KLEIN密码代数旁路攻击

将代数分析和旁路攻击结合,基于汉明重量泄露模型,对轻量级分组密码KLEIN抗代数旁路攻击安全性进行了评估。首先应用代数方法构建KLEIN算法等价布尔方程组,然后经功耗分析获取KLEIN加密操作的汉明重量并表示为布尔方程,最后使用CryptMinisat解析器进行密钥求解。基于均值、排名和门限3种容错策略,对8位微控制器上的KLEIN开展了攻击物理实验,并对攻击复杂度进行评估,结果表明:未经防护的KLEIN软件实现易遭受代数旁路攻击,已知明文场景下,1轮泄露分析即可恢复完整KLEIN密钥;未知明密文场景下,2轮泄露分析仍可成功实施攻击。该方法对其他分组密码抗代数旁路攻击研究具有一定的借鉴意义。

Algebraic Side-Channel Attacks on KLEIN

The security of a lightweight block cipher KLEIN against the algebraic side-channel attack is evaluated by combining algebraic attack with side-channel attack under the Hamming weight leakage model.Firstly,the algebraic representation of KLEIN is given.Then,the Hamming weights of the intermediate states are deduced from analyzing the power leakages and converted into algebraic equations.Finally,the CryptoMinisat solver is applied to solve for the key.Based on three different error tolerant strategies,many physical experiments are conducted on KLEIN under an 8-bit microcontroller and the complexity of the attack is also evaluated.Experiment results show that: the unprotected software implementation of KLEIN is vulnerable to algebraic side-channel attack.Full 64-bit master key of KLEIN can be recovered by analyzing the Hamming weight leakages of the first round under know plaintext/ciphertext scenario and 2 rounds under unknown plaintext/ciphertext scenario.