Abstract
In this paper, we report the first DFA on nonce-based CAESAR scheme NORX (applicable to all the versions v1, v2.0, v3.0). This demonstrates a scenario when faults introduced in NORX in parallel mode can be used to collide the internal branches to produce an all-zero state. Later, this fault is used to replay on NORX despite being instantiated by different nonces and messages. Once replayed, the secret key of NORX can be recovered using secondary faults and using the faulty tags. The attack presents a case where for the first time both internal and classical differentials are used to mount a DFA on a nonce-based authenticated cipher. Different fault models are used to showcase the versatility of the attack strategy. A detailed theoretical analysis of the expected number of faults is furnished under various models. Under the random bit-flip model, around 1384 faults need to be induced to reduce the key-space from \(2^{128}\) to \(2^{32}\), while the random byte-flip model requires 332 faults to uniquely identify the key. Moreover, we have identified and solved a new theoretical problem for the consecutive bit-flip fault model that is a special variant of the generalized coupon collector problem. We refer to the new problem as the consecutive coupon collector problem. We also present a mathematical proof to this problem for the first time in the literature. Additionally, we corroborate that our theoretical values are matched very closely to the simulated values. Further, we show the validation of our calculations of the problem using hypothesis testing. Finally, we furnish a discussion to assess the DFA vulnerability of FORK-256 based on a strategy similar to the one used for NORX.
Similar content being viewed by others
Notes
We stress that this is true for any nonce and messages with consecutive identical blocks.
Here, non-faulty tag means, the tag where we don’t induce any fault at the last diag(S) call, after the internal collision in the state by giving a counter fault. But physically, all tags are faulty due to the prerequisite of fault-based internal state collision.
References
Abed, F., Forler, C., Lucks, S.: General classification of the authenticated encryption schemes for the CAESAR competition. Comput. Sci. Rev. 22, 13–26 (2016)
Agoyan, M., Dutertre, J., Mirbaha, A., Naccache, D., Ribotta, A., Tria, A.: How to flip a bit? In: 16th IEEE International On-Line Testing Symposium (IOLTS 2010), 5–7 July, 2010, Corfu, Greece, IEEE Computer Society, pp 235–239 (2010). https://doi.org/10.1109/IOLTS.2010.5560194
Anceaume, E., Busnel, Y., Sericola, B.: New results on a generalized coupon collector problem using Markov chains. J. Appl. Probab. 52(2), 405–418 (2015)
Aumasson, J., Jovanovic, P., Neves, S.: Analysis of NORX: investigating differential and rotational properties. In: Progress in Cryptology—LATINCRYPT 2014—Third International Conference on Cryptology and Information Security in Latin America, Florianópolis, Brazil, September 17–19, 2014, pp 306–324 (2014)
Aumasson, J., Jovanovic, P., Neves, S.: C-source code of NORX v3.0 (2016). https://norx.io/
Aumasson, J., Jovanovic, P., Neves, S.: NORX V1 (2014). http://competitions.cr.yp.to/round1/norxv1.pdf
Aumasson, J., Jovanovic, P., Neves, S.: NORX V2.0 (2015). http://competitions.cr.yp.to/round2/norxv20.pdf
Aumasson, J., Jovanovic, P., Neves, S.: NORX V3.0 (2016). https://competitions.cr.yp.to/round3/norxv30.pdf
Aumasson, J., Jovanovic, P., Neves, S.: NORX8 and NORX16: authenticated encryption for low-end systems. IACR Cryptology ePrint Archive 2015:1154 (2015). http://eprint.iacr.org/2015/1154
Aumasson, J., Meier, W.: Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi. NIST mailing list (2009). http://aumasson.jp/data/papers/AM09.pdf
Bagheri, N., Huang, T., Jia, K., Mendel, F., Sasaki, Y.: Cryptanalysis of reduced NORX. In: Fast Software Encryption—23rd International Conference, FSE 2016, Bochum, Germany, March 20–23, 2016, pp. 554–574 (2016)
Berenbrink, P., Sauerwald, T.: The weighted coupon collector’s problem and applications. In: Ngo, H. Q. (ed.) Computing and Combinatorics, 15th Annual International Conference, COCOON 2009, Niagara Falls, NY, USA, July 13–15, 2009, Proceedings, Springer, Lecture Notes in Computer Science, vol. 5609, pp. 449–458 (2009). https://doi.org/10.1007/978-3-642-02882-3_45
Bertoni, G., Daemen, J., Peeters, M., Assche, G.V., Keer, R.V.: KEYAK v2 (2016). https://competitions.cr.yp.to/round3/keyakv22.pdf
Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Selected Areas in Cryptography—18th International Workshop, SAC 2011, Toronto, ON, Canada, August 11–12, 2011, pp. 320–337 (2011)
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Proceedings of the Advances in Cryptology—CRYPTO ’97, 17th Annual International Cryptology Conference, Santa Barbara, California, USA, August 17–21, 1997, pp. 513–525 (1997)
Biryukov, A., Khovratovich, D.: PAEQ: parallelizable permutation-based authenticated encryption. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S. (eds.) Information Security—17th International Conference, ISC 2014, Hong Kong, China, October 12–14, 2014. Proceedings, Springer, Lecture Notes in Computer Science, vol. 8783, pp. 72–89 (2014). https://doi.org/10.1007/978-3-319-13257-0_5
Biryukov, A., Udovenko, A., Velichkov, V.: Analysis of the NORX core permutation. IACR Cryptology ePrint Archive 2017:34 (2017)
Breier, J., He, W., Bhasin, S., Jap, D., Chef, S., Ong, H.G., Gan, C.L.: Extensive laser fault injection profiling of 65 nm FPGA. J. Hardw. Syst. Secur. 1(3), 237–251 (2017)
CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness. Retrieved 12 Mar 2013. https://competitions.cr.yp.to/caesar.html
Chaigneau, C., Fuhr, T., Gilbert, H., Jean, J., Reinhard, J.: Cryptanalysis of NORX v2.0. IACR Trans. Symmetr. Cryptol. 2017(1), 156–174 (2017)
Colombier, B., Bossuet, L., Grandamme, P., Vernay, J., Chanavat, E., Bon, L., Chassagne, B.: Multi-spot laser fault injection setup: new possibilities for fault injection attacks. In: 20th Smart Card Research and Advanced Application Conference—CARDIS 2021, Lübeck, Germany (2021). https://hal.archives-ouvertes.fr/hal-03353863
Colombier, B., Menu, A., Dutertre, J., Moëllic, P., Rigaud, J., Danger, J.: Laser-induced single-bit faults in flash memory: instructions corruption on a 32-bit microcontroller. In: IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2019, McLean, VA, USA, May 5–10, 2019, IEEE, pp. 1–10 (2019). https://doi.org/10.1109/HST.2019.8741030
Damgård, I.: A design principle for hash functions. In: Brassard, G. (ed.) Advances in Cryptology - CRYPTO ’89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20–24, 1989, Proceedings, Springer, Lecture Notes in Computer Science, vol. 435, pp. 416–427 (1989). https://doi.org/10.1007/0-387-34805-0_39
Das, S., Maitra, S., Meier, W.: Higher order differential analysis of NORX. IACR Cryptology ePrint Archive 2015: 186 (2015)
Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: a strengthened version of RIPEMD. In: Gollmann, D. (ed.) Fast Software Encryption, Third International Workshop, Cambridge, UK, February 21–23, 1996, Proceedings, Springer, Lecture Notes in Computer Science, vol. 1039, pp. 71–82 (1996). https://doi.org/10.1007/3-540-60865-6_44
Dobraunig, C., Eichlseder, M., Korak, T., Lomné, V., Mendel, F.: Statistical fault attacks on nonce-based authenticated encryption schemes. In: Advances in Cryptology—ASIACRYPT 2016—22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4–8, 2016, Proceedings, Part I, pp. 369–395 (2016)
Dobraunig, C., Mangard, S., Mendel, F., Primas, R.: Fault attacks on nonce-based authenticated encryption: application to keyak and ketje. In: Selected Areas in Cryptography—SAC 2018—25th International Conference, Calgary, AB, Canada, August 15–17, 2018, pp. 257–277 (2018b)
Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: SIFA: exploiting ineffective fault inductions on symmetric cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 547–572 (2018). https://doi.org/10.13154/tches.v2018.i3.547-572
Doumas, A.V., Papanicolaou, V.G.: The coupon collector’s problem revisited: asymptotics of the variance. Adv. Appl. Probab. 44(1), 166–195 (2012)
Dutertre, J., Beroulle, V., Candelier, P., Castro, S.D., Faber, L., Flottes, M., Gendrier, P., Hély, D., Leveugle, R., Maistri, P., Natale, G.D., Papadimitriou, A., Rouzeyre, B.: Laser fault injection at the CMOS 28 nm technology node: an analysis of the fault model. In: 2018 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2018, Amsterdam, The Netherlands, September 13, 2018, IEEE Computer Society, pp. 1–6 (2018). https://doi.org/10.1109/FDTC.2018.00009
Dutertre, J., Mirbaha, A., Naccache, D., Ribotta, A., Tria, A., Vaschalde, T.: Fault round modification analysis of the advanced encryption standard. In: 2012 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2012, San Francisco, CA, USA, June 3–4, 2012, IEEE Computer Society, pp. 140–145 (2012). https://doi.org/10.1109/HST.2012.6224334
Dwivedi, A.D., Kloucek, M., Morawiecki, P., Nikolic, I., Pieprzyk, J., Wójtowicz, S.: Sat-based cryptanalysis of authenticated ciphers from the CAESAR competition. In: Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE 2017)—Volume 4: SECRYPT, Madrid, Spain, July 24–26, 2017, pp. 237–246 (2017)
Erdős, P., Rényi, A.: On a classical problem of probability theory. Magyar Tudományos Akadémia Matematikai Kutató Intézetének Közleményei 6, 215–220 (1961)
Feller, W.: An Introduction to Probability Theory and Its Applications. Wiley, New York (1950)
Flajolet, P., Gardy, D., Thimonier, L.: Birthday paradox, coupon collectors, caching algorithms and self-organizing search. Discrete Appl. Math. 39(3), 207–229 (1992)
Fuhr, T., Jaulmes, É., Lomné, V., Thillard, A.: Fault attacks on AES with faulty ciphertexts only. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, Los Alamitos, CA, USA, August 20, 2013, pp. 108–118 (2013)
Holst, L.: On birthday and collectors’ and occupancy and other classical urn problems. Int. Stat. Rev. 54, 15–27 (1986)
Hong, D., Chang, D., Sung, J., Lee, S., Hong, S., Lee, J., Moon, D., Chee, S.: A new dedicated 256-bit hash function: FORK-256. In: Robshaw, M.J.B. (ed.) Fast Software Encryption, 13th International Workshop, FSE 2006, Graz, Austria, March 15–17, 2006, Revised Selected Papers, Springer, Lecture Notes in Computer Science, vol. 4047, pp. 195–209 (2006). https://doi.org/10.1007/11799313_13
Hong, D., Chang, D., Sung, J., Lee, S., Hong, S., Lee, J., Moon, D., Chee, S.: A new dedicated 256-bit hash function: FORK-256. In: Robshaw, M.J.B. (ed.) Fast Software Encryption, 13th International Workshop, FSE 2006, Graz, Austria, March 15–17, 2006, Springer, Lecture Notes in Computer Science, vol. 4047, pp. 195–209 (2006)
Jana, A., Saha, D., Paul, G.: Differential fault analysis of NORX. In: Chang C, Rührmair, U., Katzenbeisser, S., Schaumont, P. (eds). Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security Workshop, ASHES@CCS 2020, Virtual Event, USA, November 13, 2020, ACM, pp. 67–79 (2020). https://doi.org/10.1145/3411504.3421213
Laplace, P.S.: Théorie analytique des probabilités, pp. 194–195 (1812)
Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) Advances in Cryptology—CRYPTO ’89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20–24, 1989, Proceedings, Springer, Lecture Notes in Computer Science, vol. 435, pp. 428–446 (1989). https://doi.org/10.1007/0-387-34805-0_40
Neal, P.: The generalised coupon collector problem. J. Appl. Probab. 45(3), 621–629 (2008)
Newman, J.D., Shepp, L.: The double Dixie cup problem (1960)
Roberts, F., Tesman, B.: Applied Combinatorics, 2nd edn. Chapman and Hall/CRC, Boca Raton (2009)
Rogaway, P.: Nonce-based symmetric encryption. In: Fast Software Encryption, 11th International Workshop, FSE 2004, Delhi, India, February 5–7, 2004, pp. 348–359 (2004)
Ross, S.: A First Course in Probability, 7th edn. Prentice Hall, New York (2005)
Saha, S., Bag, A., Roy, D.B., Patranabis, S., Mukhopadhyay, D.: Fault template attacks on block ciphers exploiting fault propagation. In: Canteaut, A., Ishai, Y. (eds.) Advances in Cryptology—EUROCRYPT 2020—39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings, Part I, Springer, Lecture Notes in Computer Science, vol. 12105, pp. 612–643 (2020). https://doi.org/10.1007/978-3-030-45721-1_22
Saha, S., Chakraborty, R.S., Nuthakki, S.S., Anshul, M.D.: Improved test pattern generation for hardware trojan detection using genetic algorithm and Boolean satisfiability. In: Güneysu, T., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2015—17th International Workshop, Saint-Malo, France, September 13–16, 2015, Proceedings, Springer, Lecture Notes in Computer Science, vol. 9293, pp. 577–596 (2015). https://doi.org/10.1007/978-3-662-48324-4_29
Saha, D., Chowdhury, D.R.: Encounter: On breaking the nonce barrier in differential fault analysis with a case-study on PAEQ. In: Cryptographic Hardware and Embedded Systems—CHES 2016—18th International Conference, Santa Barbara, CA, USA, August 17–19, 2016, Proceedings, pp. 581–601 (2016)
Saha, D., Chowdhury, D.R.: Internal differential fault analysis of parallelizable ciphers in the counter-mode. J. Cryptogr. Eng. (2017)
Saha, D., Chowdhury, D.R.: Scope: On the side channel vulnerability of releasing unverified plaintexts. In: Selected Areas in Cryptography—SAC 2015—22nd International Conference, Sackville, NB, Canada, August 12–14, 2015, pp. 417–438 (2015)
Saha, D., Kuila, S., Chowdhury, D.R.: Escape: diagonal fault analysis of APE. In: Progress in Cryptology - INDOCRYPT 2014—15th International Conference on Cryptology in India, New Delhi, India, December 14–17, 2014, Proceedings, pp. 197–216 (2014)
Selmke, B., Brummer, S., Heyszl, J., Sigl, G.: Precise laser fault injections into 90 nm and 45 nm sram-cells. In: Homma, N., Medwed, M. (eds.) Smart Card Research and Advanced Applications—14th International Conference, CARDIS 2015, Bochum, Germany, November 4–6, 2015. Revised Selected Papers, Springer, Lecture Notes in Computer Science, vol. 9514, pp. 193–205 (2015). https://doi.org/10.1007/978-3-319-31271-2_12
Sharif, M., Hassibi, B.: Delay considerations for opportunistic scheduling in broadcast fading channels (1960)
Vasselle, A., Thiebeauld, H., Maouhoub, Q., Morisset, A., Ermeneux, S.: Laser-induced fault injection on smartphone bypassing the secure boot. In: 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2017, Taipei, Taiwan, September 25, 2017, IEEE Computer Society, pp. 41–48 (2017). https://doi.org/10.1109/FDTC.2017.18
von Schelling, H.: Coupon collecting for unequal probabilities. Am. Math. Mon. 61, 306–311 (1954)
Xu, W., Tang, A.K.: A generalized coupon collector problem. CoRR arXiv:1010.5608 (2010)
Acknowledgements
The first author would like to acknowledge Dr. Ritam Bhaumik for an insightful discussion on the coupon collector problem.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This is a thoroughly revised and substantially extended version of [40] published in the Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security, ASHES@CCS 2020, Virtual Event, USA, November 13, 2020, ACM, pp 67–79. Sections 2.2, 8.1 and 10.1 are completely new additions to the current work. Also, Sect. 9 has been extensively updated with detailed comparison between theoretical estimates and simulation results.
Appendices
Appendix A: Alternative solution to a boundary case of consecutive coupon collector problem
Problem statement Suppose an attacker targets to inject consecutive bits fault in a register containing n number of bits. In each trial, the attacker randomly chooses a bit from the register and then flips l bits (for some pre-defined number \(l \le n\)) from the flipped one to the right and marks them as flipped. Then, what is the expected number of trials so that all the n bits get flipped?
Exact theoretical solution For a fixed n, l, let us define the random variable \(X_i\) as
Now, observe that, if we want bit position i to be flipped, then there exists some fixed bit positions which need to be flipped in the trials that makes our concerned position checked.
We want the expected number of trials so that all the positions gets checked. So, we need to find the expectation of the maximum number of trials required for n number of bits to get checked. Let us define a new random variable X as
and we want to calculate \({\mathbb {E}}(X)\).
Before proceeding into mathematical details, let us first fix some notations.
-
1. Distance between node i and node j is
$$\begin{aligned} d_{ij} := |i-j|. \end{aligned}$$ -
2. WLOG, let \(i<j\). Then, the number of joint favorable hitting positions contributed by j given i is
$$\begin{aligned} v_{ij} := \min (d_{ij},l). \end{aligned}$$
Then, WLOG given \(A = \left\{ i_1, i_2, \dots i_p \right\} \subset \{1,2,\dots ,n\)}, where \(i_1< i_2< \ldots < i_p\) the total number of favorable hitting positions such that at least one of them is flipped is given by
where, following our definition above,
Thus, we can write down the joint probability as
Due to the independence of the trials, we will get by using Principle of inclusion and exclusion,
As the last term will be 0 for all \(r\ge 1\). Then, we have,
Finally, we can conclude that,
Empirical validation We simulate the procedure for 100,000 times for each value of n and l and take averages over those values to compare it with the theoretical values. Both the theoretical and the simulated values are given in Tables 11 and 12, respectively. It is clear that our theoretical result is very close to the simulated one.
Counting observations beyond \(3\sigma \) limits. The corrplot in Figure 16 of the difference matrix obtained from the theoretical and the simulated values shows an idea about how close the values are.
Also, we plot the \(3\sigma \) limits in Figure 17 around the mean differences to see how many of the observations fall beyond \(3\sigma \) limit.
Notice that, out of the 300 observations, only 3 of them are not significantly close which is \(\frac{3}{300} = 1\%\) of the total number of observations. Hence, there is clear evidence that our calculations are correct.
Now, to make things more rigorous, we can do some hypothesis testing, which results into an interesting observation.
Hypothesis testing For each fixed n and l, let, \(Y_{n,l}^1, Y_{n,l}^2, \dots Y_{n,l}^m\) be m observations coming from some distribution with mean \(\mu _{nl}\). Then, we can frame our hypothesis as:
where, t(n, l) is our calculated theoretical value. For our purpose, \(m = 100{,}000\). So, we can do large sample approximation here. We want to test at \(5\%\) level of significance. Then, the test statistic will be,
where,
Since we are doing a both-sided test, our decision rule will be,
Now, we are doing \(\frac{25\times 24}{2} = 300\) many testings. Out of them 17 was rejected which is \(\frac{17}{300} \times 100 \% = 5.67 \%\) of the total values.
Appendix B: Proof of Theorem 1
Theorem 2
(The Principle of Inclusion and Exclusion) Suppose, we have n number of finite sets as \(A_1,\ldots ,A_n\). Then, the cardinality of their unions can be calculated using the following formula:
Let us prove Theorem 1 by using principle of mathematical induction. For \(m = 1\), the equality in Theorem 1 holds by using principle of inclusion and exclusion (Theorem 2). Let us assume that Theorem 2 is true for m. Now, we have to prove whether it is true for \(m+1\) or not. Therefore, we have to show that
Let C(k, m) denote the number of times an element x belonging to exactly k sets out of \(A_1, A_2,\ldots ,A_n\) which is actually counted on the right hand of the expression \(\mid B_m\mid \). So, by induction hypothesis, we can write
Let us assume that an element x belonging to exactly k sets out of the given n sets \(A_1,A_2,\ldots ,A_n\). Then, we have to show that,
Now, for \(k\ge m+1\), \(C(k, m + 1)\) denote the number of times x belonging to exactly k sets of n sets. This number is actually counted on the RHS of the expression \(\mid B_{m+1}\mid \). Therefore, we can write,
Now, by putting \(h = i + 1\) in the above expression, we get
Further, we have
Therefore, we have
Hence, \(C(k,m+1) = C(k,m) = 1\). Again, for \(k \le m\), we have \(C(k,m+1) = 0\) as
Rights and permissions
About this article
Cite this article
Jana, A., Nath, A., Paul, G. et al. Differential fault analysis of NORX using variants of coupon collector problem. J Cryptogr Eng 12, 433–459 (2022). https://doi.org/10.1007/s13389-022-00285-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-022-00285-y