Abstract: This paper proposes a guess attack method on Trivium based on chosen differential. By analyzing the key generation equations of Trivium and determining 52 bit of its interior state which need to be altered, and then fault injections are used to alter these 52 bit and a faulty key stream can be obtained. The difference between the faulty key stream and the original key stream is computed, so that it only need guess 45 bit to make 177 nonlinear equations of key stream generation equations become linear equations. With the addition of 66 original linear equations, the rest 243 bit can be obtained by gauss elimination, thus Trivium is broken.

Key words: Trivium, chosen differential attack, guess attack

摘要： 给出一种基于选择差分对Trivium算法进行猜测攻击的方法。通过分析Trivium密钥流生成方程，确定需要改变Trivium 288 bit内部状态中的52 bit，使用错误注入改变所确定的52 bit，并生成密钥流，与原始密钥流进行差分。该方法只需猜测45 bit即可使密钥流生成方程中的177个非线性方程成为线性方程，加上已有的66个线性方程，使用高斯消元法获得剩余的243 bit，从而攻破Trivium。

关键词: Trivium算法, 选择差分攻击, 猜测攻击

CLC Number: 

• TP309.2