面向 ACORN v3 消息认证码的随机差分故障分析

ACORN v3, a lightweight authenticated stream cipher, is a final portfolio of the CAESAR competition. It has been widely concerned by cryptographists for its novel design and lightweight efficient implementation. In this study, according to the differential fault attack model, the ability of resisting differential fault attack is analyzed when ACORN v3 is used for authentication. Aiming at the problem that the probability of determining the fault location uniquely is not high due to the limited length of MAC, the interactive verification strategy and the improved high probability priority strategy are proposed to improve the probability of determining the fault location uniquely. It is proved that the algebraic expression of the authentication bit's difference has specific rules. Accordingly, the guessing complexity of each fault injection is reduced from 49 bits to 0.713 bits. By using the differential-algebra method, the algorithm of establishing the lower order equation of the internal state by the difference of authentication bit and the state recovery attack based on equation solving are given. The time complexity of the attack is 2^0.713·n+0^415·N3 · c, where n is the number of fault injection, N3 is the number of equations to be linearized, and c is the complexity of solving 342-bit linear equation system. The data complexity and the storage complexity are negligible.