Fault Analysis of Rabbit: Toward a Secret Key Leakage

Although Differential Fault Analysis (DFA) led to powerful applications against public key [15] and secret key [12] cryptosystems, very few works have been published in the area of stream ciphers. In this paper, we present the first application of DFA to the software eSTREAM candidate Rabbit that leads to a full secret key recovery. We show that by modifying modular additions of the next-state function, 32 faulty outputs are enough for recovering the whole internal state in time $\mathcal{O}\left( 2^{34}\right)$ and extracting the secret key. Thus, this work improves the previous fault attack against Rabbit both in terms of computational complexity and fault number.

[1]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[2]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[3]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[4]  Martin Boesgaard,et al.  The Stream Cipher Rabbit , 2005 .

[5]  Michal Hojsík,et al.  Differential Fault Analysis of Trivium , 2008, FSE.

[6]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[7]  Klaus Jansen,et al.  Experimental and Efficient Algorithms , 2003, Lecture Notes in Computer Science.

[8]  Eli Biham,et al.  Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4 , 2005, FSE.

[9]  Amr M. Youssef,et al.  Differential Fault Analysis of Rabbit , 2009, Selected Areas in Cryptography.

[10]  Jean-Philippe Aumasson,et al.  On a bias of Rabbit , 2007 .

[11]  Heinrich Theodor Vierhaus,et al.  Synchronization Fault Cryptanalysis for Breaking A5/1 , 2005, WEA.

[12]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[13]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[14]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[15]  Christophe Clavier,et al.  Why One Should Also Secure RSA Public Key Elements , 2006, CHES.

[16]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[17]  Huaxiong Wang,et al.  Cryptanalysis of Rabbit , 2008, ISC.

[18]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[19]  David A. Wagner,et al.  Cryptanalysis of a provably secure CRT-RSA algorithm , 2004, CCS '04.

[20]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[21]  Robert H. Deng,et al.  Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults , 1997, Security Protocols Workshop.

[22]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2003 , 2003, Lecture Notes in Computer Science.

[23]  Martin Boesgaard,et al.  Rabbit: A New High-Performance Stream Cipher , 2003, FSE.

[24]  Adi Shamir,et al.  Fault Analysis of Stream Ciphers , 2004, CHES.

[25]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[26]  Aline Gouget,et al.  Fault analysis of GRAIN-128 , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[27]  Sergei P. Skorobogatov Optically Enhanced Position-Locked Power Analysis , 2006, CHES.

[28]  Christophe Giraud,et al.  A Survey on Fault Attacks , 2004, CARDIS.

[29]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[30]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[31]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.