Journal of Computer Applications ›› 2017, Vol. 37 ›› Issue (7): 1953-1959.DOI: 10.11772/j.issn.1001-9081.2017.07.1953

Previous Articles     Next Articles

Algebraic fault attack on lightweight block ciphers SIMON

MA Yunfei, WANG Tao, CHEN Hao, HUANG Changyang   

  1. Department of Information Engineering, Ordnance Engineering College, Shijiazhuang Hebei 050003, China
  • Received:2017-02-08 Revised:2017-03-18 Online:2017-07-10 Published:2017-07-18
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61272491, 61309021, 61472357).


马云飞, 王韬, 陈浩, 黄长阳   

  1. 军械工程学院 信息工程系, 石家庄 050003
  • 通讯作者: 马云飞
  • 作者简介:马云飞(1992-),男,吉林德惠人,硕士研究生,主要研究方向:轻量级分组密码旁路立方攻击、代数故障攻击;王韬(1964-),男,河北石家庄人,教授,博士生导师,主要研究方向:网络安全、密码学;陈浩(1987-),男,湖北武汉人,博士研究生,主要研究方向:流密码代数故障攻击;黄长阳(1994-),男,黑龙江望奎人,硕士研究生,主要研究方向:对称密码旁路攻击。
  • 基金资助:

Abstract: To solve the problems of small fault depth and complex manual deduction in previous fault attacks on SIMON, an Algebraic Fault Attack (AFA) method was proposed. Firstly, Correct equations of full-round SIMON encryption was established based on the algebraic representation of SIMON core operation ‘&’. Then faults were injected into the internal states and two models were provided for fault representation based on whether attackers knew the exact fault information or not. Finally, a CryptoMinisat-2.9.6 solver was used for round-keys recovery. The simulation results show that the fault-known and fault-unknown model need 5 and 6 faults to recover the entire key set with single-bit faults injected in the 26th round of SIMON32/64. As for SIMON128/128, two models both need only 2 faults to recover the entire key set with n-bit length faults injected in the 65th round. Moreover, it can be found that the influencing factor of average solving time will change from fault information to computation with fault number growing.

Key words: SIMON, fault attack, algebraic attack, Algebraic Fault Attack (AFA), lightweight block cipher

摘要: 针对SIMON现有故障攻击中存在的故障深度小、手工推导复杂等问题,给出一种代数故障攻击(AFA)方法。首先给出SIMON核心运算‘&’代数表示方法并构建全轮正确加密代数方程组;其次注入故障并将故障信息表示为代数方程,提供故障已知和故障未知两种模型,给出两种模型故障表示方法;最后利用CryptoMinisat-2.9.6解析器求解方程组恢复密钥。实验结果表明:利用单比特故障对SIMON32/64进行攻击,故障位置选取第26轮,故障已知和未知模型仅需5个和6个故障即可恢复全轮密钥;利用n比特宽度故障对SIMON128/128进行攻击,故障位置选取第65轮,两种模型均只需2个故障即可恢复全轮密钥。此外,对比故障已知和未知模型发现,随故障数递增密钥求解时间的决定因素将由故障信息量变为方程组计算量。

关键词: SIMON, 故障攻击, 代数攻击, 代数故障攻击, 轻量级分组密码

CLC Number: