EscApe: Diagonal Fault Analysis of APE

This work presents an adaptation of the classical diagonal fault attack on APE which is a member of the PRIMATEs family of authenticated encryption (AE) schemes. APE is the first nonce misuse-resistant permutation based AE scheme and is one of the submissions to the CAESAR competition. In this work we showcase how nonce reuse can be misused in the context of differential fault analysis of on-line authenticated encryption schemes like APE. Using the misuse, we finally present a diagonal fault attack on APE-80 that is able to reduce the key-search space from \(2^{160}\) to \(2^{25}\) using just two random uni-word (A word in this context is a 5-bit vector.) diagonal faults. Increasing the number of faults to \(4\) results in the unique identification of the key with a high probability. We find that both the AES-like internal permutation and the last round cipher-text output contribute to the reduction in key-space. We also provide theoretical analysis on the average reduction in the key-search space of the attack. To the best of our knowledge, this work reports the first fault analysis of a Sponge based mode of operation when used in the context of authenticated encryption.

[1]  Andrey Bogdanov,et al.  Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware , 2013, CHES.

[2]  Richard J. Lipton,et al.  On the Importance of Eliminating Errors in Cryptographic Computations , 2015, Journal of Cryptology.

[3]  Marcin Wójcik,et al.  Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests , 2013, ASIACRYPT.

[4]  Amir Moradi,et al.  A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.

[5]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[6]  Phillip Rogaway,et al.  Nonce-Based Symmetric Encryption , 2004, FSE.

[7]  Marc Joye,et al.  Fault Analysis in Cryptography , 2012, Information Security and Cryptography.

[8]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[9]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[10]  Debdeep Mukhopadhyay,et al.  An Improved Fault Based Attack of the Advanced Encryption Standard , 2009, AFRICACRYPT.

[11]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2003 , 2003, Lecture Notes in Computer Science.

[12]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[13]  Andrey Bogdanov,et al.  Parallelizable and Authenticated Online Ciphers , 2013, IACR Cryptol. ePrint Arch..

[14]  Andrey Bogdanov,et al.  APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography , 2014, FSE.

[15]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[16]  Marc Joye,et al.  Chinese Remaindering Based Cryptosystems in the Presence of Faults , 1999, Journal of Cryptology.

[17]  Debdeep Mukhopadhyay,et al.  A Diagonal Fault Attack on the Advanced Encryption Standard , 2009, IACR Cryptol. ePrint Arch..

[18]  B Guido,et al.  Cryptographic sponge functions , 2011 .

[19]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[20]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[21]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[22]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[23]  Elisabeth Oswald,et al.  Profiling DPA: Efficacy and Efficiency Trade-Offs , 2013, CHES.

[24]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[25]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[26]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[27]  Antoine Joux,et al.  Fault Attacks on RSA Signatures with Partially Unknown Messages , 2009, CHES.

[28]  Moni Naor,et al.  Fast Software Encryption , 2002, Lecture Notes in Computer Science.

[29]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[30]  Bart Preneel Progress in Cryptology - AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21-25, 2009. Proceedings , 2009, AFRICACRYPT.

[31]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.