Abstract
This paper proposes a fault attack on Enocoro stream cipher family. The differential random fault method is one of the most popular methods to analyses cryptographic mechanisms. To attack Enocoro algorithm, the relationships between two distinct parts of cipher buffer b and internal state “a” are exploited. The attack has been applied on two important versions of the family based on the differential random value fault model to recover the internal state of ciphers. For most members of Enocoro algorithm family, the proposed attack can be applied with a maximum of four faults. The results show Encoro-80 and Encoro-128 are broken with time complexity 216 and 229 respectively by using only 2 random value faults. The results have been checked by software implementations and prove the cipher is quite vulnerable against the proposed fault attack.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
The probability of faults occurring in register “a” is not addressed in the article, but it is expected to be higher in registers with complex and lengthy computational circuit updates, especially in attack methods like glitch frequency or voltage.
References
Watanabe, D.; Ideguchi, K.; Kitahara, J.; Muto, K.; Furuichi, H.; Kaneko, T. Enocoro-80: A hardware oriented stream cipher. In Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, Barcelona, Spain, 4–7 March 2008; pp. 1294–1300.
Hitachi Ltd. Pseudorandom Number Generator Enocoro–Specification Ver. 2.0. 2010. https://www.cryptrec.go. jp/en/cryptrec_13_spec_cypherlist_files/PDF/23_00espec.pdf (accessed on 22 September 2021).
ISO/IEC 29192–3:2012(en), Information technology-Security technices-Lightweight cryptography-Part 3:Stream Ciphers, 2012.
Danner, J., Kreuzer, M.: A fault attack on the family of enocoro stream ciphers. Cryptography 5, 26 (2021). https://doi.org/10.3390/cryptography5040026
Naoki Shibayama; Yasutaka Igarashi, A New Higher Order Differential of Enocoro-128v2, Ninth International Symposium on Computing and Networking, CANDAR, Matsue, Japan, 23–26 November 2021, 379–384, Workshops IEEE, 2021.
Ding, L., Jin, C., Guan, J.: Slide attack on standard stream cipher Enocoro-80 in the related-key chosen IV setting. Pervasive Mob. Comput. 24, 224–230 (2015)
D. Boneh, R.; Demillo, A.; Lipton, R. J. On the importance of checking cryptographic protocols for faults. Springer, 1997, pp. 37–51.
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In Advances in Cryptology - CRYPTO ’97, 17th Annual International Cryptology Conference, Santa Barbara, California, USA, August 17–21, 1997, Proceedings, 1997, pp. 513–525. https://doi.org/10.1007/BFb0052259
Bl¨omer, J., Seifert, J.: Fault based cryptanalysis of the advanced encryption standard. IACR Cryptology ePrint Archive, vol. 2002, 2002. http://eprint.iacr.org/2002/075
Jonathan, J.H., Shamir, A.: Fault Analysis of Stream Ciphers, CHES 2004, Cryptographic Hardware and Embedded Systems (2004).
Hojsık, M., Rudolf, B.: Floating fault analysis of trivium. In Progress in Cryptology - INDOCRYPT 2008, Proceedings of 9th International Conference on Cryptology in India, Kharagpur, India, December 14–17, 2008, pp. 239–250 (2008)
Debraize, B., Corbella, I.M.: Fault analysis of the stream cipher snow 3g. In 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 103–110 (2009)
Kircanski, A., Youssef, A. M.: Differential fault analysis of rabbit. In Selected Areas in Cryptography, 16th Annual International Workshop, SAC 2009, Calgary, Alberta, Canada, August 13–14, 2009, Revised Selected Papers, pp. 197–214 (2009).
Armknecht, F., Meier, W.: Fault Attacks on Combiners with Memory. In: International Workshop on Selected Areas in Cryptography (2005).
Ghalaty, N.F.: Fault Attacks on Cryptosystems: Novel Threat Models, Countermeasures and Evaluation Metrics”, Doctor of Philosophy in Computer Engineering in Blacksburg, Virginia, July 26 (2016).
Author information
Authors and Affiliations
Contributions
All authors have involved in writing the main manuscript text. All authors reviewed the manuscript.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix 1: Attack path on the version 128 with 2 fault
Appendix 1 shows the path of recovering internal state in Enocoro-128v2 algorithm. The path exploits two faults to recover the state. Figure 6 presents the attack steps on Enocoro-128.
Fault attack on Enocoro-128
Appendix 2: Attack path on the general version of Enocoro with 4 fault
This appendix shows the path of recovering internal state of the general version of Enocoro algorithm. The path exploits four faults to recover the state. Figure
Fault attack on the general version of cipher
7 presents the attack steps on the cipher.
Note: In Fig. 7, for simplicity, we do not show the injection location of second, third and fourth faults. The location and time of these faults are based on their effect occurring at the intended time in \({b}_{{q}_{1}}.\)
It should be noted that if the following two inequalities are satisfied, then the adversary definitely needs four faults to successfully apply the attack. If any of these inequalities are removed, one fault injection is reduced.
(k2-k1) > (k3 − k2).
(k3- k2) > (k4 − k3).
The proposed attack works when \({k}_{1}\text{. . . }{k}_{4}\) (which indicate \({\text{b}}_{\text{k1}}\text{, . . . ,}{\text{b}}_{\text{k4}}\) as inputs of buffer b which are used to update the internal state a) satisfy the above inequalities. The reason for this issue is the distance between cells to inject the faults. The cells in which the fault is injected are the cells related to updating the content of a (cells with ki index). Therefore, it can be generally concluded that a maximum of four faults are needed to accomplish the attack.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Rostami, S., Orumiehchiha, M.A., Shakour, E. et al. Fault attack on Enocoro stream cipher family. J Cryptogr Eng 15, 3 (2025). https://doi.org/10.1007/s13389-024-00367-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13389-024-00367-z