节点文献
轻量级密码MANTIS的唯密文故障分析
Ciphertext-Only Fault Analysis on the MANTIS Lightweight Cipher
【摘要】 MANTIS密码是于2016年美密会上提出的一种轻量级可调分组密码,它的设计采用FX结构和TWEAKEY框架,适用于物联网环境中具有低延迟、高实时安全需求的受限设备中.本文基于半字节随机故障模型以及唯密文攻击,提出并讨论一种针对MANTIS密码的新型唯密文故障分析.该分析结合公开调柄,利用故障注入后中间状态的不均匀性,可以破译MANTIS的全部版本.实验结果表明,提出的新型双重区分器狄利克雷分布-汉明重量以及狄利克雷分布-极大似然最少分别需要392和396个故障,以99%及以上的成功率破译MANTIS各版本的128 bit原始密钥,不仅减少了故障注入数,而且提高了攻击效率,因此,MANTIS密码不能抵抗唯密文故障分析的攻击.该结果为其他轻量级可调分组密码的安全性分析和防护提供了重要参考.
【Abstract】 The lightweight tweakable block cipher MANTIS was published at the international Cryptology conference in 2016. It adopts the FX construction and the TWEAKEY framework, and can be applicable to the devices with the security requirements of low latency and high real time in the Internet of Things. The novel ciphertext-only fault analysis on MANTIS is proposed and discussed on the basis of the random nibble-oriented fault model and the assumption of ciphertext-only attack. On the public tweaks, the attackers can take advantage of the non-uniform property of the nibbles after fault injections, and recover the secret keys of all versions of MANTIS. The experimental results show that the new double distinguishers of Dirichlet distribution-Hamming weight and Dirichlet distribution-maximum likelihood can recover the 128-bit secret key with 392 and 396 faults, respectively. And the probability of success is no less than 99%. The proposed ciphertext-only fault analysis can not only decrease the faults, but improve the attacking efficiency. Thus, MANTIS cannot resist against the ciphertext-only fault analysis. It is vital for the security analysis and protection of other lightweight tweakable block ciphers.
【Key words】 fault analysis; lightweight cipher; MANTIS; ciphertext-only attack; Internet of Things;
- 【文献出处】 电子学报 ,Acta Electronica Sinica , 编辑部邮箱 ,2022年04期
- 【分类号】TN918.1
- 【下载频次】42