基于碰撞模型的PRESENT密码代数旁路攻击

提出了一种新的分组密码通用的基于碰撞模型的分组密码代数旁路分析方法—代数功耗碰撞攻击,将代数攻击与功耗碰撞攻击结合,首先利用代数分析方法建立密码算法等效布尔代数方程组;然后通过功耗攻击手段获取密码加密过程运行时泄露的功耗信息,经分析转化为加密过程碰撞信息,并表示为关于加密中间状态变元的代数方程组;最后使用CryptoMiniSAT解析器求解方程组恢复密钥。应用该方法对在8位微控制器上实现的PRESENT密码进行了实际攻击,实验结果表明,代数攻击基础上引入额外的代数方程组,可有效降低方程组求解的复杂度;PRESENT易遭受此类代数功耗攻击的威胁,明密文已知,以4个样本全轮碰撞或8个样本部分轮碰撞信息成功获取PRESENT 80bit完整密钥。此外,文中分析方法也可为其它分组密码功耗碰撞分析提供一定思路。

Collision model based algebraic side-channel attack on PRESENT

A new generic collision model based algebraic side-channel analysis method on block cipher—Algebraic Power collision Attack is proposed.This attack combines conventional algebraic cryptanalysis with power attack,firstly equivalent Boolean algebraic equations of cipher encryption is built by algebraic cryptanalysis method.Secondly power information is gotten,which leak out from running cipher chips by side-channel attack technique,and transform into collision information that is expressed to algebraic equations about encryption middle state variable;finally by CryptoMiniSAT.To solve the quations and recover key is solved.The attack is to a PRESENT implementation on an 8-bit microcontroller with this method,experiments demonstrate that: algebraic power attack can introduce new algebraic equations into conventional algebraic attack,reduce the complexity of solving equations;PRESENT may suffer from threat of this algebraic power attack easily,when plaintexts and ciphertexts are known,only 4 samples of full-round collision or 8 sampless of part-round collision can recover 80 bit master key of PRESENT.Meanwhile,the analysis method proposed is applied into the power collision attack of other block ciphers.