Differential Fault Analysis on 3DES Middle Rounds Based on Error Propagation
Differential Fault Analysis on 3DES Middle Rounds Based on Error Propagation作者机构:School of Integrated Circuits Tsinghua University Beijing National Research Center for Information Science and Technology National Research Center for Information Technology Security Institute of Information Engineering Chinese Academy of Sciences School of Cyber Security University of Chinese Academy of Sciences
出 版 物:《Chinese Journal of Electronics》 (电子学报(英文))
年 卷 期:2022年第31卷第1期
页 面:68-78页
核心收录:
学科分类:11[军事学] 1105[军事学-军队指挥学] 0839[工学-网络空间安全] 08[工学] 110505[军事学-密码学] 110503[军事学-军事通信学]
基 金:supported by the National Key Research and Development Program of China (2018YFB0904901) National Natural Science Foundation of China (61702508, 61802404)
主 题:intermediate error propagation state table probability theory data encryption standard single-bit error propagation fault injection 3DES middle rounds injected fault position cryptography error propagation models DFA methods differential fault analysis state templates inducting fault fault diagnosis error statistics
摘 要:Since differential fault analysis(DFA)was first implemented on data encryption standard(DES), many scholars have improved this attack and extended the limit of the original last two rounds to the earlier rounds. However, the performance of the novel attacks which target middle rounds is not effective, i.e. the number of correct/incorrect ciphertexts required is very large and the recovered result maybe not correct. We address this problem by presenting new DFA methods that can break 3 DES when injecting faults at round 12 or *** simulating the process of single-bit error propagation,we have built two kinds of error propagation models as well as an intermediate error propagation state *** we simplify the intermediate states into state templates that will be further used to locate the injected fault position, which is the main difficulty of implementing fault injection in the middle rounds. Finally, in terms of the idea of error propagation and probability theory, we can recover the last round key only using 2 sets of correct/incorrect ciphertexts when inducting fault in the13 th round and 4 sets of correct/incorrect ciphertexts when inducting fault in the 12 th round.