针对sm4算法的约减轮故障攻击简.pdfVIP

37 Z1 Vol.37 No.Z1 2016 10 Journal on Communications October 2016 doi:10.11959/j.issn.1000-436x.2016254 SM4 610225 SM4 4 4 128 bit SM4 SM4 SM4 SM4 TP309.1 A Round reduction-based fault attack on SM4 algorithm WANG Min, WU Zhen, RAO Jin-tao, LING Hang (College of Information Security Engineering, Chengdu University of Information Technology, Chengdu 610225, China) Abstract: A novel method of fault attack based on round reduction against SM4 algorithm was proposed. Faults were in- jected into the last four rounds of the SM4 encryption algor ithm, so that the number of the algorithm’s rounds can be re- duced. In known-ciphertext scenario, four traces are enough to recover the total 128 bit master key by screening these faults easily. The proposed attack is made to an unprotected SM4 smart card. Experiment shows that this attack method is efficient, and which not only simplifies the existing differential fault attack ,but also improves the feasibility of the attack. Key words: SM4 algorithm, fault injection, round reduction, fault sample selection, block cipher [2]1997 Boneh 1 [1]CRT RSA Biham [3] DES WAPI SM4[1] [4,5] [6] [7] SM4 [8~12]