CN105227295A - A kind of Differential fault injection attacks for SMS4 cryptographic algorithm - Google Patents

A kind of Differential fault injection attacks for SMS4 cryptographic algorithm Download PDF

Info

Publication number
CN105227295A
CN105227295A CN201510652968.7A CN201510652968A CN105227295A CN 105227295 A CN105227295 A CN 105227295A CN 201510652968 A CN201510652968 A CN 201510652968A CN 105227295 A CN105227295 A CN 105227295A
Authority
CN
China
Prior art keywords
ciphertext
key
sub
correct
sms4
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510652968.7A
Other languages
Chinese (zh)
Inventor
吴震
王敏
饶金涛
杜之波
荣雪芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Xinan Youlika Information Technology Co Ltd
Original Assignee
Chengdu Xinan Youlika Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Xinan Youlika Information Technology Co Ltd filed Critical Chengdu Xinan Youlika Information Technology Co Ltd
Priority to CN201510652968.7A priority Critical patent/CN105227295A/en
Publication of CN105227295A publication Critical patent/CN105227295A/en
Pending legal-status Critical Current

Links

Abstract

The invention discloses a kind of Differential fault injection attacks for SMS4 cryptographic algorithm.This attack is by direct fault location in the rear four-wheel computing of SMS4 cipher algorithm encryption process, and after making ciphering process, four-wheel produces any mistake, and utilizes consequent wrong ciphertext to attack.Choose in wrong ciphertext, utilize correct ciphertext to compare, identical, that ciphertext is different and data message the is complete wrong ciphertext of plaintext is chosen out, in follow-up difference analysis.For when often taking turns attack, the wrong ciphertext adopted is identical, without the need to carrying out encrypt data classification according to needing of often taking turns.This method solve the special byte of present stage directional induction to produce the infeasible problem of specific fault and need to re-start the problem of direct fault location for often taking turns attack.

Description

A kind of Differential fault injection attacks for SMS4 cryptographic algorithm
Technical field
The present invention relates to cryptographic algorithm analyzing and testing field, particularly relate to a kind of Differential fault injection attacks for SMS4 cryptographic algorithm.
Background technology
Generally, the hardware device or the software program that run cryptographic algorithm all can correctly perform various cryptographic algorithm, but in cases of a disturbance, may be there is register mistake or computing in crypto-operation module, utilize these misdeeds or information to be called code error analysis to the method recovering key.Encryption device mostly realizes based on electronic technology, and interface is also relatively simple, and be comparatively vulnerable to external interference, this makes direct fault location analysis become one of the most effective bypass analysis method.
Direct fault location is exactly the condition of work at some suitable time change crypto chip, and the intermediateness that crypto chip is run changes, and then the bypass producing mistake output or exception is revealed.May be there is register mistake or computing in crypto-operation module, utilize these misdeeds or information to be called code error analysis to the method recovering key.Encryption device mostly realizes based on electronic technology, and interface is also relatively simple, and be comparatively vulnerable to external interference, this makes error analysis become one of the most effective bypass analysis method.Invade the degree of encryption device interface and running environment according to assailant, direct fault location can be divided into non-intrusion type direct fault location, half intrusive mood direct fault location and intrusive mood direct fault location three kinds.Non-intrusion type direct fault location, by the mode of external interference, as clock, voltage or magnetic field etc., allows crypto chip perform and makes mistakes, have higher feasibility compared to other two kinds of modes.And non-intrusion type direct fault location is a kind of attack pattern of cheap and simple, uses such attack only to need to use external interface modification condition, normally implemented by voltage, clock signal upset etc.This attack pattern disguise is higher, is difficult to be found.
Differential fault attack (DFA) is a kind of attack method produced after fault injection attacks method and traditional differential cryptanalysis method combine, mainly utilize the mistake of same plaintext respectively after correct output under normal circumstances and direct fault location export between relation carry out key and crack.It is specifically expressed as follows: (1) determines a plaintext, and under correct key effect, obtain corresponding correct ciphertext; (2) for same plaintext, fault induction is carried out to ciphering process, and obtain corresponding wrong ciphertext; (3) correct ciphertext and wrong ciphertext are analyzed, assailant can obtain the candidate value set of each key, to the common factor that can obtain these cipher key sets after multiple ciphertext analysis, correct key is affirmed in common factor, by analyzing one by one multiple key and then realizing key recovery.
SMS4 cryptographic algorithm is the grouping symmetric cryptographic algorithm of China's designed, designed, and its fundamental property has: (1) block length and key length are all 128bit; (2) algorithms for encryption and decryption structure is the same, and just the order of respective loops use is contrary; (3) what cryptographic algorithm and key schedule all adopted is 32 takes turns nonlinear iteration structure, and its repeatability makes SMS4 algorithm can be used on a special chip ideally; (4) SMS4 algorithm uses the arithmetic sum logical operation of standard, and its effect number mostly is 32bit most, is therefore easy to realize by hardware technology.Below for the first run flow process of encryption and key schedule algorithm, introduce SMS4 algorithm.
The first run flow process of SMS4 cryptographic algorithm as shown in Figure 1.Suppose that input is expressly (X 0, X 1, X 2, X 3) ∈ (Z 2 32) 4, output ciphertext is (Y 0, Y 1, Y 2, Y 3) ∈ (Z 2 32) 4, round key is (rk 0, rk 1..., rk 31) ∈ (Z 2 32) 4, S box be input as S in, export as S out, the output of linear transformation L is L out, then basic process is as follows the SMS4 cryptographic algorithm first round:
1)S in=X 1⊕X 2⊕X 3⊕rk 0=(a 0,a 1,a 2,a 3)∈(Z 2 32) 4
2)S out=τ(S in)
=(Sbox(a 0),Sbox(a 1,Sbox(a 2),Sbox(a 3))
=(b 0,b 1,b 2,b 3)∈(Z 2 32) 4
3)L out=L(S out)
=S out⊕(S out<<<2)⊕(S out<<<10)⊕(S out<<<18)⊕(S out<<<24);
4)X 4=X 0⊕L out
Therefore the output of the first round is (X 1, X 2, X 3, X 4), all the other 32 steps of taking turns are identical with the first round, and just in the end one take turns and namely the 32nd take turns and also need to carry out an antitone mapping, as shown in Figure 2, finally exporting ciphertext is:
(Y 1,Y 2,Y 3,Y 4)=R(X 32,X 33,X 34,X 35)=(X 35,X 34,X 33,X 32);
In SMS4 algorithm, the sub-key of cryptographic algorithm is generated by key schedule by primary key, and its flow process as shown in Figure 3.If primary key MK=is (MK 0, MK 1, MK 2, MK 3), i=0,1,2,3.Make K i∈ Z 2 32, i=0,1,2 ..., 35, sub-key rk i∈ Z 2 32, i=0,1,2 ..., 31, then sub-key generation method is as follows:
1)(K 0,K 1,K 2,K 3)=(MK 0⊕FK 0,MK 1⊕FK 1,MK 2⊕FK 2,MK 3⊕FK 3)
2)rk i=K i+4=K i⊕Tˊ(K i+3⊕K i+2⊕K i+1⊕CK i)
Wherein, T ˊ conversion converts substantially identical with the T in enciphering transformation, but linear transformation must change to L ˊ, i.e. L ˊ (B)=B ⊕ (B<<<13) ⊕ (B<<<23).
The value of system parameters FK, adopts 16 systems to be expressed as:
FK 0=A3B1BAC6,FK 1=56AA3350,FK 2=677D9197,FK 3=B27022DC。
The obtaining value method of preset parameter CK is: establish ck i,jfor CK ijth byte (i=0,1,2 ..., 31; J=0,1,2,3), i.e. CK i=(ck i, 0, ck i, 1, ck i, 2, ck i, 3) ∈ (Z 2 32), then ck i,j=(4i+j) × 7 (mod256).32 preset parameter CK ibe expressed as with 16 systems:
00070e15,1c232a31,383f464d,545b6269,70777e85,8c939aa1,a8afb6bd,c4cbd2d9,
e0e7eef5,fc030a11,181f262d,343b4249,50575e65,6c737a81,888f969d,a4abb2b9,
c0c7ced5,dce3eaf1,f8ff060d,141b2229,30373e45,4c535a61,686f767d,848b9299,
a0a7aeb5,bcc3cad1,d8dfe6ed,f4fb0209,10171e25,2c333a41,484f565d,646b727。
According to key schedule algorithm, the method for anti-release primary key is as follows:
1) known rear four respective loops rk 31, rk 30, rk 29, rk 28, then have:
rk 31=rk 35rk 30=rk 34rk 29=rk 33rk 28=rk 32
2) by rk 31=K 31⊕ T ˊ (K 34⊕ K 33⊕ K 32⊕ CK 31) can obtain: K 31=rk 31⊕ T ˊ (rk 30⊕ rk 29⊕ rk 28⊕ CK 31)
3) by rk i=K i+4can obtain: rk 27=K 31, this just obtains the reciprocal 5th and takes turns i.e. the 28th sub-key of taking turns.The like, each sub-key of taking turns and primary key can be recovered.
In the research of the differential fault attack for SMS4 cryptographic algorithm, Zhang Lei and Wu Wenling has carried out this kind of research at first in 2006, but the prerequisite of its success attack be to often wheel attack before, need the mistake producing byte in fixing position, and all produce premised on byte fault by a certain position in follow-up numerous document published, and suppose in this to be difficult to realize in actual attack.
Summary of the invention
The object of this invention is to provide a kind of differential fault attack method for SMS4 cryptographic algorithm, to solve two practical problems: (1) cannot induce some special byte of certain intermediateness to produce the problem of specific fault, namely the theoretical research of present stage all adopts the random fault model of byte-oriented, and success attack has a precondition supposed, require that some specified byte of certain median of induction convert exactly, and this hypothesis is difficult to control in the fault induction of reality.(2) when attacking round key, must carry out special direct fault location for the requirement often taken turns, often attack one and take turns and again will carry out direct fault location as requested, process is loaded down with trivial details.The present invention has creatively carried out Arbitrary Fault injection to four-wheel after SMS4 cryptographic algorithm, do not need to carry out failure and special induction, and the fault data to adopt for the attack often taken turns is all identical, also without the need to refilling fault, this make actual carry out fault injection attacks time, direct fault location implements very easy.
For solving the problem, the invention provides a kind of Differential fault injection attacks for SMS4 cryptographic algorithm, specifically comprising the following steps:
S1: determine one group of expressly X, and obtain this group expressly X correct ciphertext Y in normal state, and the wrong ciphertext Y ˊ under direct fault location state.
S11: determine one group of expressly X, and obtain this group expressly correct ciphertext Y of X under correct key K effect.
S12: input phase isolog X, and Arbitrary Fault injection is carried out to the rear four-wheel of SMS4 cipher algorithm encryption process, obtain the expressly wrong ciphertext Y ˊ of X under direct fault location state, as shown in Figure 4.
S13: utilize expressly X and correct ciphertext Y, compare with the wrong ciphertext Y ˊ under malfunction, chooses out, for follow-up difference analysis by complete for data return value (comprising plaintext and ciphertext), expressly identical, that ciphertext is different wrong ciphertext.
S2: difference analysis is carried out to the correct ciphertext Y got and wrong ciphertext Y ˊ, attacks out the sub-key rk that SMS4 cryptographic algorithm the 32nd is taken turns 32.Then the sub-key rk that identical correct ciphertext Y, mistake ciphertext Y ˊ and the 32nd take turns is utilized 32attack out the 31st sub-key rk taken turns 31.In like manner, attack out the 30th successively and take turns the sub-key rk taken turns with 29 30and rk 29.
S21: according to antitone mapping, calculates reverse for ciphertext the input value entering antitone mapping R, i.e. the 32nd output valve of taking turns, and wherein correct output valve is designated as XX4, XX3, XX2, XX1, and erroneous output value is Xx4, Xx3, Xx2, Xx1;
S22: calculate the difference value of S box input and the difference value of S box output, be designated as Sin_differ and Sout_differ respectively, then have:
Sin_differ=XX3⊕Xx3⊕XX2⊕Xx2⊕XX1⊕Xx1;
Sout_differ=invT1(XX4⊕Xx4);
Wherein invT1 is the inverse transformation of L conversion.
Remember that the corresponding Sout_differ of four S boxes is S a[i], i value is 0,1,2,3, represents four S boxes from left to right, then has:
S a[i]=Sout_differ>>(8*i)&0xFF;
S23: calculate S box and export, the output that wherein correct data enters S box is designated as S b, the output that misdata enters S box is designated as S c, then have for four S boxes:
S b[i]=S(XX3⊕XX2⊕XX1⊕M)>>(8*i)&0xFF;
S c[i]=S(XX3⊕XX2⊕XX1⊕M⊕Sin_differ)>>(8*i)&0xFF;
Wherein, M is 256 kinds of candidate's sub-keys.
S24: 256 kinds of candidate's sub-key M are taken turns in the formula of S23, and judges S a[i] and S b[i] ⊕ S cwhether [i] be identical, if identical, is then possible correct sub-key.
S25: the 32nd sub-key rk taken turns can be obtained by S24 32, utilize rk 32computing is decrypted to correct ciphertext and wrong ciphertext, obtains the 31st correct wheel output valve of taking turns and mistake wheel output valve, and then carry out the computing of S22 to S24, finally attack out the 31st sub-key rk taken turns 31.Repeat this process, so obtain the 30th taking turns, the 29th sub-key rk taken turns 30and rk 29.
S3: utilize the rk obtained 32, rk 31, rk 30, rk 29in conjunction with the inverse operation of SMS4 key schedule algorithm, each sub-key of taking turns and primary key can be recovered.
Accompanying drawing explanation
Fig. 1 is SMS4 cryptographic algorithm first run flow chart.
Fig. 2 is SMS4 cryptographic algorithm antitone mapping R.
Fig. 3 is SMS4 cipher key spreading flow chart.
Fig. 4 is direct fault location schematic diagram.
Fig. 5 is the Differential fault injection attacks basic flow sheet for SMS4 cryptographic algorithm.
Embodiment
Below the specific embodiment of the present invention is described; so that those skilled in the art understand the present invention; but should be clear; the invention is not restricted to the scope of embodiment; to those skilled in the art; as long as various change to limit and in the spirit and scope of the present invention determined, these conversion are apparent, and all innovation and creation utilizing the present invention to conceive are all at the row of protection in appended claim.
For the fault injection attacks method of SMS4 cryptographic algorithm, specifically comprise the following steps:
S1: determine one group of expressly X, and obtain this group expressly X correct ciphertext Y in normal state, and the wrong ciphertext Y ˊ under direct fault location state.
S11: determine one group of expressly X, and obtain this group expressly correct ciphertext Y of X under correct key K effect.
S12: input phase isolog X, and Arbitrary Fault injection is carried out to the rear four-wheel of SMS4 cipher algorithm encryption process, obtain the expressly wrong ciphertext Y ˊ of X under direct fault location state.
S13: utilize expressly X and correct ciphertext Y, compare with the wrong ciphertext Y ˊ under malfunction, chooses out, for follow-up difference analysis by complete for data return value (comprising plaintext and ciphertext), expressly identical, that ciphertext is different wrong ciphertext.
S2: difference analysis is carried out to the correct ciphertext Y got and wrong ciphertext Y ˊ, attacks out the sub-key rk that SMS4 cryptographic algorithm the 32nd is taken turns 32.Then the sub-key rk that identical correct ciphertext Y, mistake ciphertext Y ˊ and the 32nd take turns is utilized 32attack out the 31st sub-key rk taken turns 31.In like manner, attack out the 30th successively and take turns the sub-key rk taken turns with 29 30and rk 29.
S21: according to antitone mapping, calculates reverse for ciphertext the input value entering antitone mapping R, i.e. the 32nd output valve of taking turns, and wherein correct output valve is designated as XX4, XX3, XX2, XX1, and erroneous output value is Xx4, Xx3, Xx2, Xx1;
S22: calculate the difference value of S box input and the difference value of S box output, be designated as Sin_differ and Sout_differ respectively, then have:
Sin_differ=XX3⊕Xx3⊕XX2⊕Xx2⊕XX1⊕Xx1;
Sout_differ=invT1(XX4⊕Xx4);
Wherein invT1 is the inverse transformation of L conversion.
Remember that the corresponding Sout_differ of four S boxes is S a[i], i value is 0,1,2,3, represents four S boxes from left to right, then has:
S a[i]=Sout_differ>>(8*i)&0xFF;
S23: calculate S box and export, the output that wherein correct data enters S box is designated as S b, the output that misdata enters S box is designated as S c, then have for four S boxes:
S b[i]=S(XX3⊕XX2⊕XX1⊕M)>>(8*i)&0xFF;
S c[i]=S(XX3⊕XX2⊕XX1⊕M⊕Sin_differ)>>(8*i)&0xFF;
Wherein, M is 256 kinds of candidate's sub-keys.
S24: 256 kinds of candidate's sub-key M are taken turns in the formula of S23, and judges S a[i] and S b[i] ⊕ S cwhether [i] be identical, if identical, is then possible correct sub-key.
S25: the 32nd sub-key rk taken turns can be obtained by S24 32, utilize rk 32computing is decrypted to correct ciphertext and wrong ciphertext, obtains the 31st correct wheel output valve of taking turns and mistake wheel output valve, and then carry out the computing of S22 to S24, finally attack out the 31st sub-key rk taken turns 31.Repeat this process, so obtain the 30th taking turns, the 29th sub-key rk taken turns 30and rk 29.
S3: utilize the rk obtained 32, rk 31, rk 30, rk 29in conjunction with the inverse operation of SMS4 key schedule algorithm, each sub-key of taking turns and primary key can be recovered.

Claims (3)

1., for the Differential fault injection attacks of SMS4 cryptographic algorithm, using the rear four-wheel of SMS4 algorithm for encryption process as target, it is characterized in that said method comprising the steps of:
S1: determine one group of expressly X, and obtain the wrong ciphertext Y ˊ of this group expressly under X correct ciphertext Y in normal state and direct fault location state;
S2: difference analysis is carried out to the correct ciphertext Y got and wrong ciphertext Y ˊ, attacks out the sub-key rk that SMS4 cryptographic algorithm the 32nd is taken turns 32, then utilize the sub-key rk that identical correct ciphertext Y, mistake ciphertext Y ˊ and the 32nd take turns 32attack out the 31st sub-key rk taken turns 31, in like manner, attack out the 30th successively and take turns the sub-key rk taken turns with 29 30and rk 29;
S3: utilize the rk obtained 32, rk 31, rk 30, rk 29in conjunction with the inverse operation of SMS4 key schedule algorithm, each sub-key of taking turns and primary key can be recovered.
2. method according to claim 1, is characterized in that S1 specifically comprises the following steps:
S11: determine one group of expressly X, and obtain this group expressly correct ciphertext Y of X under correct key K effect;
S12: input phase isolog X, and Arbitrary Fault injection is carried out to the rear four-wheel of SMS4 cipher algorithm encryption process, obtain the expressly wrong ciphertext Y ˊ of X under direct fault location state;
S13: utilize expressly X and correct ciphertext Y, compare with the wrong ciphertext Y ˊ under malfunction, chooses out, for follow-up difference analysis by complete for data return value (comprising plaintext and ciphertext), expressly identical, that ciphertext is different wrong ciphertext.
3. method according to claim 1, is characterized in that S2 specifically comprises the following steps:
S21: according to antitone mapping, calculates reverse for ciphertext the input value entering antitone mapping R, i.e. the 32nd output valve of taking turns, and wherein correct output valve is designated as XX4, XX3, XX2, XX1, and erroneous output value is Xx4, Xx3, Xx2, Xx1;
S22: calculate the difference value of S box input and the difference value of S box output, be designated as Sin_differ and Sout_differ respectively, then have:
Sin_differ=XX3⊕Xx3⊕XX2⊕Xx2⊕XX1⊕Xx1;
Sout_differ=invT1(XX4⊕Xx4);
Wherein invT1 is the inverse transformation of L conversion;
Remember that the corresponding Sout_differ of four S boxes is S a[i], i value is 0,1,2,3, represents four S boxes from left to right, then has:
S a[i]=Sout_differ>>(8*i)&0xFF;
S23: calculate S box and export, the output that wherein correct data enters S box is designated as S b, the output that misdata enters S box is designated as S c, then have for four S boxes:
S b[i]=S(XX3⊕XX2⊕XX1⊕M)>>(8*i)&0xFF;
S c[i]=S(XX3⊕XX2⊕XX1⊕M⊕Sin_differ)>>(8*i)&0xFF;
Wherein, M is 256 kinds of candidate's sub-keys;
S24: 256 kinds of candidate's sub-key M are taken turns in the formula of S23, and judges S a[i] and S b[i] ⊕ S cwhether [i] be identical, if identical, is then possible correct sub-key;
S25: the 32nd sub-key rk taken turns can be obtained by S24 32, utilize rk 32computing is decrypted to correct ciphertext and wrong ciphertext, obtains the 31st correct wheel output valve of taking turns and mistake wheel output valve, and then carry out the computing of S22 to S24, finally attack out the 31st sub-key rk taken turns 31, repeat this process, so obtain the 30th taking turns, the 29th sub-key rk taken turns 30and rk 29.
CN201510652968.7A 2015-10-10 2015-10-10 A kind of Differential fault injection attacks for SMS4 cryptographic algorithm Pending CN105227295A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510652968.7A CN105227295A (en) 2015-10-10 2015-10-10 A kind of Differential fault injection attacks for SMS4 cryptographic algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510652968.7A CN105227295A (en) 2015-10-10 2015-10-10 A kind of Differential fault injection attacks for SMS4 cryptographic algorithm

Publications (1)

Publication Number Publication Date
CN105227295A true CN105227295A (en) 2016-01-06

Family

ID=54996016

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510652968.7A Pending CN105227295A (en) 2015-10-10 2015-10-10 A kind of Differential fault injection attacks for SMS4 cryptographic algorithm

Country Status (1)

Country Link
CN (1) CN105227295A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209350A (en) * 2016-09-12 2016-12-07 成都信息工程大学 A kind of for after SM4 cryptographic algorithm 4 methods about subtracting wheel accident analysis taken turns
CN106341222A (en) * 2016-09-12 2017-01-18 成都信息工程大学 Reduction wheel fault analysis method aiming at SM4 password algorithm intermediate 5 wheels
CN110299988A (en) * 2019-07-01 2019-10-01 中国人民解放军战略支援部队信息工程大学 The detection method and detection device of lightweight block cipher anti-attack ability
CN110321737A (en) * 2019-06-28 2019-10-11 兆讯恒达微电子技术(北京)有限公司 A kind of method of the anti-injection attack of data encryption standards coprocessor
CN110601818A (en) * 2019-09-25 2019-12-20 东华大学 Method for detecting SMS4 cryptographic algorithm to resist statistical fault attack
CN112380585A (en) * 2020-12-01 2021-02-19 上海爱信诺航芯电子科技有限公司 Method and circuit for detecting clock burr of safety chip
CN112464294A (en) * 2020-12-11 2021-03-09 北京智慧云测信息技术有限公司 Fault injection attack method and device and electronic equipment
CN112532373A (en) * 2020-11-24 2021-03-19 中国电力科学研究院有限公司 Differential fault analysis method, system and storage medium for stream cipher algorithm
CN113206734A (en) * 2021-04-30 2021-08-03 桂林电子科技大学 Method for detecting and resisting differential fault attack
CN113434332A (en) * 2021-05-27 2021-09-24 国家信息技术安全研究中心 Fault propagation-based key recovery method for DES/3DES middle wheel attack
CN114124353A (en) * 2021-11-19 2022-03-01 东华大学 Secret key leakage detection method for authentication encryption algorithm SILC

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341222A (en) * 2016-09-12 2017-01-18 成都信息工程大学 Reduction wheel fault analysis method aiming at SM4 password algorithm intermediate 5 wheels
CN106209350A (en) * 2016-09-12 2016-12-07 成都信息工程大学 A kind of for after SM4 cryptographic algorithm 4 methods about subtracting wheel accident analysis taken turns
CN110321737A (en) * 2019-06-28 2019-10-11 兆讯恒达微电子技术(北京)有限公司 A kind of method of the anti-injection attack of data encryption standards coprocessor
CN110299988B (en) * 2019-07-01 2022-10-21 中国人民解放军战略支援部队信息工程大学 Method and device for detecting anti-attack capability of lightweight block cipher algorithm
CN110299988A (en) * 2019-07-01 2019-10-01 中国人民解放军战略支援部队信息工程大学 The detection method and detection device of lightweight block cipher anti-attack ability
CN110601818B (en) * 2019-09-25 2022-12-06 东华大学 Method for detecting SMS4 cryptographic algorithm to resist statistical fault attack
CN110601818A (en) * 2019-09-25 2019-12-20 东华大学 Method for detecting SMS4 cryptographic algorithm to resist statistical fault attack
CN112532373A (en) * 2020-11-24 2021-03-19 中国电力科学研究院有限公司 Differential fault analysis method, system and storage medium for stream cipher algorithm
CN112532373B (en) * 2020-11-24 2023-08-25 中国电力科学研究院有限公司 Differential fault analysis method, system and storage medium for stream cipher algorithm
CN112380585A (en) * 2020-12-01 2021-02-19 上海爱信诺航芯电子科技有限公司 Method and circuit for detecting clock burr of safety chip
CN112380585B (en) * 2020-12-01 2023-03-07 上海爱信诺航芯电子科技有限公司 Method and circuit for detecting clock burr of safety chip
CN112464294A (en) * 2020-12-11 2021-03-09 北京智慧云测信息技术有限公司 Fault injection attack method and device and electronic equipment
CN113206734A (en) * 2021-04-30 2021-08-03 桂林电子科技大学 Method for detecting and resisting differential fault attack
CN113434332A (en) * 2021-05-27 2021-09-24 国家信息技术安全研究中心 Fault propagation-based key recovery method for DES/3DES middle wheel attack
CN114124353A (en) * 2021-11-19 2022-03-01 东华大学 Secret key leakage detection method for authentication encryption algorithm SILC
CN114124353B (en) * 2021-11-19 2024-03-29 东华大学 Key leakage detection method for authentication encryption algorithm SILC

Similar Documents

Publication Publication Date Title
CN105227295A (en) A kind of Differential fault injection attacks for SMS4 cryptographic algorithm
CN104468089B (en) Data protecting device and its method
Tunstall et al. Differential fault analysis of the advanced encryption standard using a single fault
Fan et al. FPGA implementations of the Hummingbird cryptographic algorithm
Khanna et al. XFC: A framework for exploitable fault characterization in block ciphers
Ali et al. Differential fault analysis of AES: towards reaching its limits
Dey et al. Full key recovery of ACORN with a single fault
Clavier et al. Reverse engineering of a secret AES-like cipher by ineffective fault analysis
Bokhari et al. Cryptanalysis techniques for stream cipher: a survey
Biryukov et al. Side-channel attacks meet secure network protocols
Korkikian et al. Blind fault attack against SPN ciphers
Salam et al. Random differential fault attacks on the lightweight authenticated encryption stream cipher grain-128AEAD
Han et al. Differential fault attack for the iterative operation of aes-192 key expansion
CN111030820B (en) Mask SM4 algorithm-based method for selecting plaintext related collision attack
CN104158652A (en) Circulating-unfolded-structured AES encryption/decryption circuit based on data redundancy real-time error detection mechanism
Li et al. Single byte differential fault analysis on the LED lightweight cipher in the wireless sensor network
Guo et al. NREPO: Normal basis recomputing with permuted operands
Fu et al. Linear regression side channel attack applied on constant xor
Fan et al. A secure IoT firmware update scheme against SCPA and DoS attacks
Caforio et al. Complete practical Side-Channel-assisted reverse engineering of AES-like ciphers
KR101203474B1 (en) Process of security of a unit electronic unit with cryptoprocessor
Bai et al. Differential power analysis attack on SMS4 block cipher
Yu et al. A compact hardware implementation for the SCA-resistant present cipher
Ge et al. Power Analysis and Protection on SPECK and Its Application in IoT
Takahashi et al. Differential fault analysis on the AES key schedule

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20160106

WD01 Invention patent application deemed withdrawn after publication