Since differential fault analysis(DFA)was first implemented on data encryption standard(DES),many scholars have improved this attack and ex-tended the limit of the original last two rounds to the earlier rounds.However,the performance of the novel at-tacks which target middle rounds is not effective,i.e.the number of correct/incorrect ciphertexts required is very large and the recovered result maybe not correct.We ad-dress this problem by presenting new DFA methods that can break 3DES when injecting faults at round 12 or 13.By simulating the process of single-bit error propagation,we have built two kinds of error propagation models as well as an intermediate error propagation state table.Then we simplify the intermediate states into state tem-plates that will be further used to locate the injected fault position,which is the main difficulty of implementing fault injection in the middle rounds.Finally,in terms of the idea of error propagation and probability theory,we can recover the last round key only using 2 sets of cor-rect/incorrect ciphertexts when inducting fault in the 13th round and 4 sets of correct/incorrect ciphertexts when inducting fault in the 12th round.

MA Xiangliang;ZHANG Lizhen;WU Liji;LI Xia;ZHANG Xiangmin;LI Bing;LIU Yuling

School of Integrated Circuits,Tsinghua University,Beijing National Research Center for Information Science and Technology,Beijing 100084,China;National Research Center for Information Technology Security,Beijing 100084,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 101408,China

电子学报（英文）

[1]MA Xiangliang;ZHANG Lizhen;WU Liji;LI Xia;ZHANG Xiangmin;LI Bing;LIU Yuling-.Differential Fault Analysis on 3DES Middle Rounds Based on Error Propagation)[J].电子学报（英文）,2022(01):68-78

Rounds,tacks,inducting

Differential,Fault,Analysis,3DES,Middle,Based,Error,Propagation,Since,differential,analysis,DFA,was,first,implemented,data,encryption,standard,many,scholars,have,improved,this,attack,tended,limit,original,last,two,rounds,earlier,However,performance,novel,which,target,middle,not,effective,number,incorrect,ciphertexts,required,very,large,recovered,result,maybe,We,ad,dress,problem,by,presenting,new,methods,that,can,break,when,injecting,faults,By,simulating,process,single,bit,error,propagation,built,kinds,models,well,intermediate,table,Then,simplify,states,into,tem,plates,will,further,used,locate,injected,position,main,difficulty,implementing,injection,Finally,terms,idea,probability,theory,key,only,using,sets,13th,12th

0.539506