Pushing the Limit of PFA: Enhanced Persistent Fault Analysis on Block Ciphers

Persistent fault analysis (PFA) is a newly proposed cryptanalysis for block ciphers. Although the injected fault is persistent during the entire encryption, the corresponding analysis is only applied to the last round in the original PFA. In this article, the enhanced PFA (EPFA) is proposed, which can push the limit of PFA by exploiting the fault leakage in deeper rounds and target to reduce the number of required ciphertexts as small as possible. EPFA is first introduced as a general method with a specific application to advanced encryption standard (AES). Then it is extended to other substitution–permutation network (SPN)-based block ciphers, such as LED and SKINNY, both of which have unique features that EPFA fits well. To improve the efficiency of EPFA, a parallel algorithm based on mixed radix numbers is developed, which fully utilizes the power of GPU. Our experimental results show that EPFA can reduce the number of required ciphertexts to be under 1000, which is only about 40% of the 2500 ciphertexts in previous PFA on AES. In contrast to the single-threaded implementation, the parallel EPFA can have a speedup roughly about 200 times.

[1]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[2]  Tao Wang,et al.  Algebraic Differential Fault Attacks on LED using a Single Fault Injection , 2012, IACR Cryptol. ePrint Arch..

[3]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[4]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[5]  Wei He,et al.  Persistent Fault Analysis on Block Ciphers , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[6]  Nasour Bagheri,et al.  Cryptanalysis of Reduced round SKINNY Block Cipher , 2018, IACR Cryptol. ePrint Arch..

[7]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[8]  Fan Zhang,et al.  Improved Algebraic Fault Analysis: A Case Study on Piccolo and Applications to Other Lightweight Block Ciphers , 2013, COSADE.

[9]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[10]  Florian Mendel,et al.  Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures , 2018, IACR Cryptol. ePrint Arch..

[11]  Florian Mendel,et al.  Exploiting Ineffective Fault Inductions on Symmetric Cryptography , 2018, IACR Cryptol. ePrint Arch..

[12]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[13]  Christophe Clavier,et al.  Reverse Engineering of a Secret AES-like Cipher by Ineffective Fault Analysis , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[14]  Florian Mendel,et al.  Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes , 2016, ASIACRYPT.

[15]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[16]  Scott R. Fluhrer,et al.  Statistical Analysis of the Alleged RC4 Keystream Generator , 2000, FSE.

[17]  Florian Mendel,et al.  Exploiting Ineffective Fault Inductions on Symmetric Cryptography , 2018, IACR Cryptol. ePrint Arch..

[18]  Adrian Thillard,et al.  Fault Attacks on AES with Faulty Ciphertexts Only , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[19]  Thomas Peyrin,et al.  Tweaks and Keys for Block Ciphers: The TWEAKEY Framework , 2014, ASIACRYPT.

[20]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[21]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.