Sudong Ma scite author profile

The K2 stream cipher, designed for 32-bit words, is an ISO/IEC 18033 standard and is listed as a recommended algorithm used by the Japanese government in the CRYPTREC project. The main feature of the K2 algorithm is the use of a dynamic feedback control mechanism between the two linear feedback shift registers, which makes the analysis of the K2 algorithm more difficult. In this paper, for its simplified version algorithm, a key recovery attack is performed by using differential attacks. Firstly, for the unknown key, the same IV is fixed in two chosen IV differential attacks, and we use the input differences and the output differences of the S-box to recover the input of S-box; the internal state values can be uniquely determined by taking intersection of the input of S-box. This technology is used to improve the key recovery attack of seven-round algorithm proposed by Deike Priemuth-Schmid. Secondly, we find the constraint relationship between the keystream equations and the unknown differences by introducing the guess difference bit and eliminate the impossible differences by the constraint relationship. Thus, we expand the key recovery attack from seven to nine rounds. The time complexity of the attack is $\boldsymbol{O} \boldsymbol{(2^{113.93})}$, the data complexity is $\boldsymbol{O}\boldsymbol{(2^{8.71})}$ and the success rate is $\textbf{99.07\%}$.

show abstract

Differential attacks on reduced‐round SNOW 3G and SNOW 3G ^⊕

Guan

2020

IET Information Security

View full text Add to dashboard Cite

Fast Correlation Attacks on K2 Stream Cipher

Jin

Guan

2023

IEEE Trans. Inform. Theory

View full text Add to dashboard Cite

A Break Of Barrier To Classical Differential Fault Attack On The Nonce-Based Authenticated Encryption Algorithm

Liu

Ren

Guan

et al. 2023

View full text Add to dashboard Cite

It had always been believed that there was an inherent barrier to Differential Fault Attack (DFA) on the nonce-based authenticated encryption algorithm. At CHES 2016, Saha et al. proposed an Internal Differential Fault Attack on a parallelizable counter-mode algorithm. They induce the attack to classical DFA at the expense of one more fault injection in every encryption process. In this paper, we propose the DFA on HYENA, which is a nonce-based authenticated encryption mode for GIFT-128. Our work is the first pure classical DFA on a nonce-based authenticated encryption algorithm with only one fault injected in every decryption process. Firstly, we give the DFA on GIFT-128 with a fault injected into the 39th-round input. Based on this work, we inject a fault in the underlying GIFT-128 of a HYENA decryption process and make this decryption process still generate the correct tag and output plaintext. This makes the necessary conditions of DFA satisfied. Experiments show that at most 56 key bits of HYENA can be recovered with only a few faulty ciphertexts. In addition, our fault injection is easier to achieve than most other work about fault attack, because the injection location is relatively random and the fault type can be arbitrary. It should be noted that the left 72 key bits cannot be recovered in this way.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Sudong Ma

Improved differential attacks on the reduced-round SNOW-V and SNOW-Vi stream cipher

Improved Key Recovery Attacks on Simplified Version of K2 Stream Cipher

Differential attacks on reduced‐round SNOW 3G and SNOW 3G ^⊕

Fast Correlation Attacks on K2 Stream Cipher

A Break Of Barrier To Classical Differential Fault Attack On The Nonce-Based Authenticated Encryption Algorithm

Contact Info

Product

Resources

About

Sudong Ma

Improved differential attacks on the reduced-round SNOW-V and SNOW-Vi stream cipher

Improved Key Recovery Attacks on Simplified Version of K2 Stream Cipher

Differential attacks on reduced‐round SNOW 3G and SNOW 3G ⊕

Fast Correlation Attacks on K2 Stream Cipher

A Break Of Barrier To Classical Differential Fault Attack On The Nonce-Based Authenticated Encryption Algorithm

Contact Info

Product

Resources

About

Differential attacks on reduced‐round SNOW 3G and SNOW 3G ^⊕