Navid Vafaei; Maryam Porkar; Hamed Ramzanipour; Nasour Bagheri
Abstract
SKINNY is a lightweight tweakable block cipher that for the first time introduced in CRYPTO 2016. SKINNY is considered in two block sizes: 64 bits and 128 bits, as well as three TWEAK versions. In the beginning, this paper reflects our findings that improve the effectiveness of DFA analysis on SKINNY, ...
Read More
SKINNY is a lightweight tweakable block cipher that for the first time introduced in CRYPTO 2016. SKINNY is considered in two block sizes: 64 bits and 128 bits, as well as three TWEAK versions. In the beginning, this paper reflects our findings that improve the effectiveness of DFA analysis on SKINNY, then accomplishes the hardware implementation of this attack on SKINNY. Assuming that TWEAK is fixed, we first present the Enhanced DFA on SKINNY64-64 and SKINNY128-128. In order to retrieve the master key with the minimum number of faults, this approach depends on fault propagation in intermediate rounds. In our latest evaluations we can retrieve the master key with 2 and 3 faults in SKINNY64-64 and SKINNY128-128respectively. This result should be compared with 3 and 4 faults for 64-bit and 128-bit versions respectively, in the models presented in the former work. Using the glitch model as well as a set of affordable hardware equipment, we injected faults into various rounds of the SKINNY algorithm in the implementation phase. More accurately, we can inject a single nibble fault into a particular round by determining the precise timing of the execution sub-function.
Hamed Ramzanipour; Navid Vafaei; Nasour Bagheri
Abstract
Differential fault analysis, a kind of active non-invasive attack, is an effective way of analyzing cryptographic primitives that have lately earned more attention. In this study, we apply this attack on CRAFT, a recently proposed lightweight tweakable block cipher, supported by simulation and experimental ...
Read More
Differential fault analysis, a kind of active non-invasive attack, is an effective way of analyzing cryptographic primitives that have lately earned more attention. In this study, we apply this attack on CRAFT, a recently proposed lightweight tweakable block cipher, supported by simulation and experimental results. This cipher accepts a 64-bit Tweak, a 64-bit plaintext, and a 128-bit key to produce a 64-bit ciphertext. We assume that the target implementation of CRAFT does not use countermeasures in this paper. The considered fault model in the initial phase of this paper is a single-bit, but random nibble-injected fault, where we first present the fault injection attack as a simulation and then report on how to retrieve the round sub-keys. Next, we use frequency glitch as a fault injection technique in the experimental phase. This part aims to produce a single fault at a nibble in a specific round of the CRAFT. Following our statistical analysis and according to the simulation findings, we can reduce the key space to 30.28 and 24.37 bits, respectively, by using 4 and 5 faults. The experimental section also identifies the location of random faults injected by the hardware mechanism.
S.Ehsan Hosiny Nezhad; Masoumeh Safkhani; Nasour Bagheri
Abstract
In this paper, we propose a new method of differential fault analysis of SHA-3 which is based on the differential relations of the algorithm. Employing those differential relations in the fault analysis of SHA-3 gives new features to the proposed attacks, e.g., the high probability of fault detection ...
Read More
In this paper, we propose a new method of differential fault analysis of SHA-3 which is based on the differential relations of the algorithm. Employing those differential relations in the fault analysis of SHA-3 gives new features to the proposed attacks, e.g., the high probability of fault detection and the possibility of re-checking initial faults and the possibility to recover internal state with 22-53 faults. We also present two improvements for the above attack which are using differential relations in reverse direction to improve that attack results and using the algebraic relations of the algorithm to provide a second way to recover the internal state of SHA-3. Consequently, we show that with 5-8 faults on average, SHA-3's internal state can be fully recovered. X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X