scholarly journals Differential fault analysis of secret key cryptosystems

1997 ◽  
pp. 513-525 ◽  
Author(s):  
Eli Biham ◽  
Adi Shamir
Keyword(s):  
Fault Analysis ◽  
Secret Key ◽  
Differential Fault Analysis

scholarly journals Breaking Trivium Stream Cipher Implemented in ASIC Using Experimental Attacks and DFA

Sensors ◽  
2020 ◽  
Vol 20 (23) ◽  
pp. 6909
Author(s):  
Francisco Eugenio Potestad-Ordóñez ◽  
Manuel Valencia-Barrero ◽  
Carmen Baena-Oliva ◽  
Pilar Parra-Fernández ◽  
Carlos Jesús Jiménez-Fernández
Keyword(s):  
Stream Cipher ◽  
Internal State ◽  
Clock Cycle ◽  
Fault Analysis ◽  
Invasive Technique ◽  
Sensitive Information ◽  
Secret Key ◽  
Key Recovery ◽  
Differential Fault Analysis ◽  
Secret Keys

One of the best methods to improve the security of cryptographic systems used to exchange sensitive information is to attack them to find their vulnerabilities and to strengthen them in subsequent designs. Trivium stream cipher is one of the lightweight ciphers designed for security applications in the Internet of things (IoT). In this paper, we present a complete setup to attack ASIC implementations of Trivium which allows recovering the secret keys using the active non-invasive technique attack of clock manipulation, combined with Differential Fault Analysis (DFA) cryptanalysis. The attack system is able to inject effective transient faults into the Trivium in a clock cycle and sample the faulty output. Then, the internal state of the Trivium is recovered using the DFA cryptanalysis through the comparison between the correct and the faulty outputs. Finally, a backward version of Trivium was also designed to go back and get the secret keys from the initial internal states. The key recovery has been verified with numerous simulations data attacks and used with the experimental data obtained from the Application Specific Integrated Circuit (ASIC) Trivium. The secret key of the Trivium were recovered experimentally in 100% of the attempts, considering a real scenario and minimum assumptions.

scholarly journals ExpFault: An Automated Framework for Exploitable Fault Characterization in Block Ciphers

2018 ◽  
pp. 242-276 ◽  
Author(s):  
Sayandeep Saha ◽  
Debdeep Mukhopadhyay ◽  
Pallab Dasgupta
Keyword(s):  
Defense Mechanisms ◽  
Block Ciphers ◽  
Fault Analysis ◽  
Proof Of Concept ◽  
Secret Key ◽  
Cryptographic Primitives ◽  
Differential Fault Analysis ◽  
Comprehensive Knowledge ◽  
Fault Characterization ◽  
First Time

Malicious exploitation of faults for extracting secrets is one of the most practical and potent threats to modern cryptographic primitives. Interestingly, not every possible fault for a cryptosystem is maliciously exploitable, and evaluation of the exploitability of a fault is nontrivial. In order to devise precise defense mechanisms against such rogue faults, a comprehensive knowledge is required about the exploitable part of the fault space of a cryptosystem. Unfortunately, the fault space is diversified and of formidable size even while a single cryptoprimitive is considered and traditional manual fault analysis techniques may often fall short to practically cover such a fault space within reasonable time. An automation for analyzing individual fault instances for their exploitability is thus inevitable. Such an automation is supposed to work as the core engine for analyzing the fault spaces of cryptographic primitives. In this paper, we propose an automation for evaluating the exploitability status of fault instances from block ciphers, mainly in the context of Differential Fault Analysis (DFA) attacks. The proposed framework is generic and scalable, which are perhaps the two most important features for covering diversified fault spaces of formidable size originating from different ciphers. As a proof-of-concept, we reconstruct some known attack examples on AES and PRESENT using the framework and finally analyze a recently proposed cipher GIFT [BPP+17] for the first time. It is found that the secret key of GIFT can be uniquely determined with 1 nibble fault instance injected at the beginning of the 25th round with a reasonable computational complexity of 214.

scholarly journals Towards Optimized DFA Attacks on AES under Multibyte Random Fault Model

2018 ◽  
Vol 2018 ◽  
pp. 1-9
Author(s):  
Ruyan Wang ◽  
Xiaohan Meng ◽  
Yang Li ◽  
Jian Wang
Keyword(s):  
Fault Model ◽  
Fault Analysis ◽  
Advanced Encryption Standard ◽  
Security Assessment ◽  
Secret Key ◽  
Key Recovery ◽  
Differential Fault Analysis ◽  
Recovery Strategies ◽  
Secret Keys ◽  
Fault Distribution

Differential Fault Analysis (DFA) is one of the most practical methods to recover the secret keys from real cryptographic devices. In particular, DFA on Advanced Encryption Standard (AES) has been massively researched for many years for both single-byte and multibyte fault model. For AES, the first proposed DFA attack requires 6 pairs of ciphertexts to identify the secret key under multibyte fault model. Until now, the most efficient DFA under multibyte fault model proposed in 2017 can complete most of the attacks within 3 pairs of ciphertexts. However, we note that the attack is not fully optimized since no clear optimization goal was set. In this work, we introduce two optimization goals as the fewest ciphertext pairs and the least computational complexity. For these goals, we manage to figure out the corresponding optimized key recovery strategies, which further increase the efficiency of DFA attacks on AES. A more accurate security assessment of AES can be completed based on our study of DFA attacks on AES. Considering the variations of fault distribution, the improvement to the attack has been analyzed and verified.

scholarly journals Hybrid Pipeline Hardware Architecture Based on Error Detection and Correction for AES

Sensors ◽  
2021 ◽  
Vol 21 (16) ◽  
pp. 5655
Author(s):  
Ignacio Algredo-Badillo ◽  
Kelsey A. Ramírez-Gutiérrez ◽  
Luis Alberto Morales-Rosales ◽  
Daniel Pacheco Bautista ◽  
Claudia Feregrino-Uribe
Keyword(s):  
Fault Detection ◽  
Error Detection ◽  
Secure Communication ◽  
Critical Path ◽  
Fault Analysis ◽  
Hardware Architecture ◽  
Secret Key ◽  
Cryptographic Algorithm ◽  
Differential Fault Analysis ◽  
Error Detection And Correction

Currently, cryptographic algorithms are widely applied to communications systems to guarantee data security. For instance, in an emerging automotive environment where connectivity is a core part of autonomous and connected cars, it is essential to guarantee secure communications both inside and outside the vehicle. The AES algorithm has been widely applied to protect communications in onboard networks and outside the vehicle. Hardware implementations use techniques such as iterative, parallel, unrolled, and pipeline architectures. Nevertheless, the use of AES does not guarantee secure communication, because previous works have proved that implementations of secret key cryptosystems, such as AES, in hardware are sensitive to differential fault analysis. Moreover, it has been demonstrated that even a single fault during encryption or decryption could cause a large number of errors in encrypted or decrypted data. Although techniques such as iterative and parallel architectures have been explored for fault detection to protect AES encryption and decryption, it is necessary to explore other techniques such as pipelining. Furthermore, balancing a high throughput, reducing low power consumption, and using fewer hardware resources in the pipeline design are great challenges, and they are more difficult when considering fault detection and correction. In this research, we propose a novel hybrid pipeline hardware architecture focusing on error and fault detection for the AES cryptographic algorithm. The architecture is hybrid because it combines hardware and time redundancy through a pipeline structure, analyzing and balancing the critical path and distributing the processing elements within each stage. The main contribution is to present a pipeline structure for ciphering five times on the same data blocks, implementing a voting module to verify when an error occurs or when output has correct cipher data, optimizing the process, and using a decision tree to reduce the complexity of all combinations required for evaluating. The architecture is analyzed and implemented on several FPGA technologies, and it reports a throughput of 0.479 Gbps and an efficiency of 0.336 Mbps/LUT when a Virtex-7 is used.

An Efficient One-Bit Model for Differential Fault Analysis on Simon Family

2015 ◽  
Author(s):  
Juan Del Carmen Grados Vasquez ◽  
Fabio Borges ◽  
Renato Portugal ◽  
Pedro Lara
Keyword(s):  
Fault Analysis ◽  
Differential Fault Analysis

Probabilistic signature based generalized framework for differential fault analysis of stream ciphers

2016 ◽  
Vol 9 (4) ◽  
pp. 523-543 ◽  
Author(s):  
Santanu Sarkar ◽  
Prakash Dey ◽  
Avishek Adhikari ◽  
Subhamoy Maitra
Keyword(s):  
Fault Analysis ◽  
Stream Ciphers ◽  
Differential Fault Analysis ◽  
Generalized Framework

Differential Fault Analysis of LEX

2010 ◽  
pp. 55-72
Author(s):  
Jianyong Huang ◽  
Willy Susilo ◽  
Jennifer Seberry
Keyword(s):  
Fault Analysis ◽  
Differential Fault Analysis
Sign in / Sign up

Export Citation Format

Share Document