English

应用科学学报 >

2015 , Vol. 33 >Issue 5: 481 - 490

DOI: https://doi.org/10.3969/j.issn.0255-8297.2015.05.003

通信工程

MD5加密模式的差分故障分析

展开
  • 1. 国防科技大学理学院, 长沙 410073;
    2. 国防科技大学计算机学院, 长沙 410073;
    3. 国防科技大学电子科学与工程学院, 长沙 410073

收稿日期: 2014-10-23

  修回日期: 2015-04-10

  网络出版日期: 2015-09-30

基金资助

国家自然科学基金(No.61402515);湖南省教育厅科研项目基金(No.YB2014B001)资助

收起

Differential Fault Analysis on Encryption Mode of MD5

Expand
  • 1. College of Science, National University of Defense Technology, Changsha 410073, China;
    2. College of Computer Science, National University of Defense Technology, Changsha 410073, China;
    3. College of Electronic Science and Engineering, National University of Defense Technology, Changsha 410073, China

Received date: 2014-10-23

  Revised date: 2015-04-10

  Online published: 2015-09-30

Fold

摘要

通过研究MD5 加密模式中轮函数的差分特性,给出了一个求解差分方程的快速算法,可以实现从倒数第3 轮对MD5 加密模式进行差分故障分析. 研究结果表明,若从倒数第3 轮开始导入故障,平均只需56 个故障即可成功恢复512 bit 的种子密钥.

关键词: MD5; 加密模式; 差分特性; 快速算法; 差分故障分析

本文引用格式

沈璇, 赵光耀, 李超, 李瑞林 . MD5加密模式的差分故障分析[J]. 应用科学学报, 2015 , 33(5) : 481 -490 . DOI: 10.3969/j.issn.0255-8297.2015.05.003

Abstract

By studying differential properties of the round functions in the encryption mode of MD5, we propose a fast algorithm to solve the differential equation. We give a differential fault analysis on the encryption mode of MD5 from the third last round with the proposed algorithm. The result shows that, if we induce faults from the third last round, only 56 random faults in average are required to obtain 512 bit key successfully.

Key words: MD5; encryption mode; differential property; fast algorithm; differential fault analysis

参考文献

[1] Rivest R L. The MD5 message-digest algorithm, request for comments (RFC1320)[EB/OL]. Internet Activities Board, Internet Privacy Task Force, 1992.

[2] Boneh D, Demillo R A, Lipton R J. On the importance of eliminating errors in cryptographic computations [J]. Journal of Cryptology, 2001, 14(2): 101-119.

[3] Balam E, Shamir A. Differential fault analysis of secret key cryptosystems [J]. Lecture Notes in Computer Science, 1997, 1294: 513-525.

[4] 张蕾,吴文玲. SMS4 密码算法的差分故障攻击[J]. 计算机学报,2006, 29(9): 1596-1602. Zhang L, Wu W L. Differential fault analysis on SMS4 [J]. Chinese Journal of Computers, 2006, 29(9): 1596-1602. (in Chinese)

[5] Kim C H. Differential fault analysis of AES: toward reducing number of faults [J]. Information Sciences, 2012, 199: 43-57.

[6] 魏悦川,李琳,李瑞林. SHACAL-2 算法的差分故障攻击[J]. 电子与信息学报,2010, 32(2): 318-322. Wei Y C, Li L, Li R L. Differential fault analysis on SHACAL-2 [J]. Journal of Electronic and Information Technology, 2010, 32(2): 318-322. (in Chinese)

[7] 张中亚,关杰. 对流密码算法LEX 的差分故障攻击[J]. 上海交通大学学报, 2012, 46(6):865-869. Zhang Z Y, Guan J. Differential fault analysis on the stream cipher LEX [J]. Journal of Shanghai Jiaotong University, 2012, 46(6): 865-869. (in Chinese)

[8] Hu Y, Gao J, Liu Q. Fault analysis of trivium [J]. Designs, Codes and Cryptography(DCC), 2012, 62(3): 289-311.

[9] Li R L, Li C, Gong C. Differential fault analysis on SHACAL-1 [C]//IEEE, Fault Diagnosis and Tolerance in Cryptography (FDTC) [C], Lausanne, 2009: 120-126.

[10] Hemme L, Hoffmann L. Differential fault analysis on SHA-1 compression function [C]//in Fault Diagnosis and Tolerance in Cryptography (FDTC) [C], 2011 Workshop on IEEE, 2011: 54-62.

[11] Li W, Tao Z, Gu D W. Differential fault analysis on the MD5 compression function [J]. Journal of Computers, 2013, 8(11): 2888-2894.
Options
文章导航

/