论文信息 - Fault Analysis Study of IDEA

Fault Analysis Study of IDEA

We present a study of several fault attacks against the block cipher IDEA. Such a study is particularly interesting because of the target cipher's specific property to employ operations on three different algebraic groups while not using substitution tables. We observe that the attacks perform very different in terms of efficiency. Although requiring a restrictive fault model, the first attack can not reveal a sufficient amount of key material to pose a real threat, while the second attack requires a large number of faults in the same model to achieve this goal. In the general random fault model, i.e. we assume that the fault has a random and a priori unknown effect on the target value, the third attack, which is the first Differential Fault Analysis of IDEA to the best of our knowledge, recovers 93 out of 128 key bits exploiting about only 10 faults. For this particular attack, we can also relax the assumption of cycle accurate fault injection to a certain extend.

Christophe Clavier | Ingrid Verbauwhede | Benedikt Gierlichs

[1] Marc Joye,et al. Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[2] Christophe Clavier,et al. Fault Analysis of DPA-Resistant Algorithms , 2006, FDTC.

[3] Eli Biham,et al. Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[4] Eli Biham,et al. Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[5] Ludger Hemme,et al. A Differential Fault Attack Against Early Rounds of (Triple-)DES , 2004, CHES.

[6] Christophe Clavier,et al. Secret External Encodings Do Not Prevent Transient Fault Analysis , 2007, CHES.

[7] Jean-Pierre Seifert,et al. Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[8] Xuejia Lai,et al. Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[9] Moti Yung,et al. Observability Analysis - Detecting When Improved Cryptosystems Fail , 2002, CT-RSA.

[10] Christof Paar,et al. DPA on n-Bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6, and the HMAC-Construction , 2004, CHES.

[11] Eli Biham,et al. A New Attack on 6-Round IDEA , 2007, FSE.

[12] Seungjoo Kim,et al. A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.