Abstract
Compared to the injection of a transient fault, time synchronization and accuracy are not required for the injection process of a persistent fault. However, the known persistent fault analyses (PFAs) do not work on SM4 implementations because the linear transformation layer hides the position where an error occurs during the encryption process. We present the first persistent fault analysis against SM4 implemented with an S-box by combining the inverse linear transformation with differential techniques. In addition, we propose a locating algorithm to figure out not only where an error occurs during the encryption process but also where a fault is inserted in the lookup table. Consequently, the locating algorithm helps break SM4 implemented with a T-table. We validate our PFA on two open-source implementations of SM4 – Crypto++(v8.3) and GMSSL(v1.0.0). The experiments are performed on a PC and the analysis codes are written in C language. The experimental data shows that the probability of successfully recovering the encryption key approximates 1 when the number of normal-and-faulty-ciphertext pairs is 3000 on average. Namely, PFA can break the encryption system of SM4 in practice once valid faults are inserted. Finally, we apply the attack to protected SM4 implementations and prove that the E-and-D mode of the dual modular temporal redundancy (DMTR) can defeat our PFA.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
