Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (10): 1015-.

Previous Articles     Next Articles

SIFA Attack Against SM4 with DFA Protection

Tan Zixin, Hu Yongbo, Gong Yanhao, Hu Chunya, Zhang Qi, Zhu Wenfeng, and Gong Zichao   

  1. (Laboratory of Vulnerability Analysis, Shenzhen Huiding Technology Co., Ltd. Formula Shanghai Branch, Shanghai 201210)

  • Online:2023-10-17 Published:2023-10-28



  1. (深圳市汇顶科技股份有限公司上海分公司脆弱性分析实验室上海201210)
  • 通讯作者: 胡永波 硕士,工程师.主要研究方向为侧信道分析与故障注入分析、逻辑分析、物理安全实现以及安全认证.
  • 作者简介:谭子欣 硕士,工程师.主要研究方向为理论密码学、零知识证明、 侧信道攻击及故障注入分析. 胡永波 硕士,工程师.主要研究方向为侧信道分析与故障注入分析、逻辑分析、物理安全实现以及安全认证. 龚彦昊 硕士,工程师.主要研究方向为侧信道分析与故障注入分析. 胡春雅 硕士,工程师.主要研究方向为理论密码学、零知识证明、侧信道分析以及故障注入分析.

Abstract: As a national standard block cipher algorithm issued by State Cryptography Administration (SCA), SM4 is widely used in domestic security products, such as financial IC card, blockchain, encryption card, router, electronic wallet, electronic ID card and other applications. Its security has always been concerned by various industries, with the continuous innovation of attack methods, carious SM4 implementation schemes with countermeasure have also been proposed. We proposed a statistical ineffectual fault analysis (SIFA) attack on SM4 with differential fault analysis (DFA) countermeasure firstly inspired by the idea of SIFA proposed by Christoph et al. in 2018, and this attack can recover the key of SM4 with the computational complexity of 234. Then, we had successfully recovered the key on the STM32F103C8T6 microcontroller with voltage glitch fault injection. Finally, we further improved this attack by chosen plaintext, and reduced the computational complexity to 212.

Key words: SM4, SIFA, DFA protection, voltage glitch fault injection, chosen plaintext

摘要: SM4算法作为中国密码管理局(SCA)发布的一项国家标准分组密码算法,当前被广泛应用到国内市场的安全产品中,如金融IC卡、区块链、加密卡、路由器、电子钱包以及电子身份证等.其安全性一直受各业界所关注,随着攻击方法不断的革新,各类带有防护的SM4实现方案也被提出.基于2018年Christoph等人提出的统计无效错误分析(SIFA)的思想,首次针对带差分错误分析(DFA)防护的SM4算法,提出了一套统计无效错误分析攻击方案,该攻击方案能以234的计算复杂度破解出SM4的密钥.然后,在单片机STM32F103C8T6上利用电压毛刺故障注入成功还原密钥,最后在该攻击的基础上进一步改进,利用选择明文的策略能将计算复杂度降低至212.

关键词: SM4, 统计无效错误分析, 差分错误分析防护, 电压毛刺故障注入, 选择明文

CLC Number: