KLEIN-64 is a lightweight block cipher designed for resource-constrained environment,and it has advantages in software performance and hardware implementation.Recent investigation shows that KLEIN-64 is vulnerable to ...KLEIN-64 is a lightweight block cipher designed for resource-constrained environment,and it has advantages in software performance and hardware implementation.Recent investigation shows that KLEIN-64 is vulnerable to differential fault attack(DFA).In this paper,an improved DFA is performed to KLEIN-64.It is found that the differential propagation path and the distribution of the S-box can be fully utilized to distinguish the correct and wrong keys when a half-byte fault is injected in the 10th round.By analyzing the difference matrix before the last round of S-box,the location of fault injection can be limited to a small range.Thus,this improved analysis can greatly improve the attack efficiency.For the best case,the scale of brute-force attack is only 256.While for the worst case,the scale of brute-force attack is far less than 232 with another half byte fault injection,and the probability for this case is 1/64.Furthermore,the measures for KLEIN-64 in resisting the improved DFA are proposed.展开更多
基金This work was supported in part by project supported by National Natural Science Foundation of China(Grant Nos.U1936115,61572182).
文摘KLEIN-64 is a lightweight block cipher designed for resource-constrained environment,and it has advantages in software performance and hardware implementation.Recent investigation shows that KLEIN-64 is vulnerable to differential fault attack(DFA).In this paper,an improved DFA is performed to KLEIN-64.It is found that the differential propagation path and the distribution of the S-box can be fully utilized to distinguish the correct and wrong keys when a half-byte fault is injected in the 10th round.By analyzing the difference matrix before the last round of S-box,the location of fault injection can be limited to a small range.Thus,this improved analysis can greatly improve the attack efficiency.For the best case,the scale of brute-force attack is only 256.While for the worst case,the scale of brute-force attack is far less than 232 with another half byte fault injection,and the probability for this case is 1/64.Furthermore,the measures for KLEIN-64 in resisting the improved DFA are proposed.
