Analysis of an Optimal Fault Attack on the LED-64 Lightweight Cryptosystem

Liang, Dong; Zhu, Lei; Sun, Shaofei; Han, Guoqiang; Zhang, Fan

doi:10.1109/access.2019.2901753

Cited by 4 publications

(4 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dong et al [18] proposed a light encryption device for the cryptosystem with the optimal fault attack. This research combined two fault attacks, namely, various impossible attacks and algebraic fault attacks.…”

Section: Related Workmentioning

confidence: 99%

Low area field‐programmable gate array implementation of PRESENT image encryption with key rotation and substitution

Parikibandla

Sreenivas

2021

ETRI Journal

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Low area field‐programmable gate array implementation of PRESENT image encryption with key rotation and substitution

Parikibandla

Sreenivas

2021

ETRI Journal

View full text Add to dashboard Cite

“…DFA [1] is a new cryptanalysis method proposed by E. Beniham and A. Hamir based on a combination of mathematical and physical methods in 1997. This method has been applied to many block ciphers, like FOX [2], SMS4 [3], AES [4], LED [5], SIMON [6] etc. Meanwhile, with the development of the Internet of things(IoT), a large number of various lightweight block ciphers have emerged, and have proved its efficiency in resource-constrained environments such as RFID tags and wireless sensor networks(WSN).…”

Section: Introductionmentioning

confidence: 99%

General Differential Fault Attack on PRESENT and GIFT Cipher With Nibble

et al. 2021

View full text Add to dashboard Cite

Lightweight block cipher PRESENT is an algorithm with SPN structure. Due to its excellent hardware performance and simple round function design, it can be well applied to Internet of things terminals with limited computing resources. As an improved cipher of PRESENT, GIFT is similar in structure to PRESENT and has been widely concerned by academia and industry. This paper studies the P permutation law of PRESENT and GIFT, and presents a general differential fault attack(DFA) method with their differential characteristics. For PRESENT, this paper chooses to inject a nibble fault before the 30 th and 31 st rounds of S-box operation. A total of 32 nibble fault ciphertexts are needed to recover the original key. The computational complexity and data complexity are 2 10.94 and 2 8 , respectively. For GIFT, this paper chooses to inject a nibble fault before the 25 th , 26 th , 27 th and 28 th rounds of S-box operation. A total of 64 nibble fault ciphertexts are needed to recover the original key. The computational complexity and data complexity are 2 11.91 and 2 9 , respectively. Compared with other public cryptoanalysis results of PRESENT and GIFT, this general attack method has great advantages. In this paper, the DFA of GIFT is experimentally verified and the effectiveness is proved. These experiments have been done on a personal computer and run in a very reasonable time(around 500ms).

show abstract

“…In [26][27][28][29][30] theoretical analyses of fault injections in different versions of AES are presented. This type of analysis has also been theoretically applied to a multitude of both block and stream ciphers, such as Midori, PRESENT, SIMON, SPECK, LED, MICKEY, GRAIN and PLANTLET [3,4,[31][32][33][34][35][36][37]. All these works use the DFA method to theoretically recover the ciphers secret key, using transient fault injections and exploiting the obtained information.…”

Section: Introductionmentioning

confidence: 99%

“…In the case of the stream ciphers the number of works is even lower, being all of them presented using FPGAs implementations as [44] and as far as we know none of them applied to ASIC implementations. [3,4], [26][27][28], [30][31][32][33][34][35][36][37][38][39][40][41] [25], [29], [44][45][46] [ [42][43][44] In the case of the Trivium stream cipher the most important DFA analyses are the mentioned above [38][39][40][41]. These works are in Group A, and they base their analyses on ideal fault models or scenarios.…”

Section: Introductionmentioning

confidence: 99%

Breaking Trivium Stream Cipher Implemented in ASIC Using Experimental Attacks and DFA

Potestad-Ordonez

Barrero

Oliva

et al. 2020

Sensors

View full text Add to dashboard Cite

One of the best methods to improve the security of cryptographic systems used to exchange sensitive information is to attack them to find their vulnerabilities and to strengthen them in subsequent designs. Trivium stream cipher is one of the lightweight ciphers designed for security applications in the Internet of things (IoT). In this paper, we present a complete setup to attack ASIC implementations of Trivium which allows recovering the secret keys using the active non-invasive technique attack of clock manipulation, combined with Differential Fault Analysis (DFA) cryptanalysis. The attack system is able to inject effective transient faults into the Trivium in a clock cycle and sample the faulty output. Then, the internal state of the Trivium is recovered using the DFA cryptanalysis through the comparison between the correct and the faulty outputs. Finally, a backward version of Trivium was also designed to go back and get the secret keys from the initial internal states. The key recovery has been verified with numerous simulations data attacks and used with the experimental data obtained from the Application Specific Integrated Circuit (ASIC) Trivium. The secret key of the Trivium were recovered experimentally in 100% of the attempts, considering a real scenario and minimum assumptions.

show abstract

Analysis of an Optimal Fault Attack on the LED-64 Lightweight Cryptosystem

Cited by 4 publications

References 24 publications

Low area field‐programmable gate array implementation of PRESENT image encryption with key rotation and substitution

Low area field‐programmable gate array implementation of PRESENT image encryption with key rotation and substitution

General Differential Fault Attack on PRESENT and GIFT Cipher With Nibble

Breaking Trivium Stream Cipher Implemented in ASIC Using Experimental Attacks and DFA

Contact Info

Product

Resources

About