Impossible Differential Cryptanalysis of Reduced-Round Midori64 Block Cipher

Shahmirzadi, Aein Rezaei; Azimi, Seyyed Arash; Salmasizadeh, Mahmoud; Mohajeri, Javad; Aref, Mohammad Reza

doi:10.1109/iscisc.2017.8488362

Cited by 3 publications

(5 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Todo et al (2019) [23] introduced a new type of attack, called nonlinear invariant attack, and tested it on block ciphers Scream, iScream, and Midori-64 in a weak-key setting to confirm its accuracy. They reported that if the Midori-64 master key is set weakly, the master key is reached by holding a large number of pairs of the original plaintext and cipher text.…”

Section: Literature Reviewmentioning

confidence: 99%

Correlation Power Analysis Attack to Midori-64

Khadem¹,

Ghanbari²,

Moradnia³

2022

Preprint

View full text Add to dashboard Cite

Recently, with the rapid advancement of technology, Internet of Things (IoT&rlm;&rlm;&rlm;&rlm;) security has become more efficient and more complex, especially for resource-limited devices such as embedded devices, wireless sensors and radio frequency identification tags (RFID). Lightweight block ciphers (LBCs) provide security for these technologies to protect them against adversaries, but the need for low power consumption in LBCs is one of the most important challenges for IoT&rlm; technologies. Furthermore, these LBCs are subject to multiple attacks and side channel attacks (SCAs) are among the mentioned threats to these cryptosystems. A type of SCA is correlation power analysis (CPA) in which the attacker tries to reach the key using the relationship between the power consumption of the chip during the algorithm running, data processing, and operations. In this article, a CPA attack is designed to discover master key of the Midori-64 block cipher. According to the proposed method, an attack is done to the first round S-boxes to get half of the key bits. Then, the second round S-boxes were attacked to other half of key bits just use 300 plain text samples. Finally, the most important physical attacks performed on the Midori, are compared to our proposed CPA attack.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Correlation Power Analysis Attack to Midori-64

Khadem¹,

Ghanbari²,

Moradnia³

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…According to the explanations of Problems 1 and 2 above, when the adversary injects faults two or three times, the fault-free difference must exist in some columns of ∆Z 15 . After a fault attack, each column of candidate Y 16 can be expressed by the Equations (10)- (12). According to Problems 1 and 2 discussed above, the attackers independently induce faults two or three times at the 14th round and take the union of ∅, as shown in Equation 10.…”

Section: Analysis Of Fault Difference Equationsmentioning

confidence: 99%

“…where 3m − 2, 3m − 1 and 3m represent the number of fault attacks and m represents the number of ∅ unions. The attacker can obtain the set of estimated Y 16 , as shown in Equations (11) and (12).…”

Section: Analysis Of Fault Difference Equationsmentioning

confidence: 99%

“…Since Boneh et al [9] used fault attacks to break RSA, effective fault analysis methods have become research hotspot. In lightweight block encryption analysis, fault attacks have been extended to impossible differential fault attack (IDFA) [10], impossible differential attack (IDA) [11,12], algebraic fault attack (AFA) [13], impossible meet-in-the-middle attack (IMMA) [14], differential fault attack (DFA) [15] and blind fault attack [16]. These methods mainly analyze the characteristic relationship between the data of the cryptosystem after the injection fault and obtain the secret key by means of solver and mathematical analysis.…”

Section: Introductionmentioning

confidence: 99%

“…Chen et al [11] designed 10 rounds of impossible differential paths to attack Midori-128. Shahmirzdi et al [12] conducted three impossible differential attacks on Midori-64 with 10, 11 and 12 rounds. Nozaki et al [26] distinguished the correct key from the error key by Hamming distance.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Effective Simulation Analysis of Transient Electromagnetic Multiple Faults

Liang

Sun

Zhu

et al. 2020

Sensors

View full text Add to dashboard Cite

Embedded encryption devices and smart sensors are vulnerable to physical attacks. Due to the continuous shrinking of chip size, laser injection, particle radiation and electromagnetic transient injection are possible methods that introduce transient multiple faults. In the fault analysis stage, the adversary is unclear about the actual number of faults injected. Typically, the single-nibble fault analysis encounters difficulties. Therefore, in this paper, we propose novel ciphertext-only impossible differentials that can analyze the number of random faults to six nibbles. We use the impossible differentials to exclude the secret key that definitely does not exist, and then gradually obtain the unique secret key through inverse difference equations. Using software simulation, we conducted 32,000 random multiple fault attacks on Midori. The experiments were carried out to verify the theoretical model of multiple fault attacks. We obtain the relationship between fault injection and information content. To reduce the number of fault attacks, we further optimized the fault attack method. The secret key can be obtained at least 11 times. The proposed ciphertext-only impossible differential analysis provides an effective method for random multiple faults analysis, which would be helpful for improving the security of block ciphers.

show abstract