Algebraic Cryptanalysis of Variants of Frit

Dobraunig, Christoph; Eichlseder, Maria; Mendel, Florian; Schofnegger, Markus

doi:10.1007/978-3-030-38471-5_7

Cited by 4 publications

(6 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…An earlier version of the Friet-PC permutation, called Frit appeared on eprint in a paper by the same authors as this one [30]. This was soon followed by attacks exploiting weaknesses of Frit in the form of slow increase of algebraic degree through the rounds, by Dobraunig et al [19]. While these attacks did not assume the target use case of authenticated encryption in a duplex-based mode, an attack that was published somewhat later by Qin et al did [25].…”

Section: Design Rationale Of Friet-pcmentioning

confidence: 99%

See 1 more Smart Citation

Friet: An Authenticated Encryption Scheme with Built-in Fault Detection

Simon

Batina

Daemen

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this work we present a duplex-based authenticated encryption scheme Friet based on a new permutation called Friet-P. We designed Friet-P with a novel approach for cryptographic permutations and block ciphers that takes fault-attack resistance into account and that we introduce in this paper. In this method, we build a permutation fC to be embedded in a larger one, f. First, we define f as a sequence of steps that all abide a chosen error-correcting code C, i.e., that map C-codewords to C-codewords. Then, we embed fC in f by first encoding its input to an element of C, applying f and then decoding back from C. This last step detects a fault when the output of f is not in C. We motivate the design of the permutation we use in Friet and report on performance in soft-and hardware. We evaluate the fault-detection capabilities of the software and simulated hardware implementations with attacks. Finally, we perform a leakage evaluation.

show abstract

Section: Design Rationale Of Friet-pcmentioning

confidence: 99%

“…Here accounts for the 1 or possibly 2 rounds that may be skipped by carefully choosing the cube variables as in [31]. This is what happened in our previous design and was exploited in [19] and [25].…”

Section: Algebraic Degreementioning

confidence: 99%

Friet: An Authenticated Encryption Scheme with Built-in Fault Detection

Simon

Batina

Daemen

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Recently, the permutation FRIT [81] was introduced in which efficient implementation of a faultdetection technique has been considered as a design criteria. Although broken [35], FRIT uses interleaved parity for fault detection which -based on the definition of the underlying code -can guarantee the detection of only single-bit faults.…”

Section: Our Contributionmentioning

confidence: 99%

CRAFT: Lightweight Tweakable Block Cipher with Efficient Protection Against DFA Attacks

Beierle

Leander

Moradi

et al. 2019

ToSC

101

View full text Add to dashboard Cite

Traditionally, countermeasures against physical attacks are integrated into the implementation of cryptographic primitives after the algorithms have been designed for achieving a certain level of cryptanalytic security. This picture has been changed by the introduction of PICARO, ZORRO, and FIDES, where efficient protection against Side-Channel Analysis (SCA) attacks has been considered in their design. In this work we present the tweakable block cipher CRAFT: the efficient protection of its implementations against Differential Fault Analysis (DFA) attacks has been one of the main design criteria, while we provide strong bounds for its security in the related-tweak model. Considering the area footprint of round-based hardware implementations, CRAFT outperforms the other lightweight ciphers with the same state and key size. This holds not only for unprotected implementations but also when fault-detection facilities, side-channel protection, and their combination are integrated into the implementation. In addition to supporting a 64-bit tweak, CRAFT has the additional property that the circuit realizing the encryption can support the decryption functionality as well with very little area overhead.

show abstract

“…Several analyses made in the literature [22,20,19] confirm this growth for most ciphers, except when the algebraic degree of the function is close to its maximum. As a result, the number of rounds necessary for security against higher-order differential attacks generally grows logarithmically in the size of F. Different behaviour has been observed for certain non-SPN designs, such as some designs with partial nonlinear layers where the algebraic degree grows exponentially in some (not necessarily integer) value smaller than δ [29].…”

Section: Our Contributionmentioning

confidence: 99%

“…One type of optimized interpolation attacks was described in [26], where the authors find attacks on reduced-round versions of LowMC which are more efficient than previous attacks based on key guessing [28]. A similar attack was also used to break the full-round version of the Frit permutation in an Even-Mansour setting [29]. The overall strategy of this interpolation attack is to find a distinguisher (for example a constant sum in the encryption direction in the case of LowMC) with which one attacks the construction by finding the unknown monomials of the sums of the symbolic representations in the inverse direction.…”

Section: Attack On Castmentioning

confidence: 99%