Journal of Computer Applications ›› 2017, Vol. 37 ›› Issue (7): 1953-1959.

### Algebraic fault attack on lightweight block ciphers SIMON

1. Department of Information Engineering, Ordnance Engineering College, Shijiazhuang Hebei 050003, China
• Received:2017-02-08 Revised:2017-03-18 Online:2017-07-10 Published:2017-07-18
• Supported by:
This work is partially supported by the National Natural Science Foundation of China (61272491, 61309021, 61472357).

### 轻量级分组密码SIMON代数故障攻击

1. 军械工程学院 信息工程系, 石家庄 050003
• 通讯作者: 马云飞
• 作者简介:马云飞(1992-),男,吉林德惠人,硕士研究生,主要研究方向:轻量级分组密码旁路立方攻击、代数故障攻击;王韬(1964-),男,河北石家庄人,教授,博士生导师,主要研究方向:网络安全、密码学;陈浩(1987-),男,湖北武汉人,博士研究生,主要研究方向:流密码代数故障攻击;黄长阳(1994-),男,黑龙江望奎人,硕士研究生,主要研究方向:对称密码旁路攻击。
• 基金资助:
国家自然科学基金资助项目（61272491，61309021，61472357）。

Abstract: To solve the problems of small fault depth and complex manual deduction in previous fault attacks on SIMON, an Algebraic Fault Attack (AFA) method was proposed. Firstly, Correct equations of full-round SIMON encryption was established based on the algebraic representation of SIMON core operation ‘&’. Then faults were injected into the internal states and two models were provided for fault representation based on whether attackers knew the exact fault information or not. Finally, a CryptoMinisat-2.9.6 solver was used for round-keys recovery. The simulation results show that the fault-known and fault-unknown model need 5 and 6 faults to recover the entire key set with single-bit faults injected in the 26th round of SIMON32/64. As for SIMON128/128, two models both need only 2 faults to recover the entire key set with n-bit length faults injected in the 65th round. Moreover, it can be found that the influencing factor of average solving time will change from fault information to computation with fault number growing.

CLC Number: