Research On Ciphertext-only Fault Analysis Of The PRINCE And LEA Lightweight Block Ciphers

As the Internet of Things develops rapidly,more and more intelligent physical objects with data exchange functions,are gradually connected to the Internet,such as smart vehicles,smart homes and mobile portable devices.They are providing great convenience for people’s life,learning and work.However,Io T security is still a challenging issue.At this stage,people usually use the cryptographic algorithm based on mathematical functions to handle and protect unauthorized content.However,traditional cryptographic algorithms generally require many resources to execute,which makes it difficult to effectively implement data security protection in resource constrained Io T devices.In order to perform encryption,decryption,authentication,integrity protection and other functions on Io T devices,researchers at home and abroad have designed a series of lightweight cryptographic algorithms suitable for Io T.The LEA was proposed by Hong and other scholars at the 2013 WISA conference,and is one of the three major lightweight cryptographic standards released by the ISO and the ICE in2019,certified by the Korean KCMVP,and is also the Korean national standard.Based on the ciphertext-only assumption,the existing distinguishers such as Maximum Likelihood,Hamming Weight,Squared Euclidean Imbalance and Goodness of Fit,and new distinguishers such as Ratio Distance,Ratio Distance-Hamming Weight and Ratio Distance-Maximum Likelihood were used to recover the original key of the lightweight cipher LEA using the distribution properties of intermediate state values after fault injection.The results show that LEA cipher cannot resist ciphertext-only fault analysis,and the new distinguishers require at least 396 faults to decipher LEA cipher with a success rate of 99% and above,which not only effectively reduces the number of faults,but also improves the attack efficiency.In 2012,the PRINCE was proposed as a lightweight cryptographic algorithm with two main features of low latency and high efficiency,which is widely applied to Io T devices that need realtime security protection.Currently,most research focuses on the traditional cryptanalysis.This paper proposes a ciphertext-only fault attack on PRINCE.By attacking in the tenth and eighth rounds in turn,and using the statistical analysis of Square Euclidean Imbalance,Hamming Weight,Maximum Likelihood,and Goodness of Fit distinguishers,the cipher is finally cracked.Furthermore,the first stage attack can be deepened to the ninth round by using the blind distinguisher,and the efficiency of the Goodness of Fit distinguisher can be improved by using the average method.The experimental results show that using the Blind Maximum Likelihood distinguisher and Maximum Likelihood distinguisher to analyze the ninth round and the eighth round in turn,the original key of PRINCE can be recovered with a success rate of not less than99%.The total number of faults required is 504,which is the least.According to the experimental results in this paper,the LEA and PRINCE ciphers are not highly secure in the face of ciphertext-only fault analysis.Therefore,when the LEA and PRINCE ciphers are used to protect data information in lightweight devices,it is recommended to implement hardware-level protection at the location of the countdown number of rounds of cipher in hardware devices,so as to reduce the harm caused by such attack.