Differential fault analysis on the contracting UFN structure, with application to SMS4 and MacGuffin

The contracting unbalanced Feistel networks (UFN) is a particular structure in the block ciphers, where the ''left half'' and the ''right half'' are not of equal size, and the size of the domain of one half is larger than that of the range. This paper studies the security of the contracting UFN structure against differential fault analysis (DFA). We propose two basic byte-oriented fault models and two corresponding attacking methods. Then we implement the attack on two instances of the contracting UFN structure, the block ciphers SMS4 and MacGuffin. The experiments require 20 and 4 faulty ciphertexts to recover the 128-bit secret key of SMS4 in the two fault models, respectively. Under similar hypothesis, MacGuffin is breakable with 355 and 165 faulty ciphertexts, respectively. So our work not only builds up a general model of DFA on the contracting UFN structure and ciphers, but also provides a new reference for fault analysis on other block ciphers.

[1]  Vincent Rijmen,et al.  Cryptanalysis of McGuffin , 1994, FSE.

[2]  Jean-Jacques Quisquater,et al.  Faults, Injection Methods, and Fault Attacks , 2007, IEEE Design & Test of Computers.

[3]  Charanjit S. Jutla,et al.  Generalized Birthday Arracks on Unbalanced Feistel Networks , 1998, CRYPTO.

[4]  Bruce Schneier,et al.  The MacGuffin Block Cipher Algorithm , 1994, FSE.

[5]  Ludger Hemme,et al.  A Differential Fault Attack Against Early Rounds of (Triple-)DES , 2004, CHES.

[6]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, Theory of Cryptography Conference.

[7]  Valérie Nachef,et al.  Generic Attacks on Unbalanced Feistel Schemes with Contracting Functions , 2006, ASIACRYPT.

[8]  Wu Wen Differential Fault Analysis on SMS4 , 2006 .

[9]  Bruce Schneier,et al.  Side Channel Cryptanalysis of Product Ciphers , 1998, J. Comput. Secur..

[10]  Sung-Ming Yen,et al.  Differential Fault Analysis on AES Key Schedule and Some Coutnermeasures , 2003, ACISP.

[11]  Bruce Schneier,et al.  Unbalanced Feistel Networks and Block Cipher Design , 1996, FSE.

[12]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[13]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[14]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[15]  Lei Hu,et al.  Analysis of the SMS4 Block Cipher , 2007, ACISP.

[16]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[17]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[18]  Dawu Gu,et al.  An Improved Method of Differential Fault Analysis on the SMS4 Cryptosystem , 2007, The First International Symposium on Data, Privacy, and E-Commerce (ISDPE 2007).

[19]  Israel Koren,et al.  Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard , 2003, IEEE Trans. Computers.

[20]  Amir Moradi,et al.  A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.