nach oben

Journal of Cryptographic Engineering

Erschienen in:

29.11.2017 | Regular Paper

Internal differential fault analysis of parallelizable ciphers in the counter-mode

verfasst von: Dhiman Saha, Dipanwita Roy Chowdhury

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 1/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In Saha and Chowdhury (Cryptographic hardware and embedded systems—CHES 2016—18th international conference, Santa Barbara, CA, USA, August 17–19, 2016, Proceedings, 2016) the concept of fault analysis using internal differentials within a cipher was introduced and used to overcome the nonce barrier of conventional differential fault analysis with a demonstration on authenticated cipher PAEQ. However, the attack had a limitation with regard to the fault model which restricted one of the faults to be injected in the last byte of the counter. This in turn also required the message size to be fixed at 255 complete blocks. In this work, we overcome these limitations by extending the concept in a more general setting. In particular, we look at the concept of Fault-Quartets which is central to these kind of fault-based attacks. We theorize the relation of the fault model with the message size which forms an important aspect as regards the complexity of internal differential fault analysis (IDFA). Our findings reveal that the fault model undertaken while targeting the counter can be relaxed at the expense of an exponentially larger message size. Interestingly, the algorithm for finding a Fault-Quartet still remains linear. This in turns implies that in case of PAEQ the time complexities of the IDFA attack reported remain unaffected. The internal differential fault attack is able to uniquely retrieve the key of three versions of full-round PAEQ of key sizes 64, 80 and 128 bits with complexities of about \(2^{16}\), \(2^{16}\) and \(2^{50}\), respectively.

Vorheriger Artikel From theory to practice: horizontal attacks on protected implementations of modular exponentiations

Nächster Artikel Compact circuits for combined AES encryption/decryption

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

For instance, the differing bits could be localized within a byte.

Recall, the counter is of size \(c = n - k - 16\) bits.

For instance, \(i = 5\) and \(j = 8\) differ only in the least significant byte.

It is understood that \(r>2\) and \(2|(r-1)\).

Last block is a complete block (i.e., block-size \(= n-k-16\)) due to Observation 1.

Least significant bytes.

With a probability of \({\frac{255}{256}}\) for \(k=1\).

In any of the last k bytes of the counter.

\((2^8-1)\) blocks for \(k = 1\) as argued earlier.

Computed using the XOR of plaintext and ciphertext blocks.

Faults injected in the same diagonal of an AES state in round r input lead to the same byte inter-relations at the end of round \((r+1)\).

Recall that the column vector corresponds to the state after \(\beta _{19}\).

Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Advances in cryptology—CRYPTO ’97, 17th Annual International Cryptology Conference, Santa Barbara, California, USA, August 17–21, 1997, Proceedings, pp. 513–525 (1997)

Giraud, C.: DFA on AES. In: Advanced Encryption Standard—AES, 4th International Conference, AES 2004, Bonn, Germany, May 10–12, 2004, Revised Selected and Invited Papers, pp. 27–41 (2004)

Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. IACR Cryptology ePrint Archive, vol. 2003, p. 10 (2003). http://eprint.iacr.org/2003/010

Piret, G., Quisquater, J-J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Cryptographic Hardware and Embedded Systems—CHES 2003, 5th International Workshop, Cologne, Germany, September 8–10, 2003, Proceedings, pp. 77–88 (2003)

Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A generalized method of differential fault attack against AES cryptosystem. In: Cryptographic Hardware and Embedded Systems—CHES 2006, 8th International Workshop, Yokohama, Japan, October 10–13, 2006, Proceedings, pp. 91–100 (2006)

Mukhopadhyay, Debdeep.: An improved fault based attack of the advanced encryption standard. In: Progress in Cryptology—AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21–25, 2009. Proceedings, pp. 421–434 (2009)

Saha, D., Mukhopadhyay, D., Chowdhury, D.R.: A diagonal fault attack on the advanced encryption standard. In: IACR Cryptology ePrint Archive, vol. 2009, p. 581 (2009). http://eprint.iacr.org/2009/581

Rogaway, P.: Nonce-based symmetric encryption. In: Fast Software Encryption, 11th International Workshop, FSE 2004, Delhi, India, February 5–7, 2004, Revised Papers, pp. 348–359 (2004)

Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)MathSciNetCrossRefMATH

10.

Joye, M., Lenstra, A.K., Quisquater, J.-J.: Chinese remaindering based cryptosystems in the presence of faults. J. Cryptol. 12(4), 241–245 (1999)CrossRefMATH

11.

Coron, J-S., Joux, A., Kizhvatov, I., Naccache, D., Paillier, P.: Fault attacks on RSA signatures with partially unknown messages. In: Cryptographic Hardware and Embedded Systems—CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6–9, 2009, Proceedings, pp. 444–456 (2009)

12.

Saha, D., Kuila, S., Chowdhury, D.R.: EscApe: diagonal fault analysis of APE. In: Progress in Cryptology—INDOCRYPT 2014—15th International Conference on Cryptology in India, New Delhi, India, December 14–17, 2014, Proceedings, pp. 197–216 (2014)

13.

Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Wang, Q., Yasuda, K.: PRIMATEs v1.02. Submission to the CAESAR Competition (2014). http://competitions.cr.yp.to/round2/primatesv102.pdf. Accessed 23 Nov 2017

14.

Dobraunig, C., Eichlseder, M., Korak, T., Lomné, V., Mendel, F.: Statistical fault attacks on nonce-based authenticated encryption schemes. In: Advances in Cryptology—ASIACRYPT 2016—22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4–8, 2016, Proceedings, Part I, pp. 369–395 (2016)

15.

Peyrin, T.: Improved differential attacks for ECHO and Grøstl. In: Advances in Cryptology—CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15–19, 2010. Proceedings, pp. 370–392 (2010)

16.

Dinur, I., Dunkelman, O., Shamir, A.: Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. In: Fast Software Encryption—20th International Workshop, FSE 2013, Singapore, March 11–13, 2013. Revised Selected Papers, pp. 219–240 (2013)

17.

CAESAR: competition for authenticated encryption: security, applicability, and robustness. http://competitions.cr.yp.to/caesar.html. Accessed 23 Nov 2017

18.

Daemen, J., Rijmen, V.: The Design of Rijndael: AES–The Advanced Encryption Standard. Information Security and Cryptography. Springer, Berlin (2002)CrossRefMATH

19.

Saha, D., Chowdhury, D.R.: EnCounter: on breaking the nonce barrier in differential fault analysis with a case-study on PAEQ. In: Cryptographic Hardware and Embedded Systems—CHES 2016—18th International Conference, Santa Barbara, CA, USA, August 17–19, 2016, Proceedings, pp. 581–601 (2016)

20.

Bagheri, N., Mendel, F., Sasaki, Y.: Improved rebound attacks on AESQ: core permutation of CAESAR candidate PAEQ. In: 21st Australasian Conference on Information Security and Privacy—ACISP 2016, Springer, pp. 301–316 (2016)

21.

Saha, D., Kakarla, S., Mandava, S., Chowdhury, D.R.: Gain: practical key-recovery attacks on round-reduced PAEQ. In: Security, Privacy, and Applied Cryptography Engineering—6th International Conference, SPACE 2016, Hyderabad, India, December 14–18, 2016, Proceedings, pp. 194–210 (2016)

22.

Saha, D., Kakarla, S., Mandava, S., Chowdhury, D.R.: Gain: practical key-recovery attacks on round-reduced PAEQ. J. Hardw. Syst. Secur. (2017). https://doi.org/10.1007/s41635-017-0010-5

23.

Biryukov, A., Khovratovich, D.: PAEQ: parallelizable permutation-based authenticated encryption. In: Information Security—17th International Conference, ISC 2014, Hong Kong, China, October 12–14, 2014. Proceedings, pp. 72–89 (2014)

24.

Khovratovich, D., Biryukov, A.: PAEQ v1. Submission to the CAESAR competition (2014). http://competitions.cr.yp.to/round1/paeqv1.pdf

25.

van Woudenberg, J.G.J., Witteman, M.F., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, Tokyo, Japan, September 29, 2011, pp. 91–99 (2011)

26.

Courbon, F., Loubet-Moundi, P., Fournier, J.J.A., Tria, A.: Adjusting laser injections for fully controlled faults. In: Constructive Side-Channel Analysis and Secure Design—5th International Workshop, COSADE 2014, Paris, France, April 13–15, 2014. Revised Selected Papers, pp. 229–242 (2014)

27.

Agoyan, M., Dutertre, J-M., Naccache, D., Robisson, B., Tria, A.: When clocks fail: on critical paths and clock faults. In: Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14–16, 2010. Proceedings, pp. 182–193 (2010)

28.

Moro, N., Heydemann, K., Dehbaoui, A., Robisson, B., Encrenaz, E.: Experimental evaluation of two software countermeasures against fault attacks. CoRR, abs/1407.6019 (2014)

29.

Verbauwhede, I., Karaklajic, D., Schmidt, J-M.: The fault attack jungle—a classification model to guide you. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, Tokyo, Japan, September 29, 2011, pp. 3–8 (2011)

30.

Schmidt, J.-M., Medwed,M.: Countermeasures for symmetric key ciphers. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography, pp. 73–87. Springer, Berlin, Heidelberg (2012)

31.

Wang, B., Liu, L., Deng, C., Zhu, M., Yin, S., Wei, S.: Against double fault attacks: injection effort model, space and time randomization based countermeasures for reconfigurable array architecture. IEEE Trans. Inf. Forensics Secur. 11(6), 1151–1164 (2016)CrossRef

Titel: Internal differential fault analysis of parallelizable ciphers in the counter-mode
verfasst von: Dhiman Saha
Dipanwita Roy Chowdhury
Publikationsdatum: 29.11.2017
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 1/2019
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-017-0179-0

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2019

Online template attacks

Horst Feistel: the inventor of LUCIFER, the cryptographic algorithm that changed cryptology

Constructing multidimensional differential addition chains and their applications

From theory to practice: horizontal attacks on protected implementations of modular exponentiations

Compact circuits for combined AES encryption/decryption