论文部分内容阅读
本文研究Grain-v1的差分故障攻击.目前,很多文献在一个故障引起一个中间状态比特翻转的假设条件下,利用差分故障攻击对Grain系列算法进行了分析.然而,随着芯片尺寸的缩小以及复杂性的提升,一个故障精确地引起一个中间状态比特的翻转在技术上实现的难度越来越大.对于Grain-v1,目前并没有文献在一个故障引起多个中间状态比特翻转的假设条件下,给出一个有效的差分故障攻击.本文针对Grain-v1,在一个故障至多引发连续8比特翻转,翻转比特的位置可以是LFSR,或者NFSR,或者横跨LFSR和NFSR,并且具体翻转比特数量未知的条件下,给出了一个有效的差分故障攻击.特别地,文中利用在FSE 2013中提出的Grain-v1近似碰撞攻击的思想,给出了一个新的确定故障信息的方法,即故障实际引发的比特翻转位置和比特翻转数量.实验数据表明,已知160比特的差分序列,该方法能以大约97.5%的概率确定出故障信息.通过SAT求解器CryptoMiniSat2.9.6,在CPU频率为2.83GHz、4G系统内存的PC机上,利用大约8个故障,五十分钟左右可以恢复出Grain-v1的160比特中间状态.本文攻击思想也适用于Grain-128以及一个故障引发大于8比特翻转的情形.
In this paper, we study the Grain-v1 differential fault attack.At present, many papers use a differential fault attack to analyze the Grain series algorithm under the assumption that a fault causes a bit inversion in the intermediate state.However, as the chip size shrinks and the complexity In the case of grain-v1, there is no assumption that under the assumption that a fault causes a bit inversion of a plurality of intermediate states, it is not technically feasible for a fault to accurately cause the inversion of an intermediate state bit to be technically more and more difficult. An effective differential fault attack is proposed.In this paper, for grain-v1, up to 8 consecutive flipping occurs in a fault, the flipping bit position can be LFSR, or NFSR, or across LFSR and NFSR, and the number of specific flipping bits is unknown , An effective differential fault attack is given.In particular, a new method to determine fault information is given in this paper based on the Grain-v1 approximate collision attack proposed in FSE 2013. In this paper, Bit Flipping Position and Number of Bit Flipping The experimental data shows that a differential sequence of 160 bits is known which can operate at approximately 97.5% Rate of failure to determine the failure of the grain through the SAT solver CryptoMiniSat2.9.6, CPU frequency of 2.83GHz, 4G system memory on the PC, using about eight failures, about 60 minutes to restore Grain-v1 160-bit intermediate state. The attack idea in this article also applies to Grain-128 and a situation where a fault triggers a rollover of more than 8 bits.