A Differential Fault Attack on Grain-128a Using MACs

Banik, Subhadeep; Maitra, Subhamoy; Sarkar, Santanu

doi:10.1007/978-3-642-34416-9_8

Cited by 18 publications

(8 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All members of the Grain family have been broken using this type of attack [11,8,9]. However, all these attacks aim to recover the internal state.…”

Section: Security Discussionmentioning

confidence: 99%

On Lightweight Stream Ciphers with Shorter Internal States

Armknecht

Mikhalev

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. To be resistant against certain time-memory-data-tradeoff (TMDTO) attacks, a common rule of thumb says that the internal state size of a stream cipher should be at least twice the security parameter. As memory gates are usually the most area and power consuming components, this implies a sever limitation with respect to possible lightweight implementations. In this work, we revisit this rule. We argue that a simple shift in the established design paradigm, namely to involve the fixed secret key not only in the initialization process but in the keystream generation phase as well, enables stream ciphers with smaller area size for two reasons. First, it improves the resistance against the mentioned TMDTO attacks which allows to choose smaller state sizes. Second, one can make use of the fact that storing a fixed value (here: the key) requires less area size than realizing a register of the same length. We demonstrate the feasibility of this approach by describing and implementing a concrete stream cipher Sprout which uses significantly less area than comparable existing lightweight stream ciphers.

show abstract

“…All members of the Grain family have been broken using this type of attack [11,8,9]. However, all these attacks aim to recover the internal state.…”

Section: Security Discussionmentioning

confidence: 99%

On Lightweight Stream Ciphers with Shorter Internal States

Armknecht

Mikhalev

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In authenticated encryption schemes the production of a robust authentication tag is also a core target. Other than the discrete attacks on the cipher or the tag themselves, attention must also be paid in types of attacks that exploit vulnerabilities in both primitives to disclose data (e.g., ). Several schemes that encrypt the message and produce the MAC simultaneously are vulnerable to attacks (e.g., ).…”

Section: Discussionmentioning

confidence: 99%

“…Other than the aforementioned attack to the Grain family ciphers , a differential fault attack is also feasible, as presented in . Said attack recovers the key of Grain‐128a by observing the correct and faulty MACs of specific chosen messages.…”

Section: Stream Cipher In Lwcmentioning

confidence: 99%

A survey of lightweight stream ciphers for embedded systems

Manifavas

Hatzivasilis

Fysarakis

et al. 2015

Security Comm. Networks

View full text Add to dashboard Cite

Pervasive computing constitutes a growing trend, aiming to embed smart devices into everyday objects. The limited resources of these devices and the ever‐present need for lower production costs, lead to the research and development of lightweight cryptographic mechanisms. Block ciphers, the main symmetric key cryptosystems, perform well in this field. Nevertheless, stream ciphers are also relevant in ubiquitous computing applications, as they can be used to secure the communication in applications where the plaintext length is either unknown or continuous, like network streams. This paper provides the latest survey of stream ciphers for embedded systems. Lightweight implementations of stream ciphers in embedded hardware and software are examined as well as relevant authenticated encryption schemes. Their speed and simplicity enable compact and low‐power implementations, allow them to excel in applications pertaining to resource‐constrained devices. The outcomes of the International Organization for Standardization/International Electrotechnical Commission 29192‐3 standard and the cryptographic competitions eSTREAM and Competition for Authenticated Encryption: Security, Applicability, and Robustness are summarized along with the latest results in the field. However, cryptanalysis has proven many of these schemes are actually insecure. From the 31 designs that are examined, only six of them have been found to be secure by independent cryptanalysis. A constrained benchmark analysis is performed on low‐cost embedded hardware and software platforms. The most appropriate and secure solutions are then mapped in different types of applications. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

“…To be more precise, our generator gets the set of equations T that establishes relations of the inner state and key-stream bits as depicted in (1.1)-(1.3) and (2). Furthermore, the generator is fed with a set of n key-stream bit differences {∆o j } n j=1 , which we use to build additional relations.…”

Section: Generating Mutantsmentioning

confidence: 99%

Mutant Differential Fault Analysis of Trivium MDFA

Mohamed

Buchmann

2015

Information Security and Cryptology - ICISC 2014

View full text Add to dashboard Cite

Abstract. In this paper we present improvements to the differential fault analysis (DFA) of the stream cipher Trivium proposed in the work of M. Hojsík and B. Rudolf. In particular, we optimize the algebraic representation of obtained DFA information applying the concept of Mutants, which represent low degree equations derived after processing of DFA information. As a result, we are able to minimize the number of fault injections necessary for retrieving the secret key. Therefore, we introduce a new algebraic framework that combines the power of different algebraic techniques for handling additional information received from a physical attack. Using this framework, we are able to recover the secret key by only an one-bit fault injection. In fact, this is the first attack on stream ciphers utilizing minimal amount of DFA information. We study the efficiency of our improved attack by comparing the size of gathered DFA information with previous attacks.

show abstract

A Differential Fault Attack on Grain-128a Using MACs

Cited by 18 publications

References 18 publications

On Lightweight Stream Ciphers with Shorter Internal States

On Lightweight Stream Ciphers with Shorter Internal States

A survey of lightweight stream ciphers for embedded systems

Mutant Differential Fault Analysis of Trivium MDFA

Contact Info

Product

Resources

About