Fault analysis on Kalyna

ABSTRACT Kalyna is a block cipher that has been selected as the result of the Ukrainian National Public Cryptographic Competition (2007–2010). Two important criteria for the selection of this new standard cipher were a high level of security and being able to work on modern platforms. After being selected, Kalyna has been slightly modified and approved as the new encryption standard in Ukraine in 2015. Kalyna has SPN (Substitution-Permutation Network)-based structure similar to AES (Advanced Encryption Standard). However, Kalyna has four different sets of SBoxes, a totally different key scheduling compared to AES, and it utilizes modulo key addition in the beginning and at the end of its encryption operation. Kalyna has five different modes of operation. In this paper, we investigate two different fault attacks on Kalyna. In the first attack, we assume that the attacker knows everything about the cipher except its secret key. In the second case, we assume that the SBox entries are also kept secret from the attacker. In both cases, we show that fault analysis gives the attacker a small number of key candidates that can be brute-forced. Our results illustrate the importance of protecting implementations of Kalyna against fault analysis.

[1]  C. Sanchez-Avila,et al.  The Rijndael block cipher (AES proposal) : a comparison with DES , 2001, Proceedings IEEE 35th Annual 2001 International Carnahan Conference on Security Technology (Cat. No.01CH37186).

[2]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[3]  Chao Li,et al.  Differential Fault Analysis on SHACAL-1 , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[4]  Olivier Markowitch,et al.  Breaking Kalyna 128/128 with Power Attacks , 2016, SPACE.

[5]  Amr M. Youssef,et al.  Fault Analysis of Kuznyechik , 2015, IACR Cryptol. ePrint Arch..

[6]  Roman Oliynykov,et al.  A New Encryption Standard of Ukraine: The Kalyna Block Cipher , 2015, IACR Cryptol. ePrint Arch..

[7]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[8]  Vasily Dolmatov GOST R 34.12-2015: Block Cipher "Kuznyechik" , 2016, RFC.

[9]  Li Lin,et al.  Improved meet-in-the-middle attacks on reduced-round Kalyna-128/256 and Kalyna-256/512 , 2018, Des. Codes Cryptogr..

[10]  Kai Wirt Fault Attack on the DVB Common Scrambling Algorithm , 2005, ICCSA.

[11]  Jian Zou,et al.  Cryptanalysis of the Round-Reduced Kupyna Hash Function , 2015, IACR Cryptol. ePrint Arch..

[12]  Aleksei Udovenko,et al.  Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog , 2016, IACR Trans. Symmetric Cryptol..

[13]  Amr M. Youssef,et al.  A Meet-in-the-Middle Attack on Reduced-Round Kalyna-b/2b , 2016, IEICE Trans. Inf. Syst..

[14]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[15]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[16]  Nicolas Courtois,et al.  Security Evaluation of GOST 28147-89 in View of International Standardisation , 2012, Cryptologia.

[17]  Roman Oliynykov,et al.  A New Standard of Ukraine: The Kupyna Hash Function , 2015, IACR Cryptol. ePrint Arch..

[18]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .

[19]  A. Alekseychuk,et al.  Cryptographic Properties of a New National Encryption Standard of Ukraine , 2016 .

[20]  Christophe Clavier,et al.  Reverse Engineering of a Secret AES-like Cipher by Ineffective Fault Analysis , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[21]  Florian Mendel,et al.  Analysis of the Kupyna-256 Hash Function , 2015, IACR Cryptol. ePrint Arch..

[22]  Donghoon Chang,et al.  Single Key Recovery Attacks on 9-Round Kalyna-128/256 and Kalyna-256/512 , 2015, ICISC.

[23]  Nahid Farhady Ghalaty,et al.  Differential Fault Intensity Analysis , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[24]  Ilia Polian,et al.  Fault-based attacks on the Bel-T block cipher family , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[25]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.