Fault analysis of Trivium

As a hardware-oriented stream cipher, Trivium is on the edge of low cost and compactness. In this paper we discuss how brittle Trivium is under fault attack. Our fault model is based on the following two assumptions: (1) We can make fault injection on the state at a random time and (2) after each fault injection, the fault positions are from random one of three registers, and from a random area within eight neighboring bits. Our fault model has extremely weak assumptions for effective attack , and much weaker than that of Hojsík and Rudolf, in their fault attack on Trivium. We present a checking method such that, by observing original key-stream segment and fault injected key-stream segment, the injecting time and fault positions can be determined. Then, for several distributions of the injecting time, our random simulations always show that the attacker can break Trivium by a small number of repeated fault injections. For example, suppose that the injecting time has an uniform distribution over {0, 1, . . . , 32}, then averagely no more than 16 repeated fault injection procedures will break Trivium, by averagely observing no more than 195 × 17 key-stream bits.

[1]  Adi Shamir,et al.  Fault Analysis of Stream Ciphers , 2004, CHES.

[2]  Kris Gaj,et al.  Comparison of FPGA-Targeted Hardware Implementations of eSTREAM Stream Cipher Candidates , 2008 .

[3]  Christophe De Cannière,et al.  Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.

[4]  B. Preneel,et al.  Trivium Specifications ? , 2022 .

[5]  Christophe Clavier,et al.  Susceptibility of eSTREAM Candidates towards Side Channel Analysis , 2008 .

[6]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[7]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[8]  Alex Biryukov,et al.  Two Trivial Attacks on Trivium , 2007, IACR Cryptol. ePrint Arch..

[9]  N. Rajesh Pillai,et al.  Cube Attacks on Trivium , 2009, IACR Cryptol. ePrint Arch..

[10]  Shahram Khazaei,et al.  Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers , 2008, AFRICACRYPT.

[11]  Meltem Sönmez Turan,et al.  Linear Approximations for 2-round Trivium , 2007 .

[12]  Elisabeth Oswald,et al.  Stream Ciphers and Side-Channel Analysis ? , 2004 .

[13]  M. Benaissa,et al.  Hardware performance of eStream phase-III stream cipher candidates , 2008 .

[14]  Enes Pasalic,et al.  Key differentiation attacks on stream ciphers , 2008, IACR Cryptol. ePrint Arch..

[15]  Wieland Fischer,et al.  Differential Power Analysis of Stream Ciphers , 2007, CT-RSA.

[16]  Eli Biham,et al.  Differential Cryptanalysis in Stream Ciphers , 2007, IACR Cryptol. ePrint Arch..

[17]  Michal Hojsík,et al.  Floating Fault Analysis of Trivium , 2008, INDOCRYPT.

[18]  Michal Hojsík,et al.  Differential Fault Analysis of Trivium , 2008, FSE.

[19]  Eli Biham,et al.  Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4 , 2005, FSE.