密码学报2016,Vol.3Issue(3):258-269,12.DOI:10.13868/j.cnki.jcr.000126
Grain-v1的多比特差分故障攻击*
Multi-Bit Differential Fault Analysis of Grain-v1
摘要
Abstract
This paper studies differential fault attack against Grain-v1. Recently several differential fault attacks were reported on Grain family under the assumption that a single fault could flip a single bit of the internal state. However, as chip sizes shrink and the complexity of devices increases, one bit of internal state being flipped by a single fault with acceptable accuracy seems to be more and more difficult in practice. As for Grain-v1, no efficient multi-bit differential fault attack has been proposed yet. This paper presents a multi-bit differential attack against Grain-v1, under the assumption that a single fault could flip no more than 8 consecutive bits in the main register without knowing the specific location and the exact number of bits. Those flipped bits could be located at the LFSR, or at the NFSR, or even across the LFSR and the NFSR. In particular, inspired by the main idea of near collision attack against Grain-v1 proposed in FSE 2013, a new method of identifying a multi-bit fault is proposed, including the position and the number of the flipped bits. By this new method, using 160 differential key-stream bits, the corresponding fault information could be determined with a probability of 97.5%. By the SAT solver CryptoMiniSat2.9.6, on a computer with a 2.83GHz CPU and 4G RAM, the 160-bit internal state of Grain-v1 could be recovered within 50 minutes using about eight faults. The idea of the analysis in this paper could also be applied to Grain-128 and the case of more than 8 bits flipped by a single fault.关键词
序列密码/Grain-v1/差分故障攻击Key words
stream ciphers/Grain-v1/differential fault attack分类
信息技术与安全科学引用本文复制引用
叶晨东,田甜..Grain-v1的多比特差分故障攻击*[J].密码学报,2016,3(3):258-269,12.基金项目
国家自然科学基金(61272042,61521003) (61272042,61521003)
国家863重点项目(2015AA01A708) (2015AA01A708)
