This paper studies the security of the block cipher SMS4 against differential fault analysis. It makes use of the byte- oriented fault model and the differential analysis. On the basis of the byte-oriented model, the 128-bit secret key for SMS4 can be recovered by 2 faulty ciphertexts in our method. Compared with all previous techniques, our work improves the efficiency of fault injection, and decreases the number of faulty ciphertexts. It provides a new approach for fault analysis on other block ciphers.
展开▼