the property of Grain-128's output function h(x). Then the correlation between the power of attack point and other power components was eliminated by choosing specific initial vectors, and the key problem facing the energy attacks was solved. Finally, a verification experiment was conducted based on power analysis tool PrimeTimePX. The results show that the scheme can implement 23 rounds attack and recover 46 bits key with only 736 initial vectors.

中图分类号:

TP309.7

杨昌盛于敬超严迎建. Grain-128同步流密码的选择初始向量相关性能量攻击[J]. 计算机应用, 2014, 34(5): 1318-1321.

YANG Changsheng YU Jingchao YAN Yingjian. Chosen initial vector correlation power attack on synchronous stream cipher Grain-128[J]. Journal of Computer Applications, 2014, 34(5): 1318-1321.

参考文献

［1］KOCHER P C, JAFFE J, JUN B. Differential power analysis ［C］// CRYPTO '99: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology. Berlin: Springer-Verlag, 1999: 388-397.
［2］KUMAR S, LEMKE K, PAAR C. Some thoughts about implementation properties of stream ciphers ［EB/OL］. ［2013-08-04］.http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.94.8994&rep=rep1&type=pdf.
［3］ZHAO Y, HU Y, JIA Y. New design of LFSR based stream ciphers to resist power attack ［J］. Journal of Xidian University: Natural Science, 2013,40(3):172-200.（赵永斌，胡予濮，贾艳艳.一种抵抗能量攻击的线性反馈移位寄存器［J］.西安电子科技大学学报：自然科学版，2013,40(3):172-200.）
［4］ZANG Y, HAN W. Differential power attack on linear feedback shift register ［J］. Journal of Electronics and Information Technology, 2009,31(1［5］KHAZAEI S, HASANZADEH M M, KIAEI M S. Linear sequential circuit approximation of grain and trivium stream ciphers ［EB/OL］. ［2013-08-12］. http://eprint.iacr.org/2006/141.pdf.
［6］FISCHER W, GAMMEL B M, KNIFFLER O, et al. Differential power analysis of stream ciphers ［C］// Proceedings of the 2007 Cryptographers' Track at the RSA Conference. Berlin: Springer-Verlag, 2007,4377: 257-270.
［7］YUSEOP L, KITAE J, JAECHUL S, et al. Related-key chosen IV attacks on Grain-v1 and Grain-128 ［C］// Proceedings of the 13th 2008 Australasian Conference. Berlin: Springer-Verlag, 2008,5107:321–335.
［8］DINUR I, SHAMIR A. Breaking Grain-128 with dynamic cube attacks ［C］// Proceedings of the 18th International Workshop on Fast Software Encryption. Berlin: Springer-Verlag, 2011:167–187.
［9］SONG H, FAN X, WU C, et al. Cube attack on Grain ［J］. Journal of Software, 2012,23(1):171-176.（宋海欣,范修斌,武传坤,等.流密码算法Grain的立方攻击［J］.软件学报,2012,23(1):171-176.）
［10］BERZATI A, CANOVAS C, CASTAGNOS G, et al. Fault analysis of Grain-128 ［C］// Proceedings of the 2009 IEEE International Workshop on Hardware-oriented Security and Trust. Piscataway: IEEE Press, 2009:7–14.
［11］KARMAKAR S, CHOWDHURY D R. Fault analysis of Grain-128 by targeting NFSR ［C］// AFRICACRYPT '11: Proceedings of the 4th International Conference on Progress in Cryptology in Africa. Berlin: Springer-Verlag, 2011:298-315.
［12］LANO J, MENTENS N, PRENEEL B, et al. Power analysis of synchronous stream ciphers with resynchronization mechanism ［EB/OL］. ［2013-08-17］. http://www.cosic.esat.kuleuven.be/publications/article-498.pdf.
［13］MANGARD S, OSWALD E, POPP T. Power analysis attacks ［C］// FENG D, ZHOU Y,LIU J, et al. translation.
Beijing: Science Press, 2010:97-101.(MANGARD S, OSWALD E, POPP T.能量分析攻击[M]. 冯登国,周永彬,刘继业,等译.北京:科学出版社,2010: 97-101.)
［14］LI L, LI R, TONG Y, et al. Development on power analysis attack and defense of embedded cipher chip ［J］. Journal of Computer Research and Development, 2010,47(4): 595-604.（李浪,李仁发,童元满,等.嵌入式加密芯片功耗分析攻击与防御研究进展［J］.计算机研究与发展,2010,47(4):595-604.）
［15］LIU H, ZHAO X, WANG T, et al. Research on Hamming weight-based algebraic side-channel attacks on SMS4 ［J］. Chinese Journal of Computers, 2013,36(6):1183-1193.（刘会英, 赵新杰, 王韬, 等. 基于汉明重的SMS4密码代数旁路攻击研究［J］. 计算机学报, 2013,36(6):1183-1193.）

[1]	孙晓玲李姗姗杨光杨秋格. 基于差分表的Blow-CAST-Fish的密钥恢复攻击[J]. 计算机应用, 0, (): 0-0.
[2]	樊缤李智高健. 基于多尺度知识学习的深度鲁棒水印算法[J]. 计算机应用, 0, (): 0-0.
[3]	沈子懿, 王卫亚, 蒋东华, 荣宪伟. 基于Hopfield混沌神经网络和压缩感知的可视化图像加密算法[J]. 计算机应用, 2021, 41(10): 2893-2899.
[4]	高健李智樊缤姜传贤. 基于光线投射采样和四元数正交矩的高效三维医学图像鲁棒零水印算法 [J]. 计算机应用, 0, (): 0-0.
[5]	徐丽云, 闫涛, 钱宇华. 基于级联混沌系统的分数域语音加密算法[J]. 计算机应用, 2021, 41(9): 2623-2630.
[6]	李莉杨鸿飞董秀则. 基于身份多条件代理重加密的文件分级访问控制方案[J]. 计算机应用, 0, (): 0-0.
[7]	陈家豪, 殷新春. 基于云雾计算的可追踪可撤销密文策略属性基加密方案[J]. 计算机应用, 2021, 41(6): 1611-1620.
[8]	吴恺凡, 殷新春. 基于随机运算符的轻量级匿名射频识别系统双向认证协议[J]. 计算机应用, 2021, 41(6): 1621-1630.
[9]	巫光福戴子恒. 应对反应攻击的级联中密度准循环奇偶校验码公钥方案[J]. 计算机应用, 0, (): 0-0.
[10]	杜志强, 郑东, 赵庆兰. 可验证的大规模矩阵满秩分解的安全外包[J]. 计算机应用, 2021, 41(5): 1367-1371.
[11]	解文博, 韦永壮, 刘争红. 基于CUDA的SKINNY加密算法并行实现与分析[J]. 计算机应用, 2021, 41(4): 1136-1141.
[12]	李珊珊, 赵莉, 张红丽. 基于猫映射的图像灰度值加密[J]. 计算机应用, 2021, 41(4): 1148-1152.
[13]	徐衍胜, 张游杰. 基于随机函数的非线性映射保序加密方案[J]. 计算机应用, 2020, 40(10): 2986-2991.
[14]	刘宗甫, 袁征, 赵晨曦, 朱亮. 对PICO算法基于可分性的积分攻击[J]. 计算机应用, 2020, 40(10): 2967-2972.
[15]	张栖, 聂旭云. 立方多变量公钥密码体制的最小秩分析[J]. 计算机应用, 2020, 40(7): 1965-1969.

Grain-128同步流密码的选择初始向量相关性能量攻击

Chosen initial vector correlation power attack on synchronous stream cipher Grain-128

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics