ITUbee密码代数旁路攻击

doi:10.11896/j.issn.1002-137X.2016.02.037

摘要/Abstract

摘要： ITUbee是在2013年第二届轻量级加密安全与隐私国际研讨会上提出的轻量级密码算法,对ITUbee密码进行安全分析有着积极意义。研究了ITUbee的代数旁路攻击方法,首先构建ITUbee密码S盒的等价代数方程组；由于构造的方程组不易解,通过采集ITUbee算法的加密功耗泄露,对加密中间状态字节的汉明重进行推断,并将其转化为与密码算法联立的布尔方程组,再利用cryptominisat解析器来求解密钥。实验结果表明,按此思路构造的ITUbee攻击方法所需样本少；在已知明文和未知明密文的场景下,1次ITUbee加密、部分轮汉明重泄露的情况下可成功恢复全部初始密钥。

关键词: ITUbee,代数旁路攻击,汉明重,Cryptominisat

Abstract: ITUbee was proposed in the second lightweight cryptography for security and privacy 2013.It has great significance to do security analysis about ITUbee.The algebraic side-channel attacks methods of ITUbee were researched.First,we constructed the equivalent-algebraic equations of ITUbee S-box.But,it is difficult to work out the structured equations set.The leakage of cryptographic power consumption of ITUbee algorithm was collected.The Hamming weight of the encryption middle status byte was inferred.Then,the simultaneous Boolean equations set with the cipher algorithm was conversed.At last,we used the cryptominisat to solve the key.Experiment results show that it only needs less samples to gain the successful attack.The initial keys can be derived via analyzing the part HW (Hamming weight) leakages of the first round in the scene of the known-plaintext and the unknown ciphertext.

Key words: ITUbee,Algebraic side-channel attack,Hamming weight,Cryptominisat

李浪,杜国权. ITUbee密码代数旁路攻击[J]. 计算机科学, 2016, 43(2): 169-174. https://doi.org/10.11896/j.issn.1002-137X.2016.02.037

LI Lang and DU Guo-quan. Algebraic Side-channel Attacks Method of ITUbee[J]. Computer Science, 2016, 43(2): 169-174. https://doi.org/10.11896/j.issn.1002-137X.2016.02.037

参考文献

[1] Renauld M,Standaert F X.Algebraic side-channel attacks[C]∥Proceedings of Information Security and Cryptology.Heidelberg:Springer Berlin,2009:393-410
[2] Renauld M,Standaert F-X.Representation,leakage and cipher- dependencies in algebraic side-channel attacks[C]∥ Proceedings of Industrial Track of ACNS.Heidelberg:Springer Berlin,2010:1-18
[3] Brier E,Clavier C,Olivier F.Correlation power analysis with a leakage model[C]∥Proceedings of Cryptography Hardware and Embedded Systems.Heidelberg:Springer Berlin,2004:16-29
[4] Renauld M,Standaert F X.Algebraic side-channel attacks on the AES:Why time also matters in DPA[C]∥ Proceedings of cryptography Hardware and Embedded Systems 2009.Heidelberg:Springer Berlin,2009:97-111
[5] Mohamed M S E,Bulygin S,Zohner M,et al.Improved algebraic side channel attack on AES[J].Journal of Cryptographic Engineering,2013,3(3):139-156
[6] Schramm K,Leander G,Felke P,et al.A collision-attack onAES combining side channel and differential attack[C]∥ Proceedings of Cryptography Hardware and Embedded Systems.Heidelberg:Springer Berlin,2004:163-175
[7] Liu Hui-ying,Zhao Xin-jie,Wang Tao,et al.Research on Hamming Weight-based Algebraic Side-Channel attacks on SMS4[J].Chinese Journal of Computers,2013,6(6):1183-1193(in Chinese) 刘会英,赵新杰,王韬,等.基于汉明重SMS4密码代数旁路攻击研究[J].计算机学报,2013,6(6):1183-1193
[8] Ji Ke-ke,Wang Tao,Guo Shi-ze,et al.Research of HammingWeight-based algebraic side-channel attack on LED[J].Journal on Communications,2013,4(7):134-142(in Chinese) 冀可可,王韬,郭世泽,等.基于汉明重的LED代数旁路攻击研究[J].通信学报,2013,4(7):134-142
[9] Ferhat K.ITUbee:A Software Oriented Lightweight Block Cipher[C]∥Proceedings of Lightweight Cryptography for Security and Privacy 2013.Heidelberg:Springer Berlin,2013:16-27
[10] Carlet C,Faugère J-C,Goyet C,et al.Analysis of the algebraic side channel attack[J].Journal of Cryptographic Engineering,2012,2(1):45-62
[11] Zhang Guo-ji,Xiao Huang-pei.Quadratic Equations on S-Boxes and a New S-Box Design Criterion[J].Journal of South china University of Technology(Natural Science Edition),2008,6(8):140-144(in Chinese) 张国基,肖黄培.S盒的二次方程及一个新的设计准则[J].华南理工大学学报,2008,6(8):140-144
[12] Fischer S,Meier W.Algebraic immunity of S-boxes and augmented functions[C]∥ Proceedings of Foundations of Software Engineering.Heidelberg:Springer Berlin,2007:366-381
[13] Armknecht F,Krause M.Constructing single and multi-output Boolean functions with maximal immunity[C]∥ Proceedings of International Colloquium on Automata,Languages and Programming.Heidelberg:Springer Berlin,2006:180-191
[14] Carlet C.On the algebraic immunities and higher order nonli-nearities of vectorial Boolean functions[C]∥ Proceedings of NATO Science for Peace and Security Series,D:Information and Communication Security.Heidelberg:Springer Berlin,2009:104-116
[15] Oren Y,Kirschbaum M,Popp T,et al.Algebraic side-channelanalysis in the presence of errors[C]∥ Proceedings of Cryptography Hardware and Embedded Systems.Heidelberg:Springer Berlin,2010:428-442
[16] Bogdanov A,Kizhvatov I,Pyshkin A.Algebraic Methods inSide-Channel Collision Attacks and Practical Collision Detection[C]∥ Proceedings of INDOCRYPT.Berlin:Springer,2008:251-265
[17] Moradi A,Mischke O,Eisenbarth T.Correlation-enhancedpower analysis collision attack[C]∥ Proceedings of Cryptography Hardware and Embedded Systems.Heidelberg:Springer Berlin,2010:125-139
[18] Oren Y,Kirschbaum M,Popp T,et al.Algebraic side channel analysis in the presence of errors[C]∥ Proceedings of Cryptography Hardware and Embedded Systems.Heidelberg:Springer Berlin,2010:428-442
[19] Whitnall C,Oswald E,Mather L.An exploration of the kolmogorov-smirnov test as competitor to mutual information analysis[EB/OL].[2011-03-08].http:// eprint.iacr.org/2011/380.pdf
[20] Knudsen L R,Miolance C V.Counting equations in algebraic attacks on block ciphers[J].International Journal of Information Security,2010,9(2):127-135
[21] Soos M,Nohl K,Castelluccia C.Extending SAT solvers to cryptographic problems[C]∥ Proceedings of Lecture Notes in Computer Science.Heidelberg:Springer Berlin,2009:244-257

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed