Fault Analysis on a New Block Cipher DBlock with at Most Two Fault Injections

“…The statistical results of attack process show that a certain number of fault injections recover most key bits. Combined with exhaustive search, we note that about 31 random nibble faults can recover the master key for GIFT-64 with a computational complexity of 2 16 and about 32 random nibble faults can recover the master key for GIFT-128 with a computational complexity of 2 17 . According to the analysis and experiments in this paper, GIFT is vulnerable to differential fault attack and the encryption device should be protected in actual use.…”

“…For RK 26 and RK 25 , there are similar experimental results. Combining with the method of exhaust search, we conclude that only 31 fault injections can recover K of GIFT-64 with a computational complexity of (2 4 × 30.6 + 2 8 × 20.6 + 2 12 × 14.6) × 4/16 × 1/28 + 2 16 ≈ 2 16 . The improved attack greatly reduces the number of fault injections and the difficulty of fault attacks at the level of implementation.…”

“…Thereafter, Biham and Shamir combined this method with differential analysis and achieved good results in the security analysis of the classic block cipher DES [ 11 ] . This analysis method also called Differential fault analysis (DFA), which is one of the side channel attacks, has good analysis results for many block cipher algorithms [ 12–16 ] .…”

Differential Fault Attack on GIFT

“…The statistical results of attack process show that a certain number of fault injections recover most key bits. Combined with exhaustive search, we note that about 31 random nibble faults can recover the master key for GIFT-64 with a computational complexity of 2 16 and about 32 random nibble faults can recover the master key for GIFT-128 with a computational complexity of 2 17 . According to the analysis and experiments in this paper, GIFT is vulnerable to differential fault attack and the encryption device should be protected in actual use.…”

“…For RK 26 and RK 25 , there are similar experimental results. Combining with the method of exhaust search, we conclude that only 31 fault injections can recover K of GIFT-64 with a computational complexity of (2 4 × 30.6 + 2 8 × 20.6 + 2 12 × 14.6) × 4/16 × 1/28 + 2 16 ≈ 2 16 . The improved attack greatly reduces the number of fault injections and the difficulty of fault attacks at the level of implementation.…”

“…Thereafter, Biham and Shamir combined this method with differential analysis and achieved good results in the security analysis of the classic block cipher DES [ 11 ] . This analysis method also called Differential fault analysis (DFA), which is one of the side channel attacks, has good analysis results for many block cipher algorithms [ 12–16 ] .…”

Differential Fault Attack on GIFT

“…Besides the SCA, the first FA against cryptographic implementation was given by Boneh et al in EUROCRYPT'97 [6]. After that, FAs against various kinds of cipher schemes were proposed including DES [7], AES [8], DBlock [9], and so on. Infection [10] is one of the most popular countermeasures to resist FA.…”

“…FA model In this paper, we mainly consider the most popular fault attack, i.e., Differential fault attack (DFA) [7], [8]. It is based on the concrete faulty output value.…”

A Combined Countermeasure Against Side-Channel and Fault Attack with Threshold Implementation Technique