Probabilistic signature based generalized framework for differential fault analysis of stream ciphers

Differential Fault Attack (DFA) considers injection of faults and the most general set-up should take care of faults at random location and random time. Then one should be able to identify the exact location as well as the exact timing of the fault (including the multi bit ones) with the help of fault signatures. In this paper we solve the problem of DFA under a general frame-work, introducing the idea of probabilistic signatures. The method considers the Maximum Likelihood approach related to probability distributions. Our techniques subsume all the existing DFAs against the Grain family, MICKEY 2.0 and Trivium. In the process we provide improved fault attacks for all the versions of Grain family and also for MICKEY 2.0. Our generalized method successfully takes care of the cases where certain parts of the keystream bits are missing (this situation may arise for authentication purpose). In particular, we show that the unsolved problem of identifying the faults in random time for Grain 128a can be solved in this manner. Moreover, for MICKEY 2.0, our method not only provides improvement in fault identification probability but also reduces the required faults by 60 %, compared to the best known result.

[1]  Avishek Adhikari,et al.  Improved Multi-Bit Differential Fault Analysis of Trivium , 2014, INDOCRYPT.

[2]  Martin Hell,et al.  A New Version of Grain-128 with Authentication , 2011 .

[3]  Martin Hell,et al.  Grain-128a: a new version of Grain-128 with optional authentication , 2011, Int. J. Wirel. Mob. Comput..

[4]  Subhamoy Maitra,et al.  A Differential Fault Attack on MICKEY 2.0 , 2013, CHES.

[5]  Michal Hojsík,et al.  Differential Fault Analysis of Trivium , 2008, FSE.

[6]  Debdeep Mukhopadhyay,et al.  Improved practical differential fault analysis of Grain-128 , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[7]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[8]  Debdeep Mukhopadhyay,et al.  Multi-Bit Differential Fault Analysis of Grain-128 with Very Weak Assumptions , 2014, IACR Cryptol. ePrint Arch..

[9]  Santanu Sarkar,et al.  Improved differential fault attack on MICKEY 2.0 , 2015, Journal of Cryptographic Engineering.

[10]  Santanu Sarkar,et al.  Differential Fault Attack against Grain Family with Very Few Faults and Minimal Assumptions , 2015, IEEE Transactions on Computers.

[11]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[12]  Santanu Sarkar,et al.  A Differential Fault Attack on the Grain Family under Reasonable Assumptions , 2012, INDOCRYPT.

[13]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[14]  Eli Biham,et al.  Differential Cryptanalysis in Stream Ciphers , 2007, IACR Cryptol. ePrint Arch..

[15]  Daniel Wichs,et al.  Efficient Non-Malleable Codes and Key Derivation for Poly-Size Tampering Circuits , 2014, IEEE Transactions on Information Theory.

[16]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[17]  Christophe De Cannière,et al.  Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.

[18]  Santanu Sarkar,et al.  A Differential Fault Attack on the Grain Family of Stream Ciphers , 2012, CHES.