Differential Fault Analysis of SHA-3

Bagheri, Nasour; Ghaedi, Navid; Sanadhya, Somitra Kumar

doi:10.1007/978-3-319-26617-6_14

Cited by 24 publications

(68 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…3 and use these notations in the rest of this paper. We pick the penultimate round input (θ 22 i ) as the fault injection point, and the target is to recover the whole internal state of χ 22 i (1600 bits) with access to the digest H at much shorter length, which is dbit for SHA3-d function. The key insight of DFA is that the fault injection reveals some internal state bits through the differential digest output (the difference between the correct digest and faulty digest).…”

Section: Notations and Data Structurementioning

confidence: 99%

“…As the single-bit fault model used in [22] is just a special case of the single-byte fault model, we will also check attack results under that model.…”

Section: The Fault Model Used In This Papermentioning

confidence: 99%

“…Results show that, for SHA3-384 and SHA3-512, about 120 random single-byte faults are needed to recover an entire internal state, while about 500 single-bit random faults are needed in previous work [22]. When the fault injection can be controlled, our simulation results of the heuristics show that only 17 selected single-byte faults and 129 selected single-bit faults are required to recover the internal state, under the two different fault models, respectively.…”

Section: Introductionmentioning

confidence: 98%

Section: Introductionmentioning

confidence: 99%

“…To the best of our knowledge, only one work about DFA on SHA-3 has been published before us [22]. In [22], a singlebit fault model is used , and only two modes of SHA-3 with longer digest length, namely SHA3-384 and SHA3-512, have been discussed. Injection of single-bit faults into cryptosystems requires higher control precision and sometimes invasive methods like laser emission, which are costly and also less effective as the technology scales down.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Differential Fault Analysis of SHA-3 Under Relaxed Fault Models

et al. 2017

View full text Add to dashboard Cite

Keccak-based algorithms such as Secure Hash Algorithm-3 (SHA-3) will be widely used in cryptosystems, and evaluating their security against different kinds of attacks is vitally important. This paper presents an efficient differential fault analysis (DFA) method on all four modes of SHA-3 to recover an entire internal state, which leads to message recovery in the regular hashing mode and key retrieval in the message authentication code (MAC) mode. We adopt relaxed fault models in this paper, assuming the attacker can inject random single-byte faults into the penultimate round input of SHA-3. We also propose algorithms to find the lower bound on the number of fault injections needed to recover an entire internal state for the proposed attacks. Results show that on average, the attacker needs about 120 random faults to recover an internal state, while he needs 17 faults at best if he has control of the faults injected. The proposed attack method is further extended for systems with input messages longer than the bitrate.

show abstract

Section: Notations and Data Structurementioning

confidence: 99%

“…As the single-bit fault model used in [22] is just a special case of the single-byte fault model, we will also check attack results under that model.…”

Section: The Fault Model Used In This Papermentioning

confidence: 99%

Section: Introductionmentioning

confidence: 98%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Differential Fault Analysis of SHA-3 Under Relaxed Fault Models

et al. 2017

View full text Add to dashboard Cite

show abstract

Differential Fault Attack on SKINNY Block Cipher

Vafaei

Bagheri

Saha

et al. 2018

Security, Privacy, and Applied Cryptography Engineering

View full text Add to dashboard Cite

Optimizing Electromagnetic Fault Injection with Genetic Algorithms

Maldini

Samwel

Picek

et al. 2019

Automated Methods in Cryptographic Fault Analysis

View full text Add to dashboard Cite

Article 25fa pilot End User AgreementThis publication is distributed under the terms of Article 25fa of the Dutch Copyright Act (Auteurswet) with explicit consent by the author. Dutch law entitles the maker of a short scientific work funded either wholly or partially by Dutch public funds to make that work publicly available for no consideration following a reasonable period of time after the work was first published, provided that clear reference is made to the source of the first publication of the work.This publication is distributed under The Association of Universities in the Netherlands (VSNU) 'Article 25fa implementation' pilot project. In this pilot research outputs of researchers employed by Dutch Universities that comply with the legal requirements of Article 25fa of the Dutch Copyright Act are distributed online and free of cost or other barriers in institutional repositories. Research outputs are distributed six months after their first online publication in the original published version and with proper attribution to the source of the original publication.You are permitted to download and use the publication for personal purposes. All rights remain with the author(s) and/or copyrights owner(s) of this work. Any use of the publication other than authorised under this licence or copyright law is prohibited.If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website.

show abstract

Differential Fault Analysis of SHA-3

Cited by 24 publications

References 32 publications

Differential Fault Analysis of SHA-3 Under Relaxed Fault Models

Differential Fault Analysis of SHA-3 Under Relaxed Fault Models

Differential Fault Attack on SKINNY Block Cipher

Optimizing Electromagnetic Fault Injection with Genetic Algorithms

Contact Info

Product

Resources

About