Article

Linear fault analysis of block ciphers

Authors:

Wei LiAuthors Info & Claims

ACNS'12: Proceedings of the 10th international conference on Applied Cryptography and Network Security

Pages 241 - 256

https://doi.org/10.1007/978-3-642-31284-7_15

Published: 26 June 2012 Publication History

Abstract

Differential fault analysis (DFA) has already been applied to attack many block ciphers with the help of inducing some faults at the last few rounds of block ciphers. Currently, a general countermeasure against DFA is to protect the last few rounds of block ciphers by means of redundancy. In this paper, we present a new fault attack on block ciphers called linear fault analysis (LFA), in which linear characteristics for some consecutive rounds of a block cipher will be utilized instead of exploiting differential distributions of S-Boxes within the block cipher in DFA. Basically, the new approach can handle the case that faults are induced several rounds earlier compared to DFA, thus leading to a threat to the protected implementations (against DFA) of block ciphers. For the purpose of illustration, we mount an effective attack on SERPENT by adopting LFA and achieve a good cryptanalytic result on SERPENT. We hope that our work enriches the picture on the applicability of fault attacks to block ciphers and could be beneficial to the security evaluation of block ciphers.

References

[1]

Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side Channel Cryptanalysis of Product Ciphers. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 97-110. Springer, Heidelberg (1998).

Digital Library

[2]

Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2-21. Springer, Heidelberg (1991).

Digital Library

[3]

Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386-397. Springer, Heidelberg (1994).

Digital Library

[4]

Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398-409. Springer, Heidelberg (1994).

Digital Library

[5]

Knudsen, L., Wagner, D.: Integral Cryptanalysis (Extended Abstract). In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112-127. Springer, Heidelberg (2002).

Digital Library

[6]

Courtois, N.T., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267-287. Springer, Heidelberg (2002).

Digital Library

[7]

Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37-51. Springer, Heidelberg (1997).

Digital Library

[8]

Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513-525. Springer, Heidelberg (1997).

Digital Library

[9]

Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer's Apprentice Guide to Fault Attacks. In: FDTC 2004 in Association with DSN 2004, pp. 330-342 (2004).

[10]

Rivain, M.: Differential Fault Analysis on DES Middle Rounds. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 457-469. Springer, Heidelberg (2009).

Digital Library

[11]

Blömer, J., Seifert, J.-P.: Fault Based Cryptanalysis of the Advanced Encryption Standard (AES). In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 162-181. Springer, Heidelberg (2003).

[12]

Chen, C.-N., Yen, S.-M.: Differential Fault Analysis on AES Key Schedule and Some Countermeasures. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 118-129. Springer, Heidelberg (2003).

Digital Library

[13]

Dusart, P., Letourneux, G., Vivolo, O.: Differential Fault Analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293-306. Springer, Heidelberg (2003).

[14]

Giraud, C.: DFA on AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 27-41. Springer, Heidelberg (2005).

Digital Library

[15]

Kim, C.H., Quisquater, J.-J.: New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 48-60. Springer, Heidelberg (2008).

Digital Library

[16]

Piret, G., Quisquater, J.-J.: A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77-88. Springer, Heidelberg (2003).

[17]

Takahashi, J., Fukunaga, T., Yamakoshi, K.: DFA Mechanism on the AES Key Schedule. In: FDTC 2007, pp. 62-74 (2007).

Digital Library

[18]

Kim, C.H.: Improved Differential Fault Analysis on AES Key Schedule. IEEE Transactions on Information Forensics and Security 7(1), 41-50 (2012).

Digital Library

[19]

Clavier, C., Gierlichs, B., Verbauwhede, I.: Fault Analysis Study of IDEA. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 274-287. Springer, Heidelberg (2008).

Digital Library

[20]

Chen, H., Wu, W., Feng, D.: Differential Fault Analysis on CLEFIA. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 284-295. Springer, Heidelberg (2007).

Digital Library

[21]

Li, W., Gu, D., Wang, Y.: Differential Fault Analysis on the Contracting UFN Structure, with Application to SMS4 and MacGuffin. Journal of Systems and Software 82(2), 346-354 (2009).

Digital Library

[22]

Li, W., Gu, D., Li, J.: Differential Fault Analysis on the ARIA Algorithm. Information Sciences 10(178), 3727-3737 (2008).

Digital Library

[23]

Zhou, Y., Wu, W., Xu, N., Feng, D.: Differential Fault Attack on Camellia. Chinese Journal of Electronics 18(1), 13-19 (2009).

[24]

Phan, R.C.-W., Yen, S.-M.: Amplifying Side-Channel Attacks with Techniques from Block Cipher Cryptanalysis. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 135-150. Springer, Heidelberg (2006).

Digital Library

[25]

Kim, C.H.: Efficient Methods for Exploiting Faults Induced at AESMiddle Rounds, http://eprint.iacr.org/2011/349

[26]

Derbez, P., Fouque, P.-A., Leresteux, D.: Meet-in-the-Middle and Impossible Differential Fault Analysis on AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 274-291. Springer, Heidelberg (2011).

Digital Library

[27]

Dutertre, J.M., Mirbaha, A.P., Naccache, D., Ribotta, A.L., Tria, A.: Reproducible Single-Byte Laser Fault Injection. In: PASTIS 2010 (2010).

[28]

Harpes, C., Kramer, G.G., Massey, J.L.: A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 24-38. Springer, Heidelberg (1995).

Digital Library

[29]

Selçuk, A.A.: On Probability of Success in Linear and Differential Cryptanalysis. Journal of Cryptology 21(1), 131-147 (2008).

Digital Library

[30]

Anderson, R., Biham, E., Knudsen, L.R.: SERPENT: A Proposal for the Advanced Encryption Standard, NIST AES Proposal (1998).

Cited By

Toprakhisar DNikova SNikov V(2024)SoK: Parameterization of Fault Adversary Models Connecting Theory and PracticeTopics in Cryptology – CT-RSA 202410.1007/978-3-031-58868-6_17(433-459)Online publication date: 6-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58868-6_17
Baksi ABhasin SBreier JJap DSaha D(2022)A Survey on Fault Attacks on Symmetric Key CryptosystemsACM Computing Surveys10.1145/353005455:4(1-34)Online publication date: 12-Apr-2022
https://dl.acm.org/doi/10.1145/3530054
Liu ZLiu YWang QGu DLi W(2015)Meet-in-the-middle fault analysis on word-oriented substitution-permutation network block ciphersSecurity and Communication Networks10.1002/sec.10158:4(672-681)Online publication date: 10-Mar-2015
https://dl.acm.org/doi/10.1002/sec.1015
Show More Cited By

Recommendations

Fault analysis of the KATAN family of block ciphers
ISPEC'12: Proceedings of the 8th international conference on Information Security Practice and Experience

In this paper, we investigate the security of the KATAN family of block ciphers against differential fault attacks. KATAN consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64, respectively. All three ...
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02: Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology

Several recently proposed ciphers, for example Rijndael and Serpent, are built with layers of small S-boxes interconnected by linear key-dependent layers. Their security relies on the fact, that the classical methods of cryptanalysis (e.g. linear or ...
Differential fault analysis on Camellia

Camellia is a 128-bit block cipher published by NTT and Mitsubishi in 2000. On the basis of the byte-oriented model and the differential analysis principle, we propose a differential fault attack on the Camellia algorithm. Mathematical analysis and ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

ACNS'12: Proceedings of the 10th international conference on Applied Cryptography and Network Security

June 2012

579 pages

ISBN:9783642312830

Editors:
Feng Bao
Institute for Infocomm Research, Singapore, Singapore
,
Pierangela Samarati
Dipartimento di Tecnologie dell' Informazione, Università degli Studi di Milano, Crema, CR, Italy
,
Jianying Zhou
Institute for Infocomm Research, Singapore, Singapore

Sponsors

AdNovum: AdNovum

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 26 June 2012

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Toprakhisar DNikova SNikov V(2024)SoK: Parameterization of Fault Adversary Models Connecting Theory and PracticeTopics in Cryptology – CT-RSA 202410.1007/978-3-031-58868-6_17(433-459)Online publication date: 6-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58868-6_17
Baksi ABhasin SBreier JJap DSaha D(2022)A Survey on Fault Attacks on Symmetric Key CryptosystemsACM Computing Surveys10.1145/353005455:4(1-34)Online publication date: 12-Apr-2022
https://dl.acm.org/doi/10.1145/3530054
Liu ZLiu YWang QGu DLi W(2015)Meet-in-the-middle fault analysis on word-oriented substitution-permutation network block ciphersSecurity and Communication Networks10.1002/sec.10158:4(672-681)Online publication date: 10-Mar-2015
https://dl.acm.org/doi/10.1002/sec.1015
Agosta GBarenghi APelosi GScandale MPoet RMuttukrishnan R(2014)Differential Fault Analysis for Block CiphersProceedings of the 7th International Conference on Security of Information and Networks10.1145/2659651.2659709(137-144)Online publication date: 9-Sep-2014
https://dl.acm.org/doi/10.1145/2659651.2659709

View Options

View options

Media

Figures

Other

Tables

View Table of Contents