A Differential Fault Attack on the Grain Family of Stream Ciphers

In this paper we study a differential fault attack against the Grain family of stream ciphers. The attack works due to certain properties of the Boolean functions and corresponding choices of the taps from the LFSR. The existing works, by Berzati et al. (2009) and Karmakar et al. (2011), are applicable only on Grain-128 exploiting certain properties of the combining Boolean function h. That idea could not easily be extended to the corresponding Boolean function used in Grain v1. Here we show that the differential fault attack can indeed be efficiently mounted for the Boolean function used in Grain v1. In this case we exploit the idea that there exists certain suitable α such that $h(\mathbf{x}) + h({\mathbf x} + \mathbf{\alpha})$ is linear. In our technique, we present methods to identify the fault locations and then construct set of linear equations to obtain the contents of the LFSR and the NFSR. As a countermeasure to such fault attack, we provide exact design criteria for Boolean functions to be used in Grain like structure.

[1]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[2]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[3]  Willi Meier,et al.  Efficient FPGA Implementations of High-Dimensional Cube Testers on the Stream Cipher Grain-128 , 2009, IACR Cryptol. ePrint Arch..

[4]  Serge Vaudenay Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11-14, 2008. Proceedings , 2008, AFRICACRYPT.

[5]  Michal Hojsík,et al.  Differential Fault Analysis of Trivium , 2008, FSE.

[6]  T. E. Bjørstad Cryptanalysis of Grain using Time / Memory / Data Tradeoffs , 2008 .

[7]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[8]  Seokhie Hong,et al.  Related-Key Chosen IV Attacks on Grain-v1 and Grain-128 , 2008, ACISP.

[9]  María Naya-Plasencia,et al.  Conditional Differential Cryptanalysis of NLFSR-Based Cryptosystems , 2010, ASIACRYPT.

[10]  Bimal Roy,et al.  Progress in Cryptology - INDOCRYPT 2009, 10th International Conference on Cryptology in India, New Delhi, India, December 13-16, 2009. Proceedings , 2009, INDOCRYPT.

[11]  Cécile Canovas,et al.  Fault Analysis of Rabbit: Toward a Secret Key Leakage , 2009, INDOCRYPT.

[12]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[13]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[14]  Shahram Khazaei,et al.  Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers , 2008, AFRICACRYPT.

[15]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[16]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[17]  Sergei P. Skorobogatov Optically Enhanced Position-Locked Power Analysis , 2006, CHES.

[18]  Guang Gong,et al.  Progress in Cryptology - INDOCRYPT 2010 , 2010, Lecture Notes in Computer Science.

[19]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[20]  Aline Gouget,et al.  Fault analysis of GRAIN-128 , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[21]  Adi Shamir,et al.  Breaking Grain-128 with Dynamic Cube Attacks , 2011, IACR Cryptol. ePrint Arch..

[22]  H. Fredricksen A Survey of Full Length Nonlinear Shift Register Cycle Algorithms , 1982 .

[23]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[24]  Paul Stankovski,et al.  Greedy Distinguishers and Nonrandomness Detectors , 2010, INDOCRYPT.

[25]  Alexander Maximov,et al.  Cryptanalysis of Grain , 2006, FSE.

[26]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[27]  Martin Hell,et al.  A New Version of Grain-128 with Authentication , 2011 .

[28]  T. E. Bjrstad Cryptanalysis of Grain using Time / Memory / Data Tradeos , 2008 .

[29]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[30]  Dipanwita Roy Chowdhury,et al.  Fault Analysis of Grain-128 by Targeting NFSR , 2011, AFRICACRYPT.

[31]  Adi Shamir,et al.  Fault Analysis of Stream Ciphers , 2004, CHES.

[32]  Bart Preneel,et al.  Analysis of Grain's Initialization Algorithm , 2008, AFRICACRYPT.

[33]  David Pointcheval,et al.  Progress in Cryptology - AFRICACRYPT 2011 - 4th International Conference on Cryptology in Africa, Dakar, Senegal, July 5-7, 2011. Proceedings , 2011, AFRICACRYPT.

[34]  Shahram Khazaei,et al.  Distinguishing Attack on Grain , 2005 .

[35]  Thomas Johansson,et al.  A Framework for Chosen IV Statistical Analysis of Stream Ciphers , 2007, INDOCRYPT.

[36]  C. Pandu Rangan,et al.  Progress in Cryptology - INDOCRYPT 2007, 8th International Conference on Cryptology in India, Chennai, India, December 9-13, 2007, Proceedings , 2007, INDOCRYPT.

[37]  Pantelimon Stanica,et al.  Rotation symmetric Boolean functions - Count and cryptographic properties , 2003, Discret. Appl. Math..

[38]  Xiaoyun Wang,et al.  Cryptanalysis of Stream Cipher Grain Family , 2009, IACR Cryptol. ePrint Arch..

[39]  Adi Shamir,et al.  An Experimentally Verified Attack on Full Grain-128 Using Dedicated Reconfigurable Hardware , 2011, IACR Cryptol. ePrint Arch..

[40]  Amr M. Youssef,et al.  Differential Fault Analysis of Rabbit , 2009, Selected Areas in Cryptography.