Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm

Abstract

The invention discloses a novel fault attack method aiming at the Advanced Encryption Standard (AES-128) algorithm, which comprises the steps that: firstly, an attacker randomly selects a plaintext, acquires the correct ciphertext of the plaintext under the action of an initial secret key; and then the attacker encrypts the randomly selected plaintext, optionally selects any one of first three columns of sub-secrete keys at the ninth round in an encryption operation progress, performs multi-byte random fault induction to the one column of sub-secret keys, and acquires a wrong ciphertext comprising random faults; next, the attacker performs multi-byte random fault induction to the rest three columns of sub-secret keys at the ninth round through the same operation till the rest three columns of sub-secret keys are recovered completely and sub-secrete keys at the tenth round are acquired; at last, the initial secret key is acquired through reverse calculation. The novel fault attack method aiming at the AES-12 algorithm disclosed by the invention attacks the sub-secret keys at the ninth round and operates any column of the needed sub-secret keys without affecting operation results of each other, therefore, an AES-128 password system can be treated by differential fault attack by a plurality of equipments at the same time, thus acquiring initial secret key information rapidly and saving more time.

Description

technical field [0001] The invention relates to a fault attack technology of the AES algorithm, in particular to a novel fault attack method for the AES-128 algorithm. Background technique [0002] AES (Advanced Encryption Standard, Advanced Encryption Standard) is a block cipher of a typical substitution-permutation network structure. Its data packet length is 128 bits, and the key length is divided into three forms: 128 bits, 192 bits and 256 bits. In the AES block cipher system, the AES-128 algorithm with a key length of 128 bits is the most widely used. It consists of three parts: encryption algorithm, decryption algorithm and key expansion algorithm. The encryption algorithm and decryption algorithm have the same structure, only the subkey The order of use is reversed. [0003] The AES-128 encryption algorithm requires ten rounds of encryption, such as figure 1 As shown, except that the tenth round does not include the column confusion (MC) operation, each round of en...

AI Technical Summary

Problems solved by technology

[0008] The traditional differential fault attack scheme for the AES-128 algorithm is mainly divided into two types according to the location of the fault induction: the first one is to introduce the fault into the encryption process of the AES-128 algorithm, and to specify the storage unit in the encryption process. Introduce random faults, use the differential characteristics of non-linear changes to recover the initial key of the algorithm. At present, the research on this scheme is relatively mature and there have been cases of successfully breaking through encryption devices; the second is to introduce faults into the AES-128 algorithm. During the key expansion process, the initial key is recovered by using differential analysis technology to modify the state of the subkey generation process at a specific moment. However, since this scheme requires an attack on the AES-128 algorithm at a specific moment, Therefore, the requirements for fault induction technology are relatively strict.

Images