Kite attack: reshaping the cube attack for a flexible GPU-based maxterm search

Cianfriglia, Marco; Guarino, Stefano; Bernaschi, Massimo; Lombardi, Flavio; Pedicini, Marco

doi:10.1007/s13389-019-00217-3

Cited by 3 publications

(5 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[16]- [20], where theoretical attacks were modelled. Faults were injected into the internal state of the cipher to retrieve secret information from the device.…”

Section: A Previous Workmentioning

confidence: 99%

“…Table 1 summarizes the requirements for each DFA model for retrieving the secret internal state, and therefore the secret K and IV, of the cipher, showing the reference, the number of fault injections and the number of faulty key stream bits. Note that the attacks presented in [16]- [20] are not included in this analysis, since these attacks are against the mathematical algorithm itself and not against the physical implementations, therefore they are out of our scope.…”

Section: B Theoretical Vulnerabilities Of Triviummentioning

confidence: 99%

“…These theoretical works, together with the experimental attacks presented in [14] and [15], have shown that this cipher must be protected to minimize its vulnerabilities against malicious attacks. Good examples of the continuous and recent interest in breaking this encryption algorithm, apart from the DFA, are the works presented in [16]- [20]. In [16], [17] a Boolean polynomial reduction technique and guess and determine attack in Trivium are presented.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Trivium Stream Cipher Countermeasures Against Fault Injection Attacks and DFA

et al. 2021

View full text Add to dashboard Cite

Attacks on cryptocircuits are becoming increasingly sophisticated, requiring designers to include more and more countermeasures in the design to protect it against malicious attacks. Fault Injection Attacks and Differential Fault Analysis have proven to be very dangerous as they are able to retrieve the secret information contained in cryptocircuits. In this sense, Trivium cipher has been shown to be vulnerable to this type of attack. This paper presents four different fault detection schemes to protect Trivium stream cipher implementations against fault injection attacks and differential fault analysis. These countermeasures are based on the introduction of hardware redundancy and signature analysis to detect fault injections during encryption or decryption operations. This prevents the attacker from having access to the faulty key stream and performing differential fault analysis. In order to verify the correct operation and the effectiveness of the presented schemes, an experimental system of non-invasive active attacks using the clock signal in FPGA has been designed. This system allows to know the fault coverage for both multiple and single faults. In addition, the results of area consumption, frequency degradation, and fault detection latency for FPGA and ASIC implementations are presented. The results show that all proposed countermeasures are able to provide a fault coverage above 79% and one of them reaches a coverage of 99.99%. It has been tested that the number of cycles for fault detection is always lower than the number of cycles needed to apply the differential fault analysis reported in the literature for the Trivium cipher.

show abstract

“…[16]- [20], where theoretical attacks were modelled. Faults were injected into the internal state of the cipher to retrieve secret information from the device.…”

Section: A Previous Workmentioning

confidence: 99%

Section: B Theoretical Vulnerabilities Of Triviummentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Trivium Stream Cipher Countermeasures Against Fault Injection Attacks and DFA

et al. 2021

View full text Add to dashboard Cite

show abstract

“…It should be noted that none of these works attempt to experimentally test the vulnerability of the Trivium cipher, proving the feasibility of the faults needed, but rather base their hypotheses on theoretical assumptions, discarding the experimental aspect. On the other hand, good examples of the continuous and recent interest in breaking this encryption algorithm, apart from the DFA, are the works presented in [15][16][17][18][19][20]. An attack on the bitstream used to configure an FPGA with the Trivium cipher implemented is presented in [15].…”

Section: Introductionmentioning

confidence: 99%

“…A study of cubic attacks against the cipher is proposed in [19] and a new method for finding non-linear superpolies using the linearity test principle is also described. Finally, in [20], a cube attack is performed, showing that it is able to recover the key in the 781 round of Trivium.…”

Section: Introductionmentioning

confidence: 99%

Experimental FIA Methodology Using Clock and Control Signal Modifications under Power Supply and Temperature Variations

Potestad-Ordonez

Tena-Sánchez

Mora

et al. 2021

Sensors

View full text Add to dashboard Cite

The security of cryptocircuits is determined not only for their mathematical formulation, but for their physical implementation. The so-called fault injection attacks, where an attacker inserts faults during the operation of the cipher to obtain a malfunction to reveal secret information, pose a serious threat for security. These attacks are also used by designers as a vehicle to detect security flaws and then protect the circuits against these kinds of attacks. In this paper, two different attack methodologies are presented based on inserting faults through the clock signal or the control signal. The optimization of the attacks is evaluated under supply voltage and temperature variation, experimentally determining the feasibility through the evaluation of different Trivium versions in 90 nm ASIC technology implementations, also considering different routing alternatives. The results show that it is possible to inject effective faults with both methodologies, improving fault efficiency if the power supply voltage decreases, which requires only half the frequency of the short pulse inserted into the clock signal to obtain a fault. The clock signal modification methodology can be extended to other NLFSR-based cryptocircuits and the control signal-based methodology can be applied to both block and stream ciphers.

show abstract

Fourteen years of cube attacks

Cianfriglia

Onofri

et al. 2023

AAECC

View full text Add to dashboard Cite

Algebraic Cryptanalysis is a widely used technique that tackles the problem of breaking ciphers mainly relying on the ability to express a cryptosystem as a solvable polynomial system. Each output bit/word can be expressed as a polynomial equation in the cipher’s inputs—namely the key and the plaintext or the initialisation vector bits/words. A part of research in this area consists in finding suitable algebraic structures where polynomial systems can be effectively solved, e.g., by computing Gröbner bases. In 2009, Dinur and Shamir proposed the cube attack, a chosen plaintext algebraic cryptanalysis technique for the offline acquisition of an equivalent system by means of monomial reduction; interpolation on cubes in the space of variables enables retrieving a linear polynomial system, hence making it exploitable in the online phase to recover the secret key. Since its introduction, this attack has received both many criticisms and endorsements from the crypto community; this work aims at providing, under a unified notation, a complete state-of-the-art review of recent developments by categorising contributions in five classes. We conclude the work with an in-depth description of the kite attack framework, a cipher-independent tool that implements cube attacks on GPUs. Mickey2.0 is adopted as a showcase.

show abstract

Kite attack: reshaping the cube attack for a flexible GPU-based maxterm search

Cited by 3 publications

References 21 publications

Trivium Stream Cipher Countermeasures Against Fault Injection Attacks and DFA

Trivium Stream Cipher Countermeasures Against Fault Injection Attacks and DFA

Experimental FIA Methodology Using Clock and Control Signal Modifications under Power Supply and Temperature Variations

Fourteen years of cube attacks

Contact Info

Product

Resources

About