针对aes执行差分故障分析攻击(dfa)的工具
phoenixAES的Python项目详细描述
phoenixaes:对aes执行差分故障分析攻击(dfa)的工具
目前Phoenixaes包含以下密码和故障模型:
- 简单的DFA R9:
AES 128加密或解密
第9轮中至少有4*2次故障(在最后两次混音之间)
参考号:https://eprint.iacr.org/2003/010
当前实现将自动丢弃无法使用的输出,但如果同一列上发生多个错误,则可能会失败,因此请小心仅记录单个错误实现的输出。 - 简单的DFA R8:
AES 128加密或解密
第8轮中的2个单一故障 它只是简单地转换密文,就好像密文在第9轮中出错一样,这样就可以应用先前的攻击
有关更多背景信息,请参见https://blog.quarkslab.com/differential-fault-analysis-on-white-box-aes-implementations.html。
安装
没有依赖项,它只需要python 3。
python3 -m pip install phoenixAES
用法
它接受一个记录输出的文件,可以选择前面加上输入(这将被忽略)。
第一条记录必须具有正确的输出,才能用作参考。
例如,对于AES:
#!/usr/bin/env python3importphoenixAESwithopen('tracefile','wb')ast:t.write("""74657374746573747465737474657374 BF9B06F11DF478145B8300FE440B0D0674657374746573747465737474657374 BF9BDDF11D527814568300FE440B0DFA74657374746573747465737474657374 BF9BF9F11DAC78145F8300FE440B0D6774657374746573747465737474657374 BF9BF0F11DBB78140C8300FE440B0DEE74657374746573747465737474657374 BF9BF9F11DAC78145F8300FE440B0D6774657374746573747465737474657374 BF9B69F11DBD7814E68300FE440B0DAE74657374746573747465737474657374 BF9BF0F11DBB78140C8300FE440B0DEE74657374746573747465737474657374 BF9B90F11D4178149D8300FE440B0DE274657374746573747465737474657374 BF9BCFF11D0478140E8300FE440B0D2874657374746573747465737474657374 FD9B06F11DF478E15B831AFE44C40D0674657374746573747465737474657374 BA9B06F11DF4787B5B83E8FE44020D0674657374746573747465737474657374 579B06F11DF478565B8364FE446F0D0674657374746573747465737474657374 579B06F11DF478565B8364FE446F0D0674657374746573747465737474657374 BF9B065C1DF4B6145B1800FE9E0B0D0674657374746573747465737474657374 BF9B065C1DF4B6145B1800FE9E0B0D0674657374746573747465737474657374 BF9B06251DF454145BC200FE060B0D0674657374746573747465737474657374 BF9B06941DF4C3145BFB00FED20B0D0674657374746573747465737474657374 BF9B12F11D977814DD8300FE440B0D2174657374746573747465737474657374 BF9B90F11D4178149D8300FE440B0DE274657374746573747465737474657374 BF9BCFF11D0478140E8300FE440B0D2874657374746573747465737474657374 BF9BDDF11D527814568300FE440B0DFA74657374746573747465737474657374 BFFB06F1E2F478145B8300AB440B790674657374746573747465737474657374 BF5D06F142F478145B830049440B7306""".encode('utf8'))phoenixAES.crack_file('tracefile')
约50毫秒后:
Last round key #N found:
D014F9A8C9EE2589E13F0CC8B6630CA6
对于第8轮中的两个单一故障:
#!/usr/bin/env python3importphoenixAESwithopen("r8faults","w")asf:f.write("bf9b06f11df478145b8300fe440b0d06\n")f.write("fdfbf95ce2acb6e15f181aab9ec47967\n")f.write("ba5df02542bb547b0cc2e849060273ee\n")phoenixAES.convert_r8faults_file("r8faults","r9faults")phoenixAES.crack_file("r9faults")
约50毫秒后:
Last round key #N found:
D014F9A8C9EE2589E13F0CC8B6630CA6