Security Analysis of the Lightweight Cryptosystem TWINE in the Internet of Things

The TWINE is a new Generalized Feistel Structure (GFS) lightweight cryptosystem in the Internet of Things. It has 36 rounds and the key lengths support 80 bits and 128 bits, which are flexible to provide security for the RFID, smart cards and other highly-constrained devices. Due to the strong attacking ability, fast speed, simple implementation and other characteristics, the differential fault analysis has become an important method to evaluate the security of lightweight cryptosystems. On the basis of the 4-bit fault model and the differential analysis, we propose an effective differential fault attack on the TWINE cryptosystem. Mathematical analysis and simulating experiments show that the attack could recover its 80-bit and 128-bit secret keys by introducing 8 faulty ciphertexts and 18 faulty ciphertexts on average, respectively. The result in this study describes that the TWINE is vulnerable to differential fault analysis. It will be beneficial to the analysis of the same type of other iterated lightweight cryptosystems in the Internet of Things.

[1]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[2]  Juanru Li,et al.  Differential fault analysis on the ARIA algorithm , 2008, Inf. Sci..

[3]  Jean-Jacques Quisquater,et al.  Faults, Injection Methods, and Fault Attacks , 2007, IEEE Design & Test of Computers.

[4]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[5]  Hongfeng Zhu,et al.  A Provable One-way Authentication Key Agreement Scheme with User Anonymity for Multi-server Environment , 2015, KSII Trans. Internet Inf. Syst..

[6]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[7]  Moti Yung,et al.  Observability Analysis - Detecting When Improved Cryptosystems Fail , 2002, CT-RSA.

[8]  Amir Moradi,et al.  A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.

[9]  Christophe Clavier,et al.  Fault Analysis Study of IDEA , 2008, CT-RSA.

[10]  Tuncay Ercan,et al.  Formal Trust Assessment with Confidence Probability , 2015, KSII Trans. Internet Inf. Syst..

[11]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[12]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[13]  Erich Wenger,et al.  An 8-bit AVR-Based Elliptic Curve Cryptographic RISC Processor for the Internet of Things , 2012, 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops.

[14]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[15]  Israel Koren,et al.  Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard , 2003, IEEE Trans. Computers.

[16]  A. Emre Harmanci,et al.  Biclique cryptanalysis of LBlock and TWINE , 2013, Inf. Process. Lett..

[17]  Richard J. Lipton,et al.  On the Importance of Eliminating Errors in Cryptographic Computations , 2015, Journal of Cryptology.

[18]  Ferhat Karakoç,et al.  Biclique Cryptanalysis of TWINE , 2012, CANS.

[19]  Chenhui Jin,et al.  Finding Impossible Differentials for Rijndael-like and 3D-like Structures , 2013, KSII Trans. Internet Inf. Syst..

[20]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[21]  Chin-Chen Chang,et al.  Security enhancement for digital signature schemes with fault tolerance in RSA , 2007, Inf. Sci..

[22]  Kazuhiko Minematsu,et al.  $\textnormal{\textsc{TWINE}}$ : A Lightweight Block Cipher for Multiple Platforms , 2012, Selected Areas in Cryptography.