Differential Fault Attack against Grain Family with Very Few Faults and Minimal Assumptions

Sarkar, Santanu; Banik, Subhadeep; Maitra, Subhamoy

doi:10.1109/tc.2014.2339854

Cited by 42 publications

(49 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The basic idea of AFA is to convert both the cipher and the injected faults into algebraic equations and recover the secret key with automated solvers such as SAT instead of the manual analysis on fault propagations in DFA, hence making it easier to extend AFA to deep rounds and different ciphers and fault models. AFA has been successfully used to improve DFA on the stream ciphers such as Trivium [19] and Grain [20] and block ciphers such as AES [21], LED [22,23], KASUMI [24], and Piccolo [25].…”

Section: Security and Communication Networkmentioning

confidence: 99%

“…We notice that this issue was already explored from a theoretical point of view in [41]. And a worst case lower bound on the number of queries ( , ) to solve (16) is a constant 3, and the corresponding number of queries (0, ) to solve (20) in the worst case is (8 − ), where t is the position of the least significant "1" of and 0 ≤ ≤ 7.…”

Section: Data Complexity Analysismentioning

confidence: 99%

“…And there are 5 candidate locations ( , ) = {(25, 0), (25,1), (25,2), (25,3), (25,4)} and each of them is tested by AFA to get the optimal location for the HT. According to the equations for addition mod2 in Section 6.2.1, the most significant bit of and for (19) and (20) can be never recovered for no observation which can be made about the most significant bit of . Thus, there are multiple solutions for (19) and (20); that is, multiple candidates for MK will be collected by solving the merged equation system with an SAT solver.…”

Section: The Optimal Location Selection For Inserting the Htmentioning

confidence: 99%

“…According to the equations for addition mod2 in Section 6.2.1, the most significant bit of and for (19) and (20) can be never recovered for no observation which can be made about the most significant bit of . Thus, there are multiple solutions for (19) and (20); that is, multiple candidates for MK will be collected by solving the merged equation system with an SAT solver. To determine MK uniquely, a distinguisher is required to further filter the MK candidates.…”

Section: The Optimal Location Selection For Inserting the Htmentioning

confidence: 99%

See 3 more Smart Citations

Stealthy Hardware Trojan Based Algebraic Fault Analysis of HIGHT Block Cipher

Chen

Wang

Zhang

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

HIGHT is a lightweight block cipher which has been adopted as a standard block cipher. In this paper, we present a bit-level algebraic fault analysis (AFA) of HIGHT, where the faults are perturbed by a stealthy HT. The fault model in our attack assumes that the adversary is able to insert a HT that flips a specific bit of a certain intermediate word of the cipher once the HT is activated. The HT is realized by merely 4 registers and with an extremely low activation rate of about 0.000025. We show that the optimal location for inserting the designed HT can be efficiently determined by AFA in advance. Finally, a method is proposed to represent the cipher and the injected faults with a merged set of algebraic equations and the master key can be recovered by solving the merged equation system with an SAT solver. Our attack, which fully recovers the secret master key of the cipher in 12572.26 seconds, requires three times of activation on the designed HT. To the best of our knowledge, this is the first Trojan attack on HIGHT.

show abstract

Section: Security and Communication Networkmentioning

confidence: 99%

Section: Data Complexity Analysismentioning

confidence: 99%

Section: The Optimal Location Selection For Inserting the Htmentioning

confidence: 99%

Section: The Optimal Location Selection For Inserting the Htmentioning

confidence: 99%

See 2 more Smart Citations

Stealthy Hardware Trojan Based Algebraic Fault Analysis of HIGHT Block Cipher

Chen

Wang

Zhang

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In (Banik et al, 2013) the authors present a related-key key attack requiring > 2 32 related keys, and > 2 64 chosen IVs, while in (Sarkar et al, 2015) the authors present a differential fault attack against all the three ciphers in the Grain-family.…”

Section: Related Workmentioning

confidence: 99%

Improved Greedy Nonrandomness Detectors for Stream Ciphers

Karlsson

Hell

Stankovski

2017

Proceedings of the 3rd International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

Abstract:We consider the problem of designing distinguishers and nonrandomness detectors for stream ciphers using the maximum degree monomial test. We construct an improved algorithm to determine the subset of key and IV-bits used in the test. The algorithm is generic, and can be applied to any stream cipher. In addition to this, the algorithm is highly tweakable, and can be adapted depending on the desired computational complexity. We test the algorithm on the stream ciphers Grain-128a and Grain-128, and achieve significantly better results compared to an earlier greedy approach.

show abstract

Lightweight cryptographic algorithms based on different model architectures: A systematic review and futuristic applications

Bhagat¹,

Kumar²,

Gupta

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

Summary Lightweight cryptography is a rapidly developing research field. Its main goal is to provide security for devices with fewer resources. These limited‐resource devices implement reliable ciphers that use very little power and computation. The lightweight cipher should be built for high performance while using the fewest resources possible, such as memory and power. In this article, we compare block ciphers and several other stream ciphers based on criteria such as input size, output size, structure employed, key size, number of rounds, vulnerable attacks, chip area, gate equivalent, memory use, throughput, and security features. Moreover, this article provides a detailed analysis comparing all cryptographic algorithms and their use in day‐to‐day life activities. This paper also discusses some lightweight ciphers, stream ciphers, and hybrid ciphers. Moreover, it shows the cryptanalysis of some block ciphers like DES.

show abstract

Differential Fault Attack against Grain Family with Very Few Faults and Minimal Assumptions

Cited by 42 publications

References 29 publications

Stealthy Hardware Trojan Based Algebraic Fault Analysis of HIGHT Block Cipher

Stealthy Hardware Trojan Based Algebraic Fault Analysis of HIGHT Block Cipher

Improved Greedy Nonrandomness Detectors for Stream Ciphers

Lightweight cryptographic algorithms based on different model architectures: A systematic review and futuristic applications

Contact Info

Product

Resources

About