Differential Fault Analysis on CLEFIA with 128, 192, and 256-Bit Keys

This paper describes a differential fault analysis (DFA) attack against CLEFIA. The proposed attack can be applied to CLEFIA with all supported keys: 128, 192, and 256-bit keys. DFA is a type of side-channel attack. This attack enables the recovery of secret keys by injecting faults into a secure device during its computation of the cryptographic algorithm and comparing the correct ciphertext with the faulty one. CLEFIA is a 128-bit blockcipher with 128, 192, and 256-bit keys developed by the Sony Corporation in 2007. CLEFIA employs a generalized Feistel structure with four data lines. We developed a new attack method that uses this characteristic structure of the CLEFIA algorithm. On the basis of the proposed attack, only 2 pairs of correct and faulty ciphertexts are needed to retrieve the 128-bit key, and 10.78 pairs on average are needed to retrieve the 192 and 256-bit keys. The proposed attack is more efficient than any previously reported. In order to verify the proposed attack and estimate the calculation time to recover the secret key, we conducted an attack simulation using a PC. The simulation results show that we can obtain each secret key within three minutes on average. This result shows that we can obtain the entire key within a feasible computational time.

[1]  Dawu Gu,et al.  An Improved Method of Differential Fault Analysis on the SMS4 Cryptosystem , 2007, The First International Symposium on Data, Privacy, and E-Commerce (ISDPE 2007).

[2]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[3]  Yukiyasu Tsunoo,et al.  Impossible Differential Cryptanalysis of CLEFIA , 2008, FSE.

[4]  Hua Chen,et al.  Differential Fault Analysis on CLEFIA , 2007, ICICS.

[5]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[6]  Ludger Hemme,et al.  A Differential Fault Attack Against Early Rounds of (Triple-)DES , 2004, CHES.

[7]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[8]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[9]  Wei Wang,et al.  Improved Impossible Differential Cryptanalysis of CLEFIA , 2007, IACR Cryptol. ePrint Arch..

[10]  Amir Moradi,et al.  A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.

[11]  Kyoji Shibutani,et al.  The 128-Bit Blockcipher CLEFIA (Extended Abstract) , 2007, FSE.

[12]  Junko Takahashi,et al.  Improved Differential Fault Analysis on CLEFIA , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[13]  Christophe Clavier,et al.  Fault Analysis Study of IDEA , 2008, CT-RSA.

[14]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.