Research On Differential Fault Detection And Protection Technology Of Block Cipher

Block cipher is widely used in hardware and software security systems because of its fast implementation.With the continuous improvement of the design theory of block cipher,the cryptographic ciphers widely used at present have excellent theoretical security.However,in engineering applications,differential fault attack（DFA）can inject faults during the execution of cryptographic devices and analyze the relationship between faulty ciphertext and correct ciphertext to analyze relevant key information.Differential fault attacks have efficient analysis efficiency and can pose a serious threat to cryptographic devices.Therefore,the research on how to effectively detect faults and resist differential fault attack in block ciphers is one of the current research hotspots.Based on the idea of linear structure,linear code and dynamic secret S-box,this thesis designs a differential fault protection scheme for block cipher algorithms DEFAULT and Pyjamask.The main research results are as follows:1.Based on the ideas of horizontal confusion and linear code,a protection scheme is proposed for DEFAULT cipher to automatically detect all bit faults to solve the problem that DEFAULT cannot resist differential fault attacks effectively.The scheme uses horizontal obfuscation to implement the redundant parts of the cipher,and utilizes the error detection of[10,4,6]linear codes to protect each S-box.The experimental results show that the new protection scheme can detect all bit faults and correct nibble faults with25.08%additional software implementation,where the proportion of detected faults is100%.Compared with existing protection methods,the new method reduces software implementation costs by 31.92%and has the ability to automatically correct protection.2.Based on the idea of DEFAULT cipher design and dynamic secret S-box,a new cipher DEFAULT-DS is proposed to resist differential fault attack to address problem that DEFAULT being unable to resist information-combining differential fault attack.Based on the design of the DEFAULT cipher,DEFAULT-DS utilizes the idea of dynamic secret S-boxes to improve the S-box construction of the cipher.DEFAULT-DS introduces 15secret S-boxes with 3 non-zero linear structures and selects S-boxes using the round key.The experimental results show that for classical differential fault attacks and Information-combining differential fault attack（IC-DFA）,the cipher provides differential fault protection capabilities that require at least 64 faults and 2⁶⁴-bit key search spaces.Compared with existing protection schemes,the proposed cipher provides effective differential fault protection capability without adding redundancy,and increases the key search space by 2⁶⁴-bit compared to DEFAULT.3.Based on linear structure and linear code,a differential fault protection scheme for Pyjamask block cipher is gifted to solve the problem that Pyjamask can not resist the differential fault attack effectively.The scheme is first based on the design concept of the DEFAULT cipher,adding 4 additional round functions before and after the Pyjamask.The added round functions use S-boxes with 3 non-zero linear structures,and a[10,4,6]linear code is used to protect the input of each S-box.The experimental results show that the new protection scheme can provide protection against 64 faults and 2⁶⁴-bit key search spaces for classical differential fault attacks with 39.46%additional software implementation,and the scheme can provide the capability of single bit error correction and full bit error detection.Compared to previous protection schemes,the new scheme provides single bit error correction function with only 2.62%increase in performance.