Differential Fault Analysis on the SHA1 Compression Function

In FDTC 2009, Li et al. published a DFA attack [20] against the symmetric block cipher SHACAL1 [11]. This block cipher substantially consists of the compression function of the hash function SHA1 [16] except for the final addition operation. When using the SHA1 compression function as a primitive in a keyed hash function like HMAC-SHA1 [17] or in a key derivation function it might be of some interest if the attack of Li et al. also applies to the SHA1 compression function. However, the final addition operation turns out to completely prevent this direct application. In this paper we extend the attack of Li et al. in order to overcome the problem of the final addition and to extract the secret inputs of the SHA1 compression function by analysing faulty outputs. Our implementation of the new attack needs about 1000 faulty outputs and a computation time of three hours on a normal PC to fully extract the secret inputs with high probability.

[1]  Junko Takahashi,et al.  Improved Differential Fault Analysis on CLEFIA , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[2]  Jean-Pierre Seifert,et al.  Sign Change Fault Attacks on Elliptic Curve Cryptosystems , 2006, FDTC.

[3]  Ludger Hemme,et al.  A Differential Fault Attack Against Early Rounds of (Triple-)DES , 2004, CHES.

[4]  Christophe Clavier,et al.  Fault Analysis Study of IDEA , 2008, CT-RSA.

[5]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[6]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[7]  Hua Chen,et al.  Differential Fault Analysis on CLEFIA , 2007, ICICS.

[8]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[9]  Eli Biham,et al.  Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4 , 2005, FSE.

[10]  Adi Shamir,et al.  Fault Analysis of Stream Ciphers , 2004, CHES.

[11]  Michal Hojsík,et al.  Differential Fault Analysis of Trivium , 2008, FSE.

[12]  Chao Li,et al.  Differential Fault Analysis on SHACAL-1 , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[13]  Aviad Kipnis,et al.  Attacks on Authentication and Signature Schemes Involving Corruption of Public Key (Modulus) , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[14]  Christophe Clavier,et al.  Why One Should Also Secure RSA Public Key Elements , 2006, CHES.

[15]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[16]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[17]  Matthieu Rivain,et al.  Differential Fault Analysis on DES Middle Rounds , 2009, CHES.

[18]  Elaine B. Barker,et al.  The Keyed-Hash Message Authentication Code (HMAC) | NIST , 2002 .