“…Then Biham and Shamir proposed the DFA attack in 1997, which processes the right and faulty outputs with differential cryptanalysis [8]. After that, DFA has been successfully applied to many block ciphers and stream ciphers, such as AES [12,33,34], SHACAL1 [11], LED [35,36], Piccolo [37], PRINCE [24], Trivium [9,23], RC4 [13,14]. Besides attacks against block and stream ciphers, the DFA attack on the compression function of a hash function has also been studied.…”