摘要
通过分析流密码算法Grain-v1,提出了一种针对密钥流生成器的差分错误攻击。该攻击利用了前17轮密钥流次数较低的弱点,向LFSR的指定位置引入错误,通过差分得到17个线性无关的线性方程和80个内部状态,只需要猜测62bits的初始内部状态变量就可得到密钥种子。整个过程的计算复杂度为O(274.26)。结果表明,Grain-v1抗差分错误攻击的计算复杂度低于设计者宣称的O(280),也就是说,算法存在安全漏洞。
By analyzing the weakness in design of the stream cipher Grain-v1,a differential fault attack was presented.The attack makes use of the weakness that the key stream equations in the first 17 times have comparatively low orders.The attacker needs to inject faults to the specified positions of LFSR at the stage of generating key stream.By differentiating,the attacker is able to acquire 17 linear equations which are linear independent and 80 initial states of the stream cipher directly.The attacker just needs to guess 62bits internal states,and then all the internal state can be achieved.The proposed attack algorithm can reduce the complexity to O(274.26).The result shows that the analyzed algorithm has security vulnerabilities,and the computational complexity of attacks is lower than that the designers claimed O(280).
出处
《计算机科学》
CSCD
北大核心
2011年第8期80-82,共3页
Computer Science
基金
国家自然科学基金(60833008)
国家973计划(2007CB311201)资助