The ISC International Journal of Information Security

Abstract Differential Fault Analysis (DFA) represents one of the most effective physical attacks against cryptographic algorithms. It exploits the implementation weaknesses by injecting faults. DFA is a cryptographic technique in which an attacker intentionally injects errors into a cryptographic system and leverages the differences caused by these deliberate faults while executing cryptographic algorithms. The attacker can gain insights into the cryptographic operations by comparing the correct and faulty ciphertexts. This research applies DFA to BipBip, an ultra-low-latency tweakable block cipher characterized by a 24-bit tweakable block and a 256-bit master key. Our primary assumption is that the tweak remains fixed within BipBip. This study’s findings reveal that the structural design of the BipBip block cipher is susceptible to differential fault analysis. We demonstrate a significant vulnerability by injecting a precise number of 30 random faults into different states of BipBip. Through an exhaustive search process, we successfully retrieved the master key. Furthermore, this research marks the first application of differential fault analysis in identifying implementation weaknesses within BipBip, highlighting a critical security concern.

Abstract SKINNY is a lightweight tweakable block cipher that for the first time introduced in CRYPTO 2016. SKINNY is considered in two block sizes: 64 bits and 128 bits, as well as three TWEAK versions. In the beginning, this paper reflects our findings that improve the effectiveness of DFA analysis on SKINNY, then accomplishes the hardware implementation of this attack on SKINNY. Assuming that TWEAK is fixed, we first present the Enhanced DFA on SKINNY64-64 and SKINNY128-128. In order to retrieve the master key with the minimum number of faults, this approach depends on fault propagation in intermediate rounds. In our latest evaluations we can retrieve the master key with 2 and 3 faults in SKINNY64-64 and SKINNY128-128
respectively. This result should be compared with 3 and 4 faults for 64-bit and 128-bit versions respectively, in the models presented in the former work. Using the glitch model as well as a set of affordable hardware equipment, we injected faults into various rounds of the SKINNY algorithm in the implementation phase. More accurately, we can inject a single nibble fault into a particular round by determining the precise timing of the execution sub-function.

Abstract Differential fault analysis, a kind of active non-invasive attack, is an effective way of analyzing cryptographic primitives that have lately earned more attention. In this study, we apply this attack on CRAFT, a recently proposed lightweight tweakable block cipher, supported by simulation and experimental results. This cipher accepts a 64-bit Tweak, a 64-bit plaintext, and a 128-bit key to produce a 64-bit ciphertext. We assume that the target implementation of CRAFT does not use countermeasures in this paper. The considered fault model in the initial phase of this paper is a single-bit, but random nibble-injected fault, where we first present the fault injection attack as a simulation and then report on how to retrieve the round sub-keys. Next, we use frequency glitch as a fault injection technique in the experimental phase. This part aims to produce a single fault at a nibble in a specific round of the CRAFT. Following our statistical analysis and according to the simulation findings, we can reduce the key space to 30.28 and 24.37 bits, respectively, by using 4 and 5 faults. The experimental section also identifies the location of random faults injected by the hardware mechanism.