| 引用本文: |
-
王省欣,胡伟,朱丹,周子涧,周慧思,马建峰.一种高效的分组密码故障属性提取与利用方法[J].信息安全学报,已采用 [点击复制]
- Wang Xingxin,Hu Wei,Zhu Dan,Zhou Zijian,Zhou Huisi,Ma Jianfeng.An efficient method for extracting and exploiting fault properties of block ciphers[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 属性自动提取是提升形式化分析方法效率和自动化程度需解决的一项关键问题。针对现有基于布尔逻辑化简的故障属性提取方法复杂度高且适用性受限的不足,本文提出了一种高效的分组密码故障属性提取与利用方法,能够实现不同故障注入模式下故障属性的精准提取,并基于故障属性约束实现针对分组密码的密钥分析。该方法将传统基于布尔函数逻辑化简的故障属性提取方法转化为 GF(2)上的矩阵运算问题,利用最大无关向量组求解故障传播矩阵,能够有效降低故障属性提取阶段所需故障信息的规模。通过精准提取不同故障注入模式下所满足的故障属性,能够实现针对AES与SM4的加密迭代和密钥扩展的高效故障分析。实验结果表明,使用该方法提取n比特故障信息传播时所满足的故障属性时,其计算复杂度从 降低至 ,所需故障轨迹数量平均减少了70%。以提取的故障属性为约束,通过分析2个正误密文对可以成功恢复AES和SM4的轮密钥。此外,本文发现了一种针对SM4密钥扩展的新故障分析方法,利用本文所提出的故障属性提取与利用方法仅需使用6个正误密文对即可恢复SM4的128位密钥。 |
| 关键词: 故障分析 属性提取 密钥恢复 分组密码 |
| DOI: |
| 投稿时间:2025-05-22修订日期:2025-09-01 |
| 基金项目:国家重点研发计划基金项目,国家自然科学基金项目,西北工业大学博士论文创新基金 |
|
| An efficient method for extracting and exploiting fault properties of block ciphers |
|
Wang Xingxin1, Hu Wei1, Zhu Dan1, Zhou Zijian1, Zhou Huisi1, Ma Jianfeng2
|
| (1.Northwestern Polytechnical University;2.Xidian University) |
| Abstract: |
| Automatic property extraction is crucial for improving the efficiency and automation of formal analysis methods. Cur-rent approaches to fault property extraction, mostly based on Boolean logic simplification, have significant limitations in terms of complexity and applicability. In order to overcome these shortcomings, this paper proposes an efficient method for extraction of fault properties and fault analysis in block ciphers by utilizing these fault properties. The pro-posed method enables the precise extraction of fault properties under different fault injection modes. Subsequently, it performs key analysis of block ciphers based on fault property constraints. Specifically, this method transforms the tra-ditional fault property extraction approach, which uses Boolean function logic simplification, into a matrix operation problem over a finite field , and computes the fault propagation matrix using the maximum independent vector group. This can effectively reduce the scale of required fault information during the fault property extraction process. The proposed method precisely extracts the fault properties under different fault injection patterns in both the encryption iterations and the key expansion transformations of AES and SM4, thereby achieving efficient fault analysis of both AES and SM4. Experimental results demonstrate that when this method is used to extract the fault properties satisfied during the propagation of n-bit fault information, the computational complexity is reduced from to compared to existing methods. Moreover, the number of required fault traces is decreased by an average of 70%. With the extracted fault properties as constraints, this method successfully recovers the round keys of AES and SM4 by analyzing two pairs of correct and faulty ciphertexts. In addition, this method introduces a novel fault analysis method for the SM4 key expansion. Using the proposed extracting and exploiting fault property method in this paper, the full 128-bit key of SM4 can be recovered using only six pairs of correct and faulty ciphertexts. |
| Key words: fault analysis property extraction key recovery block ciphers |
