Differential Fault Analysis of Sosemanuk

Sosemanuk is a software-based stream cipher which supports a variable key length of either 128 or 256 bits and 128-bit initial values. It has passed all three stages of the ECRYPT stream cipher project and is a member of the eSTREAM software portfolio. In this paper, we present a fault analysis attack on Sosemanuk. The fault model in which we analyze the cipher is the one in which the attacker is assumed to be able to fault a random inner state word but cannot control the exact location of injected faults. Our attack, which recovers the secret inner state of the cipher, requires around 6144 faults, work equivalent to around 248 Sosemanuk iterations and a storage of around 238.17 bytes.

[1]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[2]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[3]  Frederik Armknecht,et al.  Fault Attacks on Combiners with Memory , 2005, Selected Areas in Cryptography.

[4]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[5]  Michal Hojsík,et al.  Floating Fault Analysis of Trivium , 2008, INDOCRYPT.

[6]  Anne Canteaut,et al.  Sosemanuk, a Fast Software-Oriented Stream Cipher , 2008, The eSTREAM Finalists.

[7]  Shahram Khazaei,et al.  Evaluation of SOSEMANUK with regard to guess-and-determine attacks , 2006 .

[8]  Bimal Roy,et al.  Progress in Cryptology - INDOCRYPT 2009, 10th International Conference on Cryptology in India, New Delhi, India, December 13-16, 2009. Proceedings , 2009, INDOCRYPT.

[9]  Dong Hoon Lee,et al.  Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks , 2008, ASIACRYPT.

[10]  Adi Shamir,et al.  Fault Analysis of Stream Ciphers , 2004, CHES.

[11]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[12]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[13]  Dai Qing-ping,et al.  Improved guess-and-determine attack on sosemanuk , 2012 .

[14]  Amr M. Youssef,et al.  Differential Fault Analysis of Rabbit , 2009, Selected Areas in Cryptography.

[15]  Joo Yeon Cho,et al.  Improved Linear Cryptanalysis of SOSEMANUK , 2009, ICISC.

[16]  Eli Biham,et al.  Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4 , 2005, FSE.

[17]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[18]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[19]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[20]  Irene Marquez Corbella,et al.  Fault Analysis of the Stream Cipher Snow 3G , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[21]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[22]  Amr M. Youssef,et al.  Differential Fault Analysis of HC-128 , 2010, AFRICACRYPT.

[23]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[24]  Dong Hoon Lee,et al.  Information, Security and Cryptology - ICISC 2009, 12th International Conference, Seoul, Korea, December 2-4, 2009, Revised Selected Papers , 2010, ICISC.

[25]  Dengguo Feng,et al.  A Byte-Based Guess and Determine Attack on SOSEMANUK , 2010, ASIACRYPT.

[26]  Lin Ding,et al.  Guess and Determine Attack on SOSEMANUK , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[27]  Thomas Johansson,et al.  A New Version of the Stream Cipher SNOW , 2002, Selected Areas in Cryptography.

[28]  Tanja Lange,et al.  Progress in Cryptology - AFRICACRYPT 2010, Third International Conference on Cryptology in Africa, Stellenbosch, South Africa, May 3-6, 2010. Proceedings , 2010, AFRICACRYPT.

[29]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[30]  Cécile Canovas,et al.  Fault Analysis of Rabbit: Toward a Secret Key Leakage , 2009, INDOCRYPT.

[31]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[32]  Vincent Rijmen,et al.  Progress in Cryptology - INDOCRYPT 2008, 9th International Conference on Cryptology in India, Kharagpur, India, December 14-17, 2008. Proceedings , 2008, INDOCRYPT.

[33]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[34]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.