A Fault Attack on the Family of Enocoro Stream Ciphers

Cryptography ◽  
2021 ◽  
Vol 5 (4) ◽  
pp. 26
Author(s):  
Julian Danner ◽  
Martin Kreuzer
Keyword(s):  
Fault Injection ◽  
Internal State ◽  
Linear Equations ◽  
Stream Ciphers ◽  
Secret Key ◽  
Fault Attack ◽  
Time Period ◽  
The Family ◽  
Small Parts ◽  
Differential Fault Attack

A differential fault attack framework for the Enocoro family of stream ciphers is presented. We only require that the attacker can reset the internal state and inject a random byte-fault, in a random register, during a known time period. For a single fault injection, we develop a differential clocking algorithm that computes a set of linear equations in the in- and output differences of the non-linear parts of the cipher and relates them to the differential keystream. The usage of these equations is two-fold. Firstly, one can determine those differentials that can be computed from the faulty keystream, and secondly they help to pin down the actual location and timing of the fault injection. Combining these results, each fault injection gives us information on specific small parts of the internal state. By encoding the information we gain from several fault injections using the weighted Horn clauses, we construct a guessing path that can be used to quickly retrieve the internal state using a suitable heuristic. Finally, we evaluate our framework with the ISO-standardized and CRYPTREC candidate recommended cipher Enocoro-128v2. Simulations show that, on average, the secret key can be retrieved within 20 min on a standard workstation using less than five fault injections.

scholarly journals Fault Attack on the Authenticated Cipher ACORN v2

2017 ◽  
Vol 2017 ◽  
pp. 1-16 ◽  
Author(s):  
Xiaojuan Zhang ◽  
Xiutao Feng ◽  
Dongdai Lin
Keyword(s):  
Time Complexity ◽  
Fault Injection ◽  
Linear Equations ◽  
Stream Ciphers ◽  
Second Step ◽  
System Of Equations ◽  
Initial State ◽  
Fault Attack ◽  
Equation Solving ◽  
Fault Locating

Fault attack is an efficient cryptanalysis method against cipher implementations and has attracted a lot of attention in recent public cryptographic literatures. In this work we introduce a fault attack on the CAESAR candidate ACORN v2. Our attack is done under the assumption of random fault injection into an initial state of ACORN v2 and contains two main steps: fault locating and equation solving. At the first step, we first present a fundamental fault locating method, which uses 99-bit output keystream to determine the fault injected location with probability 97.08%. And then several improvements are provided, which can further increase the probability of fault locating to almost 1. As for the system of equations retrieved at the first step, we give two solving methods at the second step, that is, linearization and guess-and-determine. The time complexity of our attack is not larger than c·2179.19-1.76N at worst, where N is the number of fault injections such that 31≤N≤88 and c is the time complexity of solving linear equations. Our attack provides some insights into the diffusion ability of such compact stream ciphers.

Differential Fault Attack and Meet-in-the-Middle Attack on Block Cipher LED

2013 ◽  
Vol 850-851 ◽  
pp. 529-532
Author(s):  
Feng Liu ◽  
Xuan Liu ◽  
Shuai Meng
Keyword(s):  
Block Cipher ◽  
Low Cost ◽  
Exhaustive Search ◽  
Differential Analysis ◽  
Secret Key ◽  
Fault Attack ◽  
Differential Fault Attack

In this paper, on the basis of the nibble-based faulty model and the differential analysis principle, we propose a kind of attack on the new low-cost LED block cipher which combine differential fault attack with meet-in-the-middle attack. We inject the nibble faulty at round 29, which is earlier than other papers. More precisely, ciphertext need to be multiplied by a matrix before add the key in order to reduce the effect from key spreading. Finally, the key candidates are recovered by solving the equation set. Hence the secret key bits can be recovered faster than exhaustive search.

scholarly journals Fast Correlation Attacks on Grain-like Small State Stream Ciphers

2017 ◽  
pp. 58-81 ◽  
Author(s):  
Bin Zhang ◽  
Xinxin Gong ◽  
Willi Meier
Keyword(s):  
Internal State ◽  
Stream Ciphers ◽  
Small Scale ◽  
Secret Key ◽  
Small State ◽  
Key Recovery ◽  
Key Recovery Attack ◽  
Correlation Attacks ◽  
Fast Correlation Attacks

In this paper, we study the security of Grain-like small state stream ciphers by fast correlation attacks, which are commonly regarded as classical cryptanalytic methods against LFSR-based stream ciphers. We extend the cascaded structure adopted in such primitives in general and show how to restore the full internal state part-by-part if the non-linear combining function meets some characteristic. As a case study, we present a key recovery attack against Fruit, a tweaked version of Sprout that employs key-dependent state updating in the keystream generation phase. Our attack requires 262.8 Fruit encryptions and 222.3 keystream bits to determine the 80-bit secret key. Practical simulations on a small-scale version confirmed our results.

scholarly journals Atom: A Stream Cipher with Double Key Filter

2021 ◽  
pp. 5-36
Author(s):  
Subhadeep Banik ◽  
Andrea Caforio ◽  
Takanori Isobe ◽  
Fukang Liu ◽  
Willi Meier ◽  
...  
Keyword(s):  
Stream Cipher ◽  
Internal State ◽  
Common Knowledge ◽  
Basic Structure ◽  
Stream Ciphers ◽  
Security Level ◽  
Secret Key ◽  
Internal States ◽  
The Face

It has been common knowledge that for a stream cipher to be secure against generic TMD tradeoff attacks, the size of its internal state in bits needs to be at least twice the size of the length of its secret key. In FSE 2015, Armknecht and Mikhalev however proposed the stream cipher Sprout with a Grain-like architecture, whose internal state was equal in size with its secret key and yet resistant against TMD attacks. Although Sprout had other weaknesses, it germinated a sequence of stream cipher designs like Lizard and Plantlet with short internal states. Both these designs have had cryptanalytic results reported against them. In this paper, we propose the stream cipher Atom that has an internal state of 159 bits and offers a security of 128 bits. Atom uses two key filters simultaneously to thwart certain cryptanalytic attacks that have been recently reported against keystream generators. In addition, we found that our design is one of the smallest stream ciphers that offers this security level, and we prove in this paper that Atom resists all the attacks that have been proposed against stream ciphers so far in literature. On the face of it, Atom also builds on the basic structure of the Grain family of stream ciphers. However, we try to prove that by including the additional key filter in the architecture of Atom we can make it immune to all cryptanalytic advances proposed against stream ciphers in recent cryptographic literature.

scholarly journals On the Statistical Analysis of ZUC, Espresso and Grain v1

2021 ◽  
pp. 384-390
Author(s):  
Saurabh Shrivastava ◽  
K. V. Lakshmy ◽  
Chungath Srinivasan
Keyword(s):  
Statistical Analysis ◽  
Stream Cipher ◽  
Internal State ◽  
Statistical Tests ◽  
Stream Ciphers ◽  
Hamming Weight ◽  
Secret Key ◽  
State Correlation ◽  
Very High

A stream cipher generates long keystream to be XORed with plaintext to produce ciphertext. A stream cipher is said to be secure if the keystream that it produces is consistently random. One of the ways by which we can analyze stream ciphers is by testing randomness of the keystream. The statistical tests mainly try to find if any output keystream leaks any information about the secret key or the cipher’s internal state and also check the randomness of the keystream. We have applied these tests to different keystreams generated by ZUC, Espresso and Grain v1 stream ciphers to check for any weaknesses. We have also proposed four new statistical tests to analyze the internal state when the hamming weight of key and IV used is very high or low. Out of these four tests, Grain v1 fails the last test i.e. internal state correlation using high hamming weight IV.

scholarly journals A fault attack on the Niederreiter cryptosystem using binary irreducible Goppa codes

2020 ◽  
Vol Volume 12, issue 1 ◽  
Author(s):  
Julian Danner ◽  
Martin Kreuzer
Keyword(s):  
Fault Injection ◽  
Polynomial Equations ◽  
Secret Key ◽  
Goppa Codes ◽  
Fault Attack ◽  
Low Degree ◽  
Secret Keys ◽  
Niederreiter Cryptosystem ◽  
System Of Polynomial Equations ◽  
Solving Strategy

A fault injection framework for the decryption algorithm of the Niederreiter public-key cryptosystem using binary irreducible Goppa codes and classical decoding techniques is described. In particular, we obtain low-degree polynomial equations in parts of the secret key. For the resulting system of polynomial equations, we present an efficient solving strategy and show how to extend certain solutions to alternative secret keys. We also provide estimates for the expected number of required fault injections, apply the framework to state-of-the-art security levels, and propose countermeasures against this type of fault attack. Comment: 20 pages

A differential fault attack on the WG family of stream ciphers

2020 ◽  
Vol 10 (2) ◽  
pp. 189-195 ◽  
Author(s):  
Mohammad Ali Orumiehchiha ◽  
Saeed Rostami ◽  
Elham Shakour ◽  
Josef Pieprzyk
Keyword(s):  
Stream Ciphers ◽  
Fault Attack ◽  
Differential Fault Attack
Sign in / Sign up

Export Citation Format

Share Document