Abstract: In the existing researches,a fault is often required to be injected into a byte of a fixed position,and then special wrong ciphertext is obtained to carry out attacks.This assumption is difficult to achieve in the actual attack,so a differential fault attack method on SM4 based on random fault injection is proposed.Random faults are injected into the last four rounds of the SM4 encryption algorithm,and wrong ciphertext is generated by these faults.The sub keys of the last four rounds are got by using the candidate key screening method.The attack is made to an unprotected SM4 smart card.Compared with other attack methods,this method expands the scope of fault injection and improves the practicability of the fault attack.

Key words: random fault injection, SM4 algorithm, wrong ciphertext screening, differential cryptanalysis, key screening

摘要： 现有研究往往要求将故障注入到固定位置的某一字节中,进而获取到特殊的错误密文以实施攻击,然而该假设在实际攻击中难以实现。为此,基于随机故障注入,提出一种SM4差分故障攻击方法。对SM4加密算法的后4轮进行随机故障注入,经简单筛选得到错误密文,并结合候选密钥筛选方法攻击出后4轮子密钥。通过对无防护SM4算法的智能卡实施该攻击的结果表明,与其他攻击方法相比,该方法可扩大故障注入的范围,提高故障攻击的实用性。

关键词: 随机故障注入, SM4算法, 错误密文筛选, 差分分析, 密钥筛选

CLC Number: 

• TP301.6