Abstract
Keccak-based algorithms such as Secure Hash Algorithm-3 (SHA-3) will be widely used in cryptosystems, and evaluating their security against different kinds of attacks is vitally important. This paper presents an efficient differential fault analysis (DFA) method on all four modes of SHA-3 to recover an entire internal state, which leads to message recovery in the regular hashing mode and key retrieval in the message authentication code (MAC) mode. We adopt relaxed fault models in this paper, assuming the attacker can inject random single-byte faults into the penultimate round input of SHA-3. We also propose algorithms to find the lower bound on the number of fault injections needed to recover an entire internal state for the proposed attacks. Results show that on average, the attacker needs about 120 random faults to recover an internal state, while he needs 17 faults at best if he has control of the faults injected. The proposed attack method is further extended for systems with input messages longer than the bitrate.
Similar content being viewed by others
References
Bertoni G, Daemen J, Peeters M, Assche G (2011) The Keccak reference. Submission to NIST (Round 3) January
Pub NF, FIPS PUB (2015) 202. SHA-3 standard: permutation-based hash and extendable-output functions Federal Information Processing Standards Publication
Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. In: Advances in Cryptology – CRYPTO, pp 513–525
Piret G, Quisquater J-J (2003) A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: 5th International Wkshp on Cryptographic Hardware and Embedded Systems, Cologne, Germany, pp 77–88
Chen H, Wu W, Feng D (2007) Differential fault analysis on CLEFIA. In: 9th International Conference on Information and Communications Security, Zhengzhou, China, pp 284–295
Karmakar S, Chowdhury DR (2013) Differential fault analysis of MICKEY-128 2.0. In: Wkshp on Fault Diagnosis and Tolerance in Cryptography, pp 52–59
Banik S, Maitra S (2013) A differential fault attack on MICKEY 2.0. In: 15th International Wkshp on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, USA, pp 215–232
Banik S, Maitra S, Sarkar S (2012) A differential fault attack on the Grain family of stream ciphers. In: 14th International Wkshp on Cryptographic Hardware and Embedded Systems, Leuven, Belgium, pp 122–139
Dey P, Chakraborty A, Adhikari A, Mukhopadhyay D (2015) Improved practical differential fault analysis of Grain-128. In: Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition, pp 459–464
Hemme L, Hoffmann L (2011) Differential fault analysis on the SHA1 compression function. In: Wkshp on Fault Diagnosis and Tolerance in Cryptography, pp 54–62
Altawy R, Youssef AM (2015) Differential fault analysis of Streebog. In: 11th International Conference on Information Security Practice and Experience, Beijing, China, pp 35–49
Li W, Tao Z, Gu D, Wang Y, Liu Z, Liu Y (2013) Differential fault analysis on the MD5 compression function. J Comput 8(11):2888–2894
Fischer W, Reuter CA (2012) Differential fault analysis on Grøstl. In: Wkshp on Fault Diagnosis and Tolerance in Cryptography, pp 44–54
Boura C, Canteaut A (2010) A zero-sum property for the KECCAK-f permutation with 18 rounds. In: IEEE International Symposium on Information Theory, pp 2488–2492
Das S, Meier W (2014) Differential biases in reduced-round Keccak. In: Progress in Cryptology – AFRICACRYPT 2014: 7th International Conference on Cryptology in Africa, Marrakesh, Morocco, pp 69–87
Dinur I, Dunkelman O, Shamir A (2013) Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. In: 20th International Workshop on Fast Software Encryption, Singapore, pp 219–240
Dinur I, Morawiecki P, Pieprzyk J, Srebrny M, Straus M (2015) Cube attacks and cube-attack-like cryptanalysis on the round-reduced Keccak sponge function. In: Advances in Cryptology – EUROCRYPT: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, pp 733–761
Luo P, Fei Y, Fang X, Ding A, Kaeli DR, Leeser M (2015) Side-channel analysis of MAC-Keccak hardware implementations. In: Proceedings of the Fourth Wkshp on Hardware and Architectural Support for Security and Privacy
Morawiecki P, Pieprzyk J, Srebrny M (2013) Rotational cryptanalysis of round-reduced Keccak. In: 20th International Wkshp on Fast Software Encryption, Singapore, pp 241–262
Naya-Plasencia M, Röck A, Meier W (2011) Practical analysis of reduced-round Keccak. In: Progress in Cryptology – INDOCRYPT 2011: 12th International Conference on Cryptology in India, Chennai, India, pp 236–254
Taha M, Schaumont P (2013) Side-channel analysis of MAC-Keccak. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp 125–130
Bagheri N, Ghaedi N, Sanadhya S (2015) Differential fault analysis of SHA-3. In: Progress in Cryptology – INDOCRYPT 2015: 16th International Conference on Cryptology in India, Bangalore, India, pp 253–269
Luo P, Fei Y, Zhang L, Ding A (2016) Differential fault analysis of SHA3-224 and SHA3-256. In: Thirteenth Wkshp on Fault Diagnosis and Tolerance in Cryptography
Daemen J (1995) Cipher and hash function design strategies based on linear and differential cryptanalysis, Ph.D. dissertation, Doctoral Dissertation, March 1995 KU Leuven
Bertoni G, Daemen J, Peeters M, Van Assche G (2011) Cryptographic sponge functions, Submission to NIST (Round 3)
Reference and optimized code in C, http://keccak.noekeon.org/KeccakReferenceAndOptimized-3.2.zip
Pessl P, Hutter M (2013) Pushing the limits of SHA-3 hardware implementations to fit on RFID. In: 15th International Wkshp on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, USA, pp 126–141
Bertoni G, Daemen J, Peeters M, Van Assche G, Van Keer R (2012) Keccak implementation overview, Report, STMicroelectronics. Antwerp, Belgium
Karpinski M, Zelikovsky A (1998) Approximating dense cases of covering problems. In: DIMACS Wkshp on Network Design: Connectivity and Facilites Location, pp 169–178
Bowman KA, Tokunaga C, Tschanz JW, Raychowdhury A, Khellah MM, Geuskens BM, Lu S-LL, Aseron PA, Karnik T, De VK (2011) All-digital circuit-level dynamic variation monitor for silicon debug and adaptive clock control. IEEE Trans Circuits Syst Regul Pap 58(9):2017–2025
Luo P, Luo C, Fei Y (2016) System clock and power supply cross-checking for glitch detection, Cryptology ePrint Archive Report 2016/968
Luo P, Li C, Fei Y (2016) Concurrent error detection for reliable SHA-3 design. In: 26th edition on Great Lakes Symposium on VLSI, pp 39–44
Luo P, Zhang L, Fei Y, Ding A (2016) An improvement of both security and reliability for Keccak implementations on smart card, Cryptology ePrint Archive Report 2016/214
Bayat-Sarmadi S, Mozaffari-Kermani M, Reyhani-Masoleh A (2014) Efficient and concurrent reliable realization of the secure cryptographic SHA-3 algorithm. IEEE Trans Comput Aided Des Integr Circuits Syst 33 (7):1105–1109
Acknowledgements
This work was supported in part by the National Science Foundation under grants SaTC-1314655 and MRI-1337854. Simulation code used in this paper is available at http://tescase.coe.neu.edu/.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Luo, P., Fei, Y., Zhang, L. et al. Differential Fault Analysis of SHA-3 Under Relaxed Fault Models. J Hardw Syst Secur 1, 156–172 (2017). https://doi.org/10.1007/s41635-017-0011-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-017-0011-4