An efficient differential fault attack against SIMON key schedule

Zhang, Jinbao; Wang, Jiehua; Ge, Bin; Li, Jianhua

doi:10.1016/j.jisa.2022.103155

Cited by 5 publications

(5 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the infection countermeasure unit, a randomized diffusion function is designed to close the loopholes in the infection mechanism mentioned in Section 2.2 (that is, it cannot be resistant to fault attacks which are based on the byte fault model). The specific expression of the designed diffusion function F is shown in (2).…”

Section: Randomized Design Of the Diffusion Functionmentioning

confidence: 99%

“…As an international common encryption algorithm, block cipher has been widely used in security systems such as IoT, aerospace, medical, transportation, finance, and identity verification [1][2][3][4][5]. Since the proposal of the advanced encryption standard (AES), as an important part of block cipher, many attack methods have emerged against its hardware and software [1,[5][6][7][8][9][10][11][12][13], and, among these attack methods, fault attacks have the advantages of high attack capability and low time complexity, which pose a great threat to the security of the AES [5,[11][12][13].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Research on a Random Mask Infection Countermeasure against Double Fault Attacks

Wu,

Wan,

Zhang

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

The infection countermeasure, in which the main idea is to prevent adversaries from exploiting faulty ciphertexts to break the key by spreading the induced fault, is a very effective countermeasure against fault attacks. However, most existing infection countermeasures struggle to defend against double-fault attacks effectively due to the single-fault assumption. By analyzing the principle of infection mechanism and adding different random Boolean masks in the two encryption paths, this paper proposes a measure called a random mask infection countermeasure to defend against double-fault attacks. In addition, the multiplication mask is used to randomize the fault diffusion to further resist single-byte fault attacks. The experimental results indicate that the random mask infection countermeasure proposed can perform fault diffusion effectively when the cryptographic circuit suffers double-fault attacks, and the fault diffusion shows randomness, and can effectively defend against these fault attacks.

show abstract

Section: Randomized Design Of the Diffusion Functionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Research on a Random Mask Infection Countermeasure against Double Fault Attacks

Wu,

Wan,

Zhang

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…Therefore, based on those DFA on PIPO cipher, we recommend applying some countermeasures against DFA when using PIPO as well as other bit-sliced block ciphers on IoT devices. 25 Compared with previously DFAs on SIMON, their attack only required the fewest fault injections. In the reverse direction, BAKSI tried to seek the answer: how exactly DFA works and how can one construct a block cipher to protect against it.…”

Section: Introductionmentioning

confidence: 99%

“…They gave two ways of error propagation methods and an intermediate error propagation state table. Recently, Zhang et al presented how to launch DFA on SIMON's key schedule in the random bit fault model 25 . Compared with previously DFAs on SIMON, their attack only required the fewest fault injections.…”

Section: Introductionmentioning

confidence: 99%

Differential fault analysis on the lightweight block cipher plug‐in plug‐out

Xiao

Wang

2022

Security and Privacy

View full text Add to dashboard Cite

In recent years, many lightweight block ciphers were proposed to provide security for resource-constrained environments such as Internet of Things (IoT). PIPO, which stands for "plug-in plug-out", is just a lightweight bit-sliced block cipher offering excellent performance in 8-bit AVR software implementations.In fact, PIPO owns 64-bit input and output, 128-bit secret key. In this article, we consider the differential fault analysis (DFA), a typical side-channel attack, on the PIPO cipher. More concretely, for the first time, we apply the mixed attack model, which considers the DFA on the encryption state and key schedule simultaneously, to recover PIPO's 128-bit master key. The theoretical analysis shows that, in average, after injecting 4-byte faults, the complexity of obtaining the master key reduces from 2 128 reduces to 2 14 . In fact, this attack model alleviates the assumption on attacker than the bit-injection case. It should be noted that our analysis also holds for other bit-sliced block ciphers. Finally, the simulations show that our proposed DFA on PIPO cipher is rather practical.

show abstract

“…One FA technique proposed to crack block ciphers like AES [9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27], KLEIN [28,29], SIMON [30,31], and SIMECK [32,33] is differential fault attack (DFA). It operates by taking advantage of differences in information between correct and fault ciphertexts, which poses a serious threat to the encryption executive equipment.…”

Section: Introductionmentioning

confidence: 99%

A Novel DFA on AES: Based on Two–Byte Fault Model with Discontiguous Rows

et al. 2023

View full text Add to dashboard Cite

Differential fault attack (DFA) is a distinctive methodology for acquiring the key to block ciphers, which comprises two distinct strategies: DFA on the state and DFA on the key schedule. Given the widespread adoption of the Advanced Encryption Standard (AES), it has emerged as a prominent target for DFA. This paper presents an efficient DFA on the AES, utilizing a two−byte fault model that induces faults at the state with discontiguous rows. The experiment demonstrates that, based on the proposed fault model, the key for AES–128, AES–192, and AES–256 can be successfully recovered by exploiting two, two, and four faults, respectively, without the need for exhaustive research. Notably, in the case of AES–256, when considering exhaustive research, two (or three) faults are needed with 232 (or 216) exhaustive searches. In comparison to the currently available DFA on the AES state, the proposed attack method shows a higher efficiency due to the reduced induced faults.

show abstract

An efficient differential fault attack against SIMON key schedule

Cited by 5 publications

References 12 publications

Research on a Random Mask Infection Countermeasure against Double Fault Attacks

Research on a Random Mask Infection Countermeasure against Double Fault Attacks

Differential fault analysis on the lightweight block cipher plug‐in plug‐out

A Novel DFA on AES: Based on Two–Byte Fault Model with Discontiguous Rows

Contact Info

Product

Resources

About