Skip to main content
SpringerLink
Log in

Differential Fault Analysis of SHA-3 Under Relaxed Fault Models

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

Keccak-based algorithms such as Secure Hash Algorithm-3 (SHA-3) will be widely used in cryptosystems, and evaluating their security against different kinds of attacks is vitally important. This paper presents an efficient differential fault analysis (DFA) method on all four modes of SHA-3 to recover an entire internal state, which leads to message recovery in the regular hashing mode and key retrieval in the message authentication code (MAC) mode. We adopt relaxed fault models in this paper, assuming the attacker can inject random single-byte faults into the penultimate round input of SHA-3. We also propose algorithms to find the lower bound on the number of fault injections needed to recover an entire internal state for the proposed attacks. Results show that on average, the attacker needs about 120 random faults to recover an internal state, while he needs 17 faults at best if he has control of the faults injected. The proposed attack method is further extended for systems with input messages longer than the bitrate.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Bertoni G, Daemen J, Peeters M, Assche G (2011) The Keccak reference. Submission to NIST (Round 3) January

  2. Pub NF, FIPS PUB (2015) 202. SHA-3 standard: permutation-based hash and extendable-output functions Federal Information Processing Standards Publication

  3. Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. In: Advances in Cryptology – CRYPTO, pp 513–525

  4. Piret G, Quisquater J-J (2003) A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: 5th International Wkshp on Cryptographic Hardware and Embedded Systems, Cologne, Germany, pp 77–88

  5. Chen H, Wu W, Feng D (2007) Differential fault analysis on CLEFIA. In: 9th International Conference on Information and Communications Security, Zhengzhou, China, pp 284–295

  6. Karmakar S, Chowdhury DR (2013) Differential fault analysis of MICKEY-128 2.0. In: Wkshp on Fault Diagnosis and Tolerance in Cryptography, pp 52–59

  7. Banik S, Maitra S (2013) A differential fault attack on MICKEY 2.0. In: 15th International Wkshp on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, USA, pp 215–232

  8. Banik S, Maitra S, Sarkar S (2012) A differential fault attack on the Grain family of stream ciphers. In: 14th International Wkshp on Cryptographic Hardware and Embedded Systems, Leuven, Belgium, pp 122–139

  9. Dey P, Chakraborty A, Adhikari A, Mukhopadhyay D (2015) Improved practical differential fault analysis of Grain-128. In: Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition, pp 459–464

  10. Hemme L, Hoffmann L (2011) Differential fault analysis on the SHA1 compression function. In: Wkshp on Fault Diagnosis and Tolerance in Cryptography, pp 54–62

  11. Altawy R, Youssef AM (2015) Differential fault analysis of Streebog. In: 11th International Conference on Information Security Practice and Experience, Beijing, China, pp 35–49

  12. Li W, Tao Z, Gu D, Wang Y, Liu Z, Liu Y (2013) Differential fault analysis on the MD5 compression function. J Comput 8(11):2888–2894

    Google Scholar 

  13. Fischer W, Reuter CA (2012) Differential fault analysis on Grøstl. In: Wkshp on Fault Diagnosis and Tolerance in Cryptography, pp 44–54

  14. Boura C, Canteaut A (2010) A zero-sum property for the KECCAK-f permutation with 18 rounds. In: IEEE International Symposium on Information Theory, pp 2488–2492

  15. Das S, Meier W (2014) Differential biases in reduced-round Keccak. In: Progress in Cryptology – AFRICACRYPT 2014: 7th International Conference on Cryptology in Africa, Marrakesh, Morocco, pp 69–87

  16. Dinur I, Dunkelman O, Shamir A (2013) Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. In: 20th International Workshop on Fast Software Encryption, Singapore, pp 219–240

  17. Dinur I, Morawiecki P, Pieprzyk J, Srebrny M, Straus M (2015) Cube attacks and cube-attack-like cryptanalysis on the round-reduced Keccak sponge function. In: Advances in Cryptology – EUROCRYPT: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, pp 733–761

  18. Luo P, Fei Y, Fang X, Ding A, Kaeli DR, Leeser M (2015) Side-channel analysis of MAC-Keccak hardware implementations. In: Proceedings of the Fourth Wkshp on Hardware and Architectural Support for Security and Privacy

  19. Morawiecki P, Pieprzyk J, Srebrny M (2013) Rotational cryptanalysis of round-reduced Keccak. In: 20th International Wkshp on Fast Software Encryption, Singapore, pp 241–262

  20. Naya-Plasencia M, Röck A, Meier W (2011) Practical analysis of reduced-round Keccak. In: Progress in Cryptology – INDOCRYPT 2011: 12th International Conference on Cryptology in India, Chennai, India, pp 236–254

  21. Taha M, Schaumont P (2013) Side-channel analysis of MAC-Keccak. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp 125–130

  22. Bagheri N, Ghaedi N, Sanadhya S (2015) Differential fault analysis of SHA-3. In: Progress in Cryptology – INDOCRYPT 2015: 16th International Conference on Cryptology in India, Bangalore, India, pp 253–269

  23. Luo P, Fei Y, Zhang L, Ding A (2016) Differential fault analysis of SHA3-224 and SHA3-256. In: Thirteenth Wkshp on Fault Diagnosis and Tolerance in Cryptography

  24. Daemen J (1995) Cipher and hash function design strategies based on linear and differential cryptanalysis, Ph.D. dissertation, Doctoral Dissertation, March 1995 KU Leuven

  25. Bertoni G, Daemen J, Peeters M, Van Assche G (2011) Cryptographic sponge functions, Submission to NIST (Round 3)

  26. Reference and optimized code in C, http://keccak.noekeon.org/KeccakReferenceAndOptimized-3.2.zip

  27. Pessl P, Hutter M (2013) Pushing the limits of SHA-3 hardware implementations to fit on RFID. In: 15th International Wkshp on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, USA, pp 126–141

  28. Bertoni G, Daemen J, Peeters M, Van Assche G, Van Keer R (2012) Keccak implementation overview, Report, STMicroelectronics. Antwerp, Belgium

    Google Scholar 

  29. Karpinski M, Zelikovsky A (1998) Approximating dense cases of covering problems. In: DIMACS Wkshp on Network Design: Connectivity and Facilites Location, pp 169–178

  30. Bowman KA, Tokunaga C, Tschanz JW, Raychowdhury A, Khellah MM, Geuskens BM, Lu S-LL, Aseron PA, Karnik T, De VK (2011) All-digital circuit-level dynamic variation monitor for silicon debug and adaptive clock control. IEEE Trans Circuits Syst Regul Pap 58(9):2017–2025

    Article  MathSciNet  Google Scholar 

  31. Luo P, Luo C, Fei Y (2016) System clock and power supply cross-checking for glitch detection, Cryptology ePrint Archive Report 2016/968

  32. Luo P, Li C, Fei Y (2016) Concurrent error detection for reliable SHA-3 design. In: 26th edition on Great Lakes Symposium on VLSI, pp 39–44

  33. Luo P, Zhang L, Fei Y, Ding A (2016) An improvement of both security and reliability for Keccak implementations on smart card, Cryptology ePrint Archive Report 2016/214

  34. Bayat-Sarmadi S, Mozaffari-Kermani M, Reyhani-Masoleh A (2014) Efficient and concurrent reliable realization of the secure cryptographic SHA-3 algorithm. IEEE Trans Comput Aided Des Integr Circuits Syst 33 (7):1105–1109

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported in part by the National Science Foundation under grants SaTC-1314655 and MRI-1337854. Simulation code used in this paper is available at http://tescase.coe.neu.edu/.

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, Northeastern University, Boston, MA, 02115, USA

    Pei Luo & Yunsi Fei

  2. Department of Mathematics, Northeastern University, Boston, MA, 02115, USA

    Liwei Zhang & A. Adam Ding

Authors
  1. Pei Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yunsi Fei
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Liwei Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. A. Adam Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yunsi Fei.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Luo, P., Fei, Y., Zhang, L. et al. Differential Fault Analysis of SHA-3 Under Relaxed Fault Models. J Hardw Syst Secur 1, 156–172 (2017). https://doi.org/10.1007/s41635-017-0011-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-017-0011-4

Keywords

Search

Navigation