Fault Analysis of the ChaCha and Salsa Families of Stream Ciphers

Beckers, Arthur; Gierlichs, Benedikt; Verbauwhede, Ingrid

doi:10.1007/978-3-319-75208-2_12

Cited by 8 publications

(4 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The potential weakness is seen to be the rotational XOR probability which increases in other Chacha20 variants. An analysis for fault in Chacha and Salsa stream cipher by [54] shows commonality in differential attacks. From this study, fault model attacks are suggested, and it is seen that when the attacker knows the plaintext and the ciphertext, then the fault mode can easily be exploited; however, the low complexity of this study showed that it is practical in nature [54].…”

Section: Comparison With Existing Studiesmentioning

confidence: 99%

“…It is important to note that the motivation for exploring the extended rounds for Chacha20 is based on the limitations that have been identified in other ciphers, as shown in Table 5. These limitations include issues such as weaknesses in the key schedule and the susceptibility of some ciphers to sidechannel attacks [47], attacking QR − F s from keystream [48], QR − F modification, weaknesses in rotational XOR in Chacha20 variants, etc [49], [50], [51], [54]. EChacha20 has been designed to address the specific limitation of improved QR − F and stands to provide a more secure and efficient encryption algorithm.…”

Section: Comparison With Existing Studiesmentioning

confidence: 99%

See 1 more Smart Citation

Extended-Chacha20 Stream Cipher With Enhanced Quarter Round Function

Kebande

2023

IEEE Access

View full text Add to dashboard Cite

Chacha20 is a widely-used stream cipher known for using permutation functions to enhance resistance against cryptanalysis. Although the existing literature highlights its strengths, it is worth further exploring its susceptibility to potential differential attacks. This paper proposes an Extended Chacha20 (EChacha20) stream cipher, which offers a slight improvement of Chacha20. It incorporates enhanced Quarter Round Functions QR − F with 32-bit input words and Add, Rotate, and XOR (ARX) operations on 16, 12, 8, 7, 4, and 2 constants. Using these improved QR − F s, we expect EChacha20 to be more secure and effective against attacks than Chacha20. The threat model considers attacker assumptions based on Bellare-Rogaway Model (B-RM) and the Chosen Plaintext Attack (CPA) to assess the potential security weaknesses. Then the study analyzes the EChacha20 cipher using the NIST Statistical Test Suite (NSTS) and demonstrates its effectiveness against differential cryptanalysis. A differential attack is considered to address this challenge, where the study comprehensively analyses the differences between original and flipped bits. The NSTS has been used to analyze the outcome for uniformity statistically and to evaluate the randomness of generating sequences of tests with consideration of 1000 tests based on a range of [0, 1]. Uniformity is evaluated based on the p − values test against a battery of passing sequences and 100% is achieved from Runs and Serial(2) : T est 1 respectively.The performance evaluation metrics leveraged include encryption speed, decryption speed, and memory usage. Based on the test conducted, it has been observed that with increased QR − F , EChacha20 maintains a good balance in speed although slightly higher than Chacha20; however, with also slightly high memory usage compared to Chacha20. Despite that, a comparative study has been conducted against state-of-the-art studies, and the outcome has been reported to show the significance of the current study. Ultimately, the outcome indicates that the EChacha20 cipher has improved QR − F and security properties compared to Chacha20 and may provide a more robust encryption solution for various applications.

show abstract

Section: Comparison With Existing Studiesmentioning

confidence: 99%

Section: Comparison With Existing Studiesmentioning

confidence: 99%

Extended-Chacha20 Stream Cipher With Enhanced Quarter Round Function

Kebande

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Normally, DFA/AFA on stream ciphers is considered difficult to carry out in practice, compared to block ciphers, as the analysis complexity often goes beyond the computational requirements of automated tools such as satisfiability (SAT) solvers. One may check eSTREAM finalist SALSA or its variant CHACHA in this regard [BGV17].…”

Section: Differential Fault Attack (Dfa)mentioning

confidence: 99%

Classical and Physical Security of Symmetric Key Cryptographic Algorithms

Baksi

2022

Computer Architecture and Design Methodologies

View full text Add to dashboard Cite

Chapter 3 ("Fault Attacks In Symmetric Key Cryptosystems") is currently under submission as a survey/systemization of of knowledge paper to a peer-reviewed journal.Chapter 4 is not under submission. The contributions of the co-authors are as follows:• The write-up for the first part (Chapters 4.1, 4.2) was done by me. For the second part (Chapter 4.3), I did part of the write-up and analysis.• P. Ravi prepared the electromagnetic leakage and part of the write-up.• R. R. Shrivastwa prepared the power leakage.3 Chapter 5 is accepted as "New Insights On Differential And Linear Bounds Using Mixed Integer Linear Programming"; by A. Baksi; in International Conference on Information Technology and Communications Security (SecITC), 2020 (with major modification). This is a single-author paper by me. As such, I am responsible for everything -ideation, experimental results, write-up and proofreading and so on.

show abstract

“…In general, DFA aims at attacking non-linear instructions. Up to now, there have been various attacks exploiting the following operations: bitwise AND [TBM14], bitwise OR [BHL18], addition [TBM14,JB15,BGV17], and table lookup [Riv09a, JLSH13, TM09], often used for Sbox calculation. Even though the attack varies for different ciphers, the main principle behind the attack of a particular operation stays the same [JT12].…”

Section: Attacks On Target Instructionsmentioning

confidence: 99%

Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers

Hou

Breier

Zhang

et al. 2019

TCHES

View full text Add to dashboard Cite

Differential Fault Analysis (DFA) is considered as the most popular fault analysis method. While there are techniques that provide a fault analysis automation on the cipher level to some degree, it can be shown that when it comes to software implementations, there are new vulnerabilities, which cannot be found by observing the cipher design specification.This work bridges the gap by providing a fully automated way to carry out DFA on assembly implementations of symmetric block ciphers. We use a customized data flow graph to represent the program and develop a novel fault analysis methodology to capture the program behavior under faults. We establish an effective description of DFA as constraints that are passed to an SMT solver. We create a tool that takes assembly code as input, analyzes the dependencies among instructions, automatically attacks vulnerable instructions using SMT solver and outputs the attack details that recover the last round key (and possibly the earlier keys). We support our design with evaluations on lightweight ciphers SIMON, SPECK, and PRIDE, and a current NIST standard, AES. By automated assembly analysis, we were able to find new efficient DFA attacks on SPECK and PRIDE, exploiting implementation specific vulnerabilities, and previously published DFA on SIMON and AES. Moreover, we present a novel DFA on multiplication operation that has never been shown for symmetric block ciphers before. Our experimental evaluation also shows reasonable execution times that are scalable to current cipher designs and can easily outclass the manual analysis. Moreover, we present a method to check the countermeasure-protected implementations in a way that helps implementers to decide how many rounds should be protected. We note that this is the first work that automatically carries out DFA on cipher implementations without any plaintext or ciphertext information and therefore, can be generally applied to any input data to the cipher.

show abstract

Fault Analysis of the ChaCha and Salsa Families of Stream Ciphers

Cited by 8 publications

References 22 publications

Extended-Chacha20 Stream Cipher With Enhanced Quarter Round Function

Extended-Chacha20 Stream Cipher With Enhanced Quarter Round Function

Classical and Physical Security of Symmetric Key Cryptographic Algorithms

Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers

Contact Info

Product

Resources

About