Skip to main content
SpringerLink
Log in

Internal differential fault analysis of parallelizable ciphers in the counter-mode

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

In Saha and Chowdhury (Cryptographic hardware and embedded systems—CHES 2016—18th international conference, Santa Barbara, CA, USA, August 17–19, 2016, Proceedings, 2016) the concept of fault analysis using internal differentials within a cipher was introduced and used to overcome the nonce barrier of conventional differential fault analysis with a demonstration on authenticated cipher PAEQ. However, the attack had a limitation with regard to the fault model which restricted one of the faults to be injected in the last byte of the counter. This in turn also required the message size to be fixed at 255 complete blocks. In this work, we overcome these limitations by extending the concept in a more general setting. In particular, we look at the concept of Fault-Quartets which is central to these kind of fault-based attacks. We theorize the relation of the fault model with the message size which forms an important aspect as regards the complexity of internal differential fault analysis (IDFA). Our findings reveal that the fault model undertaken while targeting the counter can be relaxed at the expense of an exponentially larger message size. Interestingly, the algorithm for finding a Fault-Quartet still remains linear. This in turns implies that in case of PAEQ the time complexities of the IDFA attack reported remain unaffected. The internal differential fault attack is able to uniquely retrieve the key of three versions of full-round PAEQ of key sizes 64, 80 and 128 bits with complexities of about \(2^{16}\), \(2^{16}\) and \(2^{50}\), respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. For instance, the differing bits could be localized within a byte.

  2. Recall, the counter is of size \(c = n - k - 16\) bits.

  3. For instance, \(i = 5\) and \(j = 8\) differ only in the least significant byte.

  4. It is understood that \(r>2\) and \(2|(r-1)\).

  5. Last block is a complete block (i.e., block-size \(= n-k-16\)) due to Observation 1.

  6. Least significant bytes.

  7. With a probability of \({\frac{255}{256}}\) for \(k=1\).

  8. In any of the last k bytes of the counter.

  9. \((2^8-1)\) blocks for \(k = 1\) as argued earlier.

  10. Computed using the XOR of plaintext and ciphertext blocks.

  11. Faults injected in the same diagonal of an AES state in round r input lead to the same byte inter-relations at the end of round \((r+1)\).

  12. Recall that the column vector corresponds to the state after \(\beta _{19}\).

References

  1. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Advances in cryptology—CRYPTO ’97, 17th Annual International Cryptology Conference, Santa Barbara, California, USA, August 17–21, 1997, Proceedings, pp. 513–525 (1997)

  2. Giraud, C.: DFA on AES. In: Advanced Encryption Standard—AES, 4th International Conference, AES 2004, Bonn, Germany, May 10–12, 2004, Revised Selected and Invited Papers, pp. 27–41 (2004)

  3. Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. IACR Cryptology ePrint Archive, vol. 2003, p. 10 (2003). http://eprint.iacr.org/2003/010

  4. Piret, G., Quisquater, J-J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Cryptographic Hardware and Embedded Systems—CHES 2003, 5th International Workshop, Cologne, Germany, September 8–10, 2003, Proceedings, pp. 77–88 (2003)

  5. Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A generalized method of differential fault attack against AES cryptosystem. In: Cryptographic Hardware and Embedded Systems—CHES 2006, 8th International Workshop, Yokohama, Japan, October 10–13, 2006, Proceedings, pp. 91–100 (2006)

  6. Mukhopadhyay, Debdeep.: An improved fault based attack of the advanced encryption standard. In: Progress in Cryptology—AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21–25, 2009. Proceedings, pp. 421–434 (2009)

  7. Saha, D., Mukhopadhyay, D., Chowdhury, D.R.: A diagonal fault attack on the advanced encryption standard. In: IACR Cryptology ePrint Archive, vol. 2009, p. 581 (2009). http://eprint.iacr.org/2009/581

  8. Rogaway, P.: Nonce-based symmetric encryption. In: Fast Software Encryption, 11th International Workshop, FSE 2004, Delhi, India, February 5–7, 2004, Revised Papers, pp. 348–359 (2004)

  9. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  10. Joye, M., Lenstra, A.K., Quisquater, J.-J.: Chinese remaindering based cryptosystems in the presence of faults. J. Cryptol. 12(4), 241–245 (1999)

    Article  MATH  Google Scholar 

  11. Coron, J-S., Joux, A., Kizhvatov, I., Naccache, D., Paillier, P.: Fault attacks on RSA signatures with partially unknown messages. In: Cryptographic Hardware and Embedded Systems—CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6–9, 2009, Proceedings, pp. 444–456 (2009)

  12. Saha, D., Kuila, S., Chowdhury, D.R.: EscApe: diagonal fault analysis of APE. In: Progress in Cryptology—INDOCRYPT 2014—15th International Conference on Cryptology in India, New Delhi, India, December 14–17, 2014, Proceedings, pp. 197–216 (2014)

  13. Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Wang, Q., Yasuda, K.: PRIMATEs v1.02. Submission to the CAESAR Competition (2014). http://competitions.cr.yp.to/round2/primatesv102.pdf. Accessed 23 Nov 2017

  14. Dobraunig, C., Eichlseder, M., Korak, T., Lomné, V., Mendel, F.: Statistical fault attacks on nonce-based authenticated encryption schemes. In: Advances in Cryptology—ASIACRYPT 2016—22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4–8, 2016, Proceedings, Part I, pp. 369–395 (2016)

  15. Peyrin, T.: Improved differential attacks for ECHO and Grøstl. In: Advances in Cryptology—CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15–19, 2010. Proceedings, pp. 370–392 (2010)

  16. Dinur, I., Dunkelman, O., Shamir, A.: Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. In: Fast Software Encryption—20th International Workshop, FSE 2013, Singapore, March 11–13, 2013. Revised Selected Papers, pp. 219–240 (2013)

  17. CAESAR: competition for authenticated encryption: security, applicability, and robustness. http://competitions.cr.yp.to/caesar.html. Accessed 23 Nov 2017

  18. Daemen, J., Rijmen, V.: The Design of Rijndael: AES–The Advanced Encryption Standard. Information Security and Cryptography. Springer, Berlin (2002)

    Book  MATH  Google Scholar 

  19. Saha, D., Chowdhury, D.R.: EnCounter: on breaking the nonce barrier in differential fault analysis with a case-study on PAEQ. In: Cryptographic Hardware and Embedded Systems—CHES 2016—18th International Conference, Santa Barbara, CA, USA, August 17–19, 2016, Proceedings, pp. 581–601 (2016)

  20. Bagheri, N., Mendel, F., Sasaki, Y.: Improved rebound attacks on AESQ: core permutation of CAESAR candidate PAEQ. In: 21st Australasian Conference on Information Security and Privacy—ACISP 2016, Springer, pp. 301–316 (2016)

  21. Saha, D., Kakarla, S., Mandava, S., Chowdhury, D.R.: Gain: practical key-recovery attacks on round-reduced PAEQ. In: Security, Privacy, and Applied Cryptography Engineering—6th International Conference, SPACE 2016, Hyderabad, India, December 14–18, 2016, Proceedings, pp. 194–210 (2016)

  22. Saha, D., Kakarla, S., Mandava, S., Chowdhury, D.R.: Gain: practical key-recovery attacks on round-reduced PAEQ. J. Hardw. Syst. Secur. (2017). https://doi.org/10.1007/s41635-017-0010-5

  23. Biryukov, A., Khovratovich, D.: PAEQ: parallelizable permutation-based authenticated encryption. In: Information Security—17th International Conference, ISC 2014, Hong Kong, China, October 12–14, 2014. Proceedings, pp. 72–89 (2014)

  24. Khovratovich, D., Biryukov, A.: PAEQ v1. Submission to the CAESAR competition (2014). http://competitions.cr.yp.to/round1/paeqv1.pdf

  25. van Woudenberg, J.G.J., Witteman, M.F., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, Tokyo, Japan, September 29, 2011, pp. 91–99 (2011)

  26. Courbon, F., Loubet-Moundi, P., Fournier, J.J.A., Tria, A.: Adjusting laser injections for fully controlled faults. In: Constructive Side-Channel Analysis and Secure Design—5th International Workshop, COSADE 2014, Paris, France, April 13–15, 2014. Revised Selected Papers, pp. 229–242 (2014)

  27. Agoyan, M., Dutertre, J-M., Naccache, D., Robisson, B., Tria, A.: When clocks fail: on critical paths and clock faults. In: Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14–16, 2010. Proceedings, pp. 182–193 (2010)

  28. Moro, N., Heydemann, K., Dehbaoui, A., Robisson, B., Encrenaz, E.: Experimental evaluation of two software countermeasures against fault attacks. CoRR, abs/1407.6019 (2014)

  29. Verbauwhede, I., Karaklajic, D., Schmidt, J-M.: The fault attack jungle—a classification model to guide you. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, Tokyo, Japan, September 29, 2011, pp. 3–8 (2011)

  30. Schmidt, J.-M., Medwed,M.: Countermeasures for symmetric key ciphers. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography, pp. 73–87. Springer, Berlin, Heidelberg (2012)

  31. Wang, B., Liu, L., Deng, C., Zhu, M., Yin, S., Wei, S.: Against double fault attacks: injection effort model, space and time randomization based countermeasures for reconfigurable array architecture. IEEE Trans. Inf. Forensics Secur. 11(6), 1151–1164 (2016)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Crypto Research Lab, Department of Computer Science and Engineering, IIT, Kharagpur, India

    Dhiman Saha & Dipanwita Roy Chowdhury

Authors
  1. Dhiman Saha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dipanwita Roy Chowdhury
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dhiman Saha.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Saha, D., Chowdhury, D.R. Internal differential fault analysis of parallelizable ciphers in the counter-mode. J Cryptogr Eng 9, 53–67 (2019). https://doi.org/10.1007/s13389-017-0179-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-017-0179-0

Keywords

Search

Navigation