scholarly journals Algebraic Fault Analysis of SHA-256 Compression Function and Its Application

Information ◽  
2021 ◽  
Vol 12 (10) ◽  
pp. 433
Author(s):  
Kazuki Nakamura ◽  
Koji Hori ◽  
Shoichi Hirose
Keyword(s):  
Fault Injection ◽  
Computer Experiments ◽  
Fault Analysis ◽  
Unknown Input ◽  
Authentication Codes ◽  
Forgery Attack ◽  
Compression Function ◽  
Hardware Implementations ◽  
Important Research Topic ◽  
Pseudorandom Number Generation

Cryptographic hash functions play an essential role in various aspects of cryptography, such as message authentication codes, pseudorandom number generation, digital signatures, and so on. Thus, the security of their hardware implementations is an important research topic. Hao et al. proposed an algebraic fault analysis (AFA) for the SHA-256 compression function in 2014. They showed that one could recover the whole of an unknown input of the SHA-256 compression function by injecting 65 faults and analyzing the outputs under normal and fault injection conditions. They also presented an almost universal forgery attack on HMAC-SHA-256 using this result. In our work, we conducted computer experiments for various fault-injection conditions in the AFA for the SHA-256 compression function. As a result, we found that one can recover the whole of an unknown input of the SHA-256 compression function by injecting an average of only 18 faults on average. We also conducted an AFA for the SHACAL-2 block cipher and an AFA for the SHA-256 compression function, enabling almost universal forgery of the chopMD-MAC function.

scholarly journals Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code

2018 ◽  
pp. 96-122 ◽  
Author(s):  
Jakub Breier ◽  
Xiaolu Hou ◽  
Yang Liu
Keyword(s):  
Fault Injection ◽  
Fault Analysis ◽  
Data Flow Graph ◽  
Assembly Code ◽  
The Past ◽  
Injection Attacks ◽  
Differential Fault Analysis ◽  
Software Implementations ◽  
Fault Injection Attack ◽  
Fault Injection Attacks

Over the past decades, fault injection attacks have been extensively studied due to their capability to efficiently break cryptographic implementations. Fault injection attack models are normally determined by analyzing the cipher structure and finding exploitable spots in non-linear and permutation layers. However, this level of abstraction is often too high to distinguish vulnerable parts of software implementations, due to specific operations and optimizations. On the other hand, manually analyzing the assembly code requires non-negligible amount of time and expertise. In this paper, we propose an automated approach for analyzing cipher implementations in assembly. We represent the whole assembly program as a data flow graph so that the vulnerable spots can be found efficiently. Fault propagation is analyzed in a subgraph constructed from each vulnerable spot, allowing equations for Differential Fault Analysis (DFA) to be automatically generated. We have created a tool that implements our approach: DATAC – DFA Automation Tool for Assembly Code. We have successfully used this tool for attacking PRESENT- 80, being able to find implementation-specific vulnerabilities that can be exploited in order to recover the last round key with 16 faults. Our results show that DATAC is useful in finding attack spots that are not visible from the cipher structure, but can be easily exploited when dealing with real-world implementations.

Differential Fault Analysis on the MD5 Compression Function

2013 ◽  
Vol 8 (11) ◽  
Author(s):  
Wei Li ◽  
Zhi Tao ◽  
Dawu Gu ◽  
Yi Wang ◽  
Zhiqiang Liu ◽  
...  
Keyword(s):  
Fault Analysis ◽  
Compression Function ◽  
Differential Fault Analysis

scholarly journals Practical Multiple Persistent Faults Analysis

2021 ◽  
pp. 367-390
Author(s):  
Hadi Soleimany ◽  
Nasour Bagheri ◽  
Hosein Hadipour ◽  
Prasanna Ravi ◽  
Shivam Bhasin ◽  
...  
Keyword(s):  
Time Complexity ◽  
Fault Injection ◽  
Fault Analysis ◽  
Key Recovery ◽  
Trade Off ◽  
Fault Attacks ◽  
Novel Technique ◽  
Recovery Processes ◽  
Experimental Validations ◽  
Types Of Faults

We focus on the multiple persistent faults analysis in this paper to fill existing gaps in its application in a variety of scenarios. Our major contributions are twofold. First, we propose a novel technique to apply persistent fault apply in the multiple persistent faults setting that decreases the number of survived keys and the required data. We demonstrate that by utilizing 1509 and 1448 ciphertexts, the number of survived keys after performing persistent fault analysis on AES in the presence of eight and sixteen faults can be reduced to only 29 candidates, whereas the best known attacks need 2008 and 1643 ciphertexts, respectively, with a time complexity of 250. Second, we develop generalized frameworks for retrieving the key in the ciphertext-only model. Our methods for both performing persistent fault attacks and key-recovery processes are highly flexible and provide a general trade-off between the number of required ciphertexts and the time complexity. To break AES with 16 persistent faults in the Sbox, our experiments show that the number of required ciphertexts can be decreased to 477 while the attack is still practical with respect to the time complexity. To confirm the accuracy of our methods, we performed several simulations as well as experimental validations on the ARM Cortex-M4 microcontroller with electromagnetic fault injection on AES and LED, which are two well-known block ciphers to validate the types of faults and the distribution of the number of faults in practice.

FIFA: A fault-injection–fault-analysis-based tool for reliability assessment at RTL level

2011 ◽  
Vol 51 (9-11) ◽  
pp. 1459-1463 ◽  
Author(s):  
L.A.B. Naviner ◽  
J.-F. Naviner ◽  
G.G. dos Santos ◽  
E.C. Marques ◽  
N.M. Paiva
Keyword(s):  
Fault Injection ◽  
Reliability Assessment ◽  
Fault Analysis

scholarly journals Persistent Fault Analysis on Block Ciphers

2018 ◽  
pp. 150-172 ◽  
Author(s):  
Fan Zhang ◽  
Xiaoxuan Lou ◽  
Xinjie Zhao ◽  
Shivam Bhasin ◽  
Wei He ◽  
...  
Keyword(s):  
Time Synchronization ◽  
Fault Injection ◽  
Block Ciphers ◽  
Fault Analysis ◽  
Experimental Results ◽  
Fault Attacks ◽  
Intrinsic Nature ◽  
Fault Attack ◽  
Modular Redundancy

Persistence is an intrinsic nature for many errors yet has not been caught enough attractions for years. In this paper, the feature of persistence is applied to fault attacks, and the persistent fault attack is proposed. Different from traditional fault attacks, adversaries can prepare the fault injection stage before the encryption stage, which relaxes the constraint of the tight-coupled time synchronization. The persistent fault analysis (PFA) is elaborated on different implementations of AES-128, specially fault hardened implementations based on Dual Modular Redundancy (DMR). Our experimental results show that PFA is quite simple and efficient in breaking these typical implementations. To show the feasibility and practicability of our attack, a case study is illustrated on the shared library Libgcrypt with rowhammer technique. Approximately 8200 ciphertexts are enough to extract the master key of AES-128 when PFA is applied to Libgcrypt1.6.3 with redundant encryption based DMR. This work puts forward a new direction of fault attacks and can be extended to attack other implementations under more interesting scenarios.

scholarly journals CRAFT: Lightweight Tweakable Block Cipher with Efficient Protection Against DFA Attacks

2019 ◽  
pp. 5-45 ◽  
Author(s):  
Christof Beierle ◽  
Gregor Leander ◽  
Amir Moradi ◽  
Shahram Rasoolzadeh
Keyword(s):  
Block Cipher ◽  
Fault Analysis ◽  
Side Channel ◽  
Cryptographic Primitives ◽  
Area Overhead ◽  
Differential Fault Analysis ◽  
Hardware Implementations ◽  
Efficient Protection ◽  
Channel Analysis ◽  
Tweakable Block Cipher

Traditionally, countermeasures against physical attacks are integrated into the implementation of cryptographic primitives after the algorithms have been designed for achieving a certain level of cryptanalytic security. This picture has been changed by the introduction of PICARO, ZORRO, and FIDES, where efficient protection against Side-Channel Analysis (SCA) attacks has been considered in their design. In this work we present the tweakable block cipher CRAFT: the efficient protection of its implementations against Differential Fault Analysis (DFA) attacks has been one of the main design criteria, while we provide strong bounds for its security in the related-tweak model. Considering the area footprint of round-based hardware implementations, CRAFT outperforms the other lightweight ciphers with the same state and key size. This holds not only for unprotected implementations but also when fault-detection facilities, side-channel protection, and their combination are integrated into the implementation. In addition to supporting a 64-bit tweak, CRAFT has the additional property that the circuit realizing the encryption can support the decryption functionality as well with very little area overhead.

Sign in / Sign up

Export Citation Format

Share Document