Differential faultt attack on DEFAULT

Chandan Dey; Sumit Kumar Pandey; Tapabrata Roy; Santanu Sarkar

doi:10.3934/amc.2022035

Article Contents

2024, Volume 18, Issue 4: 909-921. Doi: 10.3934/amc.2022035

This issue Previous Article A novel genetic search scheme based on nature-inspired evolutionary algorithms for binary self-dual codes Next Article Binary self-dual and LCD codes from generator matrices constructed from two group ring elements by a heuristic search scheme

Differential faultt attack on DEFAULT

1.
Department of Mathematics, Indian Institute of Technology Madras, Chennai, India
2.
Department of Computer Science and Engineering, Indian Institute of Technology Jammu, Jammu

^*Corresponding author: Santanu Sarkar
^*Corresponding author: Santanu Sarkar

Received: October 2021

Revised: March 2022

Early access: May 26, 2022

Published online: May 26, 2022

Abstract / Introduction Full Text(HTML) Figure(1) / Table(4) Related Papers Cited by

Abstract

Block cipher DEFAULT has been proposed as a differential fault analysis immune cipher at Asiacrypt 2021. In this paper, we consider the initial version of DEFAULT with no permutation involved in the last round and show that one can find the key in this version with complexity $ 2^{16} $ by injecting 112 faults. However, our idea does not work for the modified version of the cipher (where a key scheduling algorithm is involved).

Keywords:

Mathematics Subject Classification: Primary: 94A60.

Citation:

Full Text(HTML)

Figure 1. Fault at penultimate round ( corresponds to faulty nibble)

Download: Full-size image PowerPoint slide

Table 1. DEFAULT permutation

$ i $	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25
$ P_{128}(i) $	0	33	66	99	96	1	34	67	64	97	2	35	32	65	98	3	4	37	70	103	100	5	38	71	68	101
$ i $	26	27	28	29	30	31	32	33	34	35	36	37	38	39	40	41	42	43	44	45	46	47	48	49	50	51
$ P_{128}(i) $	6	39	36	69	102	7	8	41	74	107	104	9	42	75	72	105	10	43	40	73	106	11	12	45	78	111
$ i $	52	53	54	55	56	57	58	59	60	61	62	63	64	65	66	67	68	69	70	71	72	73	74	75	76	77
$ P_{128}(i) $	108	13	46	79	76	109	14	47	44	77	110	15	16	49	82	115	112	17	50	83	80	113	18	51	48	81
$ i $	78	79	80	81	82	83	84	85	86	87	88	89	90	91	92	93	94	95	96	97	98	99	100	101	102	103
$ P_{128}(i) $	114	19	20	53	86	119	116	21	54	87	84	117	22	55	52	85	118	23	24	57	90	123	120	25	58	91
$ i $	104	105	106	107	108	109	110	111	112	113	114	115	116	117	118	119	120	121	122	123	124	125	126	127
$ P_{128}(i) $	88	121	26	59	56	89	122	27	28	61	94	127	124	29	62	95	92	125	30	63	60	93	126	31

| Show Table

DownLoad: CSV

Table 2. DEFAULT round constants

Cipher	Round constants	# of rounds
DEFAULT-LAYER	1, 3, 7, 15, 31, 62, 61, 59, 55, 47, 30, 60, 57, 51, 39, 14, 29, 58, 53, 43, 22, 44, 24, 48, 33, 2, 5, 11	28
DEFAULT-CORE	1, 3, 7, 15, 31, 62, 61, 59, 55, 47, 30, 60, 57, 51, 39, 14, 29, 58, 53, 43, 22, 44, 24, 48	24

| Show Table

DownLoad: CSV

Table 3. Toy version's permutation

$ i $	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15
$ \mathcal{P}_T(i) $	0	5	10	15	12	1	6	11	8	13	2	7	4	9	14	3

| Show Table

DownLoad: CSV

Table 4. Comparison of Attack Complexities with changing number of faults for initial version of DEFAULT

Round	Number of Faults	Attack Complexity
Last Round	64	$ 2^{64} $
Last two rounds	80	$ 2^{48} $
Last two rounds	96	$ 2^{32} $
Last two rounds	112	$ 2^{16} $

| Show Table

DownLoad: CSV

Related Papers

Cited by

References

[1]	A. Baksi, Classical and physical security of symmetric key cryptographic algorithms, IFIP/IEEE 29th International Conference on Very Large Scale Integration (VLSI-SoC), Singapore, 2021. doi: 10.1109/VLSI-SoC53125.2021.9606988.
[2]	A. Baksi, S. Bhasin, J. Breier, M. Khairallah, T. Peyrin, S. Sarkar and S. M. Sim, DEFAULT: Cipher level resistance against differential fault attack, in Advances in Cryptology - ASIACRYPT 2021, Lecture Notes in Comput. Sci., 13091, Springer, 2021,124–156. doi: 10.1007/978-3-030-92075-3_5.
[3]	S. Banik, S. K. Pandey, T. Peyrin, Y. Sasaki, S. M. Sim and Y. Todo, GIFT: {A} small present, in Cryptographic Hardware and Embedded Systems - CHES 2017, Lecture Notes in Comput. Sci., 10529, Springer, 2017,321–345. doi: 10.1007/978-3-319-66787-4_16.
[4]	C. Beierle, G. Leander, A. Moradi and S. Rasoolzadeh, CRAFT: Lightweight tweakable block cipher with efficient protection against DFA attacks, IACR Trans. Symmetric Cryptol., 2019 (2019), 5-45. doi: 10.46586/tosc.v2019.i1.5-45.
[5]	E. Biham and A. Shamir, Differential fault analysis of secret key cryptosystems, in Advances in Cryptology - CRYPTO '97, Lecture Notes in Comput. Sci., 1294, Springer, 1997,513–525. doi: 10.1007/BFb0052259.
[6]	D. Boneh, R. A. DeMillo and R. J. Lipton, On the importance of checking cryptographic protocols for faults (extended abstract), in Advances in Cryptology - EUROCRYPT '97 (Konstanz), Lecture Notes in Comput. Sci., 1233, Springer, Berlin, 1997, 37–51. doi: 10.1007/3-540-69053-0_4.
[7]	M. Nageler, C. Dobraunig and M. Eichlseder, Information-combining differential fault attacks on DEFAULT, IACR Cryptol. ePrint Arch., (2021). Available from: https://eprint.iacr.org/2021/1374.pdf.
[8]	G. Piret and J.-J. Quisquater, A differential fault attack technique against SPN structures, with application to the AES and KHAZAD, in Cryptographic Hardware and Embedded Systems - CHES 2003, Lecture Notes in Comput. Sci., 2779, Springer, 2003, 77–88. doi: 10.1007/978-3-540-45238-6_7.
[9]	D. Saha, D. Mukhopadhyay and D. Roy Chowdhury, A diagonal fault attack on the advanced encryption standard., IACR Cryptol. ePrint Arch., (2009). Available from: https://eprint.iacr.org/2009/581.pdf.
[10]	T. Simon, L. Batina, J. Daemen, V. Grosso, P. M. C. Massolino, K. Papagiannopoulos, F. Regazzoni and and N. Samwel, Friet: An authenticated encryption scheme with built-in fault detection, in Advances in Cryptology - EUROCRYPT 2020, Lecture Notes in Comput. Sci., 12105, Springer, Cham, 2020,581–611. doi: 10.1007/978-3-030-45721-1_21.