分组密码的差分故障分析-信息安全专业论文.docx

国防科学技术大学研究生院硕士学位论文 国防科学技术大学研究生院硕士学位论文 第 第 i 页 摘 要 差分故障分析是针对密码算法的硬件实现结构，结合差分分析进行的一种密 码分析方法。该方法自提出后，已经对公钥密码体制、分组密码体制中的多个算法 进行了成功的攻击。本文采用面向字节的随机故障模型，分别对 Serpent 算法、 KeeLoq 算法和 FOX 算法的故障攻击进行了研究。 Serpent 算法是 AES 计划的候选算法之一。本文结合差分密码分析技术、算法 扩散层以及密钥扩展方案的特性，给出了对 Serpent 算法的差分故障分析。实验结 果表明平均需要诱导 20 个故障就可以恢复 Serpent 算法的 128 比特种子密钥，这 表明 Serpent 算法对差分故障分析是不免疫的。 KeeLoq 算法采用 32 比特的分组和 64 比特的密钥。它被广泛应用于各种遥控 电子锁，以及车辆的防盗报警系统。通过分析 KeeLoq 算法中非线性函数 NLF 的 差分性质，提出了对 KeeLoq 算法的差分故障分析。理论分析和实验结果表明，恢 复 1 比特密钥信息平均只需要 0.71 个故障。 FOX 算法是一系列分组密码的总称，它们确保了数字化媒体、通信和存储的 安全。本文提出了 FOX64 算法差分故障分析的一种改进的方法，恢复每一轮的轮 密钥平均只需 4.25 个故障，而之前对 FOX64 算法的故障分析方法恢复轮密钥平均 需要 11.45 个故障，新方法在故障诱导次数上达到最小。本文的攻击方法同样适用 于 FOX 系列的其它算法。 主题词：分组密码；差分故障分析；Serpent 算法；KeeLoq 算法；FOX 算法 第 第 ii 页 ABSTRACT Differential Fault Analysis (DFA) is a kind of attack which based on attacking implementation of algorithms by faults induced in hardwares. Since its emergence, DFA has been applied to several kinds of ciphers in our real world, containing public key ciphers and block ciphers. In this thesis, using byte-oriented random fault model, we mainly focus on application of DFA on three kinds of block cipher Serpent , KeeLoq and FOX. Serpent is a new block cipher as a candidate for the Advanced Encryption Standard. By using techniques of differential cryptanalysis and the specialty of the diffusion layer and the key schedule, we present a practical fault analysis attacks on Serpent. It is shown by experiments that the 128 bit master key can be obtained through 20 faulty ciphertexts on average. The results imply that Serpent is not immune to differential fault analysis. KeeLoq is a block cipher with a 32-bit block size and a 64-bit key. It is widely used in wireless devices that unlock the doors and alarms in cars manufactured. In this paper, based on the differential property of the non-linear function NLF, we present a practical differential fault analysis attacks on KeeLoq. Theory and experiments show that we can recover 1 bit key through 0.71