The differential fault analysis on block cipher KLEIN-96

Xiao, Haiyan; Wang, Lifang

doi:10.1016/j.jisa.2022.103205

Cited by 4 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Within the field of cryptanalysis, DFA is one of the most popular techniques for compromising the security of encryption algorithms. An example of this is its continued application to most proposed encryption algorithms [32]- [35]. Its principle of operation is based on combining fault injection with mathematical analysis of the effect produced by these faults on the operation of the ciphers.…”

Section: A Dfa On Aesmentioning

confidence: 99%

Design and Evaluation of Countermeasures Against Fault Injection Attacks and Power Side-Channel Leakage Exploration for AES Block Cipher

et al. 2022

View full text Add to dashboard Cite

Differential Fault Analysis (DFA) and Power Analysis (PA) attacks, have become the main methods for exploiting the vulnerabilities of physical implementations of block ciphers, currently used in a multitude of applications, such as the Advanced Encryption Standard (AES). In order to minimize these types of vulnerabilities, several mechanisms have been proposed to detect fault attacks. However, these mechanisms can have a significant cost, not fully covering the implementations against fault attacks or not taking into account the leakage of the information exploitable by the power analysis attacks. In this paper, four different approaches are proposed with the aim of protecting the AES block cipher against DFA. The proposed solutions are based on Hamming code and parity bits as signature generators for the internal state of the AES cipher. These allow to detect DFA exploitable faults, from bit to byte level. The proposed solutions have been applied to a T-box based AES block cipher implemented on Field Programmable Gate Array (FPGA). Experimental results suggest a fault coverage of 98.5% and 99.99% with an area penalty of 9% and 36% respectively, for the parity bit signature generators and a fault coverage of 100% with an area penalty of 18% and 42% respectively when Hamming code signature generator is used. In addition, none of the proposed countermeasures impose a frequency degradation, in respect to the unprotected cipher. The proposed work goes further in the evaluation of the proposed DFA countermeasures by evaluating the impact of these structures in terms of power side-channel. The obtained results suggest that no extra information leakage is produced that can be exploited by PA. Overall, the proposed DFA countermeasures provide a high fault coverage protection with a low cost in terms of area and power consumption and no PA security degradation.

show abstract

Section: A Dfa On Aesmentioning

confidence: 99%

Design and Evaluation of Countermeasures Against Fault Injection Attacks and Power Side-Channel Leakage Exploration for AES Block Cipher

et al. 2022

View full text Add to dashboard Cite

show abstract

“…One FA technique proposed to crack block ciphers like AES [9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27], KLEIN [28,29], SIMON [30,31], and SIMECK [32,33] is differential fault attack (DFA). It operates by taking advantage of differences in information between correct and fault ciphertexts, which poses a serious threat to the encryption executive equipment.…”

Section: Introductionmentioning

confidence: 99%

A Novel DFA on AES: Based on Two–Byte Fault Model with Discontiguous Rows

et al. 2023

View full text Add to dashboard Cite

Differential fault attack (DFA) is a distinctive methodology for acquiring the key to block ciphers, which comprises two distinct strategies: DFA on the state and DFA on the key schedule. Given the widespread adoption of the Advanced Encryption Standard (AES), it has emerged as a prominent target for DFA. This paper presents an efficient DFA on the AES, utilizing a two−byte fault model that induces faults at the state with discontiguous rows. The experiment demonstrates that, based on the proposed fault model, the key for AES–128, AES–192, and AES–256 can be successfully recovered by exploiting two, two, and four faults, respectively, without the need for exhaustive research. Notably, in the case of AES–256, when considering exhaustive research, two (or three) faults are needed with 232 (or 216) exhaustive searches. In comparison to the currently available DFA on the AES state, the proposed attack method shows a higher efficiency due to the reduced induced faults.

show abstract

“…We note that in the general research on DFA, researchers often considered the fault injection into the encryption states or key schedule of cryptographic algorithms. 21 In fact, the key schedule, which is used to generate all the round subkeys, is also included in the encryption devices. It is also possible to induce the faults into it.…”

Section: Introductionmentioning

confidence: 99%

Differential fault analysis on the lightweight block cipher plug‐in plug‐out

Xiao

Wang

2022

Security and Privacy

Self Cite

View full text Add to dashboard Cite

In recent years, many lightweight block ciphers were proposed to provide security for resource-constrained environments such as Internet of Things (IoT). PIPO, which stands for "plug-in plug-out", is just a lightweight bit-sliced block cipher offering excellent performance in 8-bit AVR software implementations.In fact, PIPO owns 64-bit input and output, 128-bit secret key. In this article, we consider the differential fault analysis (DFA), a typical side-channel attack, on the PIPO cipher. More concretely, for the first time, we apply the mixed attack model, which considers the DFA on the encryption state and key schedule simultaneously, to recover PIPO's 128-bit master key. The theoretical analysis shows that, in average, after injecting 4-byte faults, the complexity of obtaining the master key reduces from 2 128 reduces to 2 14 . In fact, this attack model alleviates the assumption on attacker than the bit-injection case. It should be noted that our analysis also holds for other bit-sliced block ciphers. Finally, the simulations show that our proposed DFA on PIPO cipher is rather practical.

show abstract

The differential fault analysis on block cipher KLEIN-96

Cited by 4 publications

References 13 publications

Design and Evaluation of Countermeasures Against Fault Injection Attacks and Power Side-Channel Leakage Exploration for AES Block Cipher

Design and Evaluation of Countermeasures Against Fault Injection Attacks and Power Side-Channel Leakage Exploration for AES Block Cipher

A Novel DFA on AES: Based on Two–Byte Fault Model with Discontiguous Rows

Differential fault analysis on the lightweight block cipher plug‐in plug‐out

Contact Info

Product

Resources

About