Probabilistic Signature Based Framework for Differential Fault Analysis of Stream Ciphers

Differential Fault Attack (DFA) has received serious attention in cryptographic literature and very recently such attacks have been mounted against several popular stream ciphers for example Grain v1, MICKEY 2.0 and Trivium, that are parts of the eStream hardware profile. The basic idea of the fault attacks consider injection of faults and the most general set-up should consider faults at random location and random time. Then one should identify the exact location and the exact timing of the fault (as well as multi bit faults) with the help of fault signatures. In this paper we consider this most general set-up and solve the problem of fault attack under a general framework, where probabilistic signatures are exploited. Our ideas subsume all the existing DFAs against the Grain family, MICKEY 2.0 and Trivium. In the process we provide improved fault attacks for all the versions of Grain family and also for MICKEY 2.0 (the attacks against Trivium are already quite optimal and thus there is not much scope to improve). Our generalized method can also take care of the cases where certain parts of the keystream bits are missing for authentication purpose. In particular, we show that the unsolved problem of identifying the faults in random time for Grain 128a can be solved in this manner. Our techniques can easily be applied to mount fault attack on any stream cipher of similar kind.

[1]  Subhamoy Maitra,et al.  A Differential Fault Attack on MICKEY 2.0 , 2013, CHES.

[2]  Daniel Wichs,et al.  Efficient Non-Malleable Codes and Key Derivation for Poly-Size Tampering Circuits , 2014, IEEE Transactions on Information Theory.

[3]  Santanu Sarkar,et al.  A Differential Fault Attack on the Grain Family under Reasonable Assumptions , 2012, INDOCRYPT.

[4]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[5]  Avishek Adhikari,et al.  Improved Multi-Bit Differential Fault Analysis of Trivium , 2014, INDOCRYPT.

[6]  Santanu Sarkar,et al.  A Differential Fault Attack on the Grain Family of Stream Ciphers , 2012, CHES.

[7]  Martin Hell,et al.  A New Version of Grain-128 with Authentication , 2011 .

[8]  Martin Hell,et al.  Grain-128a: a new version of Grain-128 with optional authentication , 2011, Int. J. Wirel. Mob. Comput..

[9]  Dipanwita Roy Chowdhury,et al.  Differential Fault Analysis of MICKEY Family of Stream Ciphers , 2014, IACR Cryptol. ePrint Arch..

[10]  Christophe De Cannière,et al.  Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.

[11]  Santanu Sarkar,et al.  Differential Fault Attack against Grain Family with Very Few Faults and Minimal Assumptions , 2015, IEEE Transactions on Computers.

[12]  Woo-Hwan Kim,et al.  TMD-Tradeoff and State Entropy Loss Considerations of Streamcipher MICKEY , 2005, INDOCRYPT.

[13]  Santanu Sarkar,et al.  Improved differential fault attack on MICKEY 2.0 , 2015, Journal of Cryptographic Engineering.

[14]  Michal Hojsík,et al.  Differential Fault Analysis of Trivium , 2008, FSE.

[15]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[16]  Debdeep Mukhopadhyay,et al.  Multi-Bit Differential Fault Analysis of Grain-128 with Very Weak Assumptions , 2014, IACR Cryptol. ePrint Arch..