分野別セミナー

In this presentation, I will introduce some cryptanalysis methods on the block cipher. Specially, two kinds of main cryptanalysis methods are introduced in details, namely, differential fault analysis (DFA) and meet-in-the-middle attack (MITMA).
For the DFA, I will introduce a cryptanalysis of the recently proposed lightweight block cipher, LBlock, presented by Wu et al. at ACNS 2011. The proposed DFA attack adopts the random bit fault model. When the fault is injected at the end of the round from the 25th round to the 31th round, the DFA attack is used to reveal the last three round subkeys by analyzing the active S-box of which the input and output differences can be obtained from correct and faulty ciphertexts. Then, the master key can be recovered based on the analysis of the key scheduling. Specifically, for the condition that the fault is injected at the end of the 25th round and 26th round, we show that the active S-box can be distinguished from the false active S-box by analyzing the nonzero differences of the pair of ciphertexts. The false active S-box which we define implies that the nonzero input difference does not correspond to the right output difference.
For the MITMA, I will introduce the cryptanalysis of the Russian encryption standard, GOST, which is proposed by Takanori Isobe from Sony Corporation - a Reflection-Meet-in-the-Middle attack for analyzing the full GOST, presented at FSE 2011. Our proposed attack combines the reflection attack and MITMA. The important point is to make advantage of the fixed points of the reflection attack to enhance the
MITMA. The proposed attack can be applicable to more rounds compared with the original MITMA, if fixed points can be constructed with high probability. Moreover, to construct the full-round attack, additional techniques, such as the effective MITMA using equivalent keys on a small number of rounds, are used. This implies a key recovery attack on the full GOST block cipher in the single-key setting.