论文信息 - Fault attacks on Tiaoxin-346

Fault attacks on Tiaoxin-346

This paper describes two different fault injection attacks on the authenticated encryption stream cipher Tiaoxin-346, a third round candidate in the CAESAR cryptographic competition. The first type of fault injection uses a bit-flipping fault model to conduct a forgery attack. The number of faulty bits required for this forgery attack is twice the number of bit modifications made in the input message. The second type of fault injection uses a random fault model in a differential fault attack to recover the secret key of the cipher. A successful attack can be performed with 36 random multi-byte faults and a computational complexity of 236. This second attack improves on the previous key recovery attack of Dey et. al., as the random fault model we use is more practical than the bit flipping model used in their attack.Ed Dawson

[1] Vincent Rijmen,et al. The Design of Rijndael , 2002, Information Security and Cryptography.

[2] Debdeep Mukhopadhyay,et al. Fault Based Almost Universal Forgeries on CLOC and SILC , 2016, SPACE.

[3] Santanu Sarkar,et al. Differential Fault Analysis on Tiaoxin and AEGIS Family of Ciphers , 2016, SSCC.

[4] Vincent Rijmen,et al. The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[5] Eli Biham,et al. Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[6] Richard J. Lipton,et al. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[7] Alessandro Barenghi,et al. Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[8] Ross J. Anderson,et al. Optical Fault Induction Attacks , 2002, CHES.