# American Institute of Mathematical Sciences

doi: 10.3934/amc.2022035
Online First

Online First articles are published articles within a journal that have not yet been assigned to a formal issue. This means they do not yet have a volume number, issue number, or page numbers assigned to them, however, they can still be found and cited using their DOI (Digital Object Identifier). Online First publication benefits the research community by making new scientific discoveries known as quickly as possible.

Readers can access Online First articles via the “Online First” tab for the selected journal.

## Differential faultt attack on DEFAULT

 1 Department of Mathematics, Indian Institute of Technology Madras, Chennai, India 2 Department of Computer Science and Engineering, Indian Institute of Technology Jammu, Jammu

*Corresponding author: Santanu Sarkar

Received  October 2021 Revised  March 2022 Early access May 2022

Block cipher DEFAULT has been proposed as a differential fault analysis immune cipher at Asiacrypt 2021. In this paper, we consider the initial version of DEFAULT with no permutation involved in the last round and show that one can find the key in this version with complexity $2^{16}$ by injecting 112 faults. However, our idea does not work for the modified version of the cipher (where a key scheduling algorithm is involved).

Citation: Chandan Dey, Sumit Kumar Pandey, Tapabrata Roy, Santanu Sarkar. Differential faultt attack on DEFAULT. Advances in Mathematics of Communications, doi: 10.3934/amc.2022035
##### References:
 [1] A. Baksi, Classical and physical security of symmetric key cryptographic algorithms, IFIP/IEEE 29th International Conference on Very Large Scale Integration (VLSI-SoC), Singapore, 2021. doi: 10.1109/VLSI-SoC53125.2021.9606988. [2] A. Baksi, S. Bhasin, J. Breier, M. Khairallah, T. Peyrin, S. Sarkar and S. M. Sim, DEFAULT: Cipher level resistance against differential fault attack, in Advances in Cryptology - ASIACRYPT 2021, Lecture Notes in Comput. Sci., 13091, Springer, 2021,124–156. doi: 10.1007/978-3-030-92075-3_5. [3] S. Banik, S. K. Pandey, T. Peyrin, Y. Sasaki, S. M. Sim and Y. Todo, GIFT: {A} small present, in Cryptographic Hardware and Embedded Systems - CHES 2017, Lecture Notes in Comput. Sci., 10529, Springer, 2017,321–345. doi: 10.1007/978-3-319-66787-4_16. [4] C. Beierle, G. Leander, A. Moradi and S. Rasoolzadeh, CRAFT: Lightweight tweakable block cipher with efficient protection against DFA attacks, IACR Trans. Symmetric Cryptol., 2019 (2019), 5-45.  doi: 10.46586/tosc.v2019.i1.5-45. [5] E. Biham and A. Shamir, Differential fault analysis of secret key cryptosystems, in Advances in Cryptology - CRYPTO '97, Lecture Notes in Comput. Sci., 1294, Springer, 1997,513–525. doi: 10.1007/BFb0052259. [6] D. Boneh, R. A. DeMillo and R. J. Lipton, On the importance of checking cryptographic protocols for faults (extended abstract), in Advances in Cryptology - EUROCRYPT '97 (Konstanz), Lecture Notes in Comput. Sci., 1233, Springer, Berlin, 1997, 37–51. doi: 10.1007/3-540-69053-0_4. [7] M. Nageler, C. Dobraunig and M. Eichlseder, Information-combining differential fault attacks on DEFAULT, IACR Cryptol. ePrint Arch., (2021). Available from: https://eprint.iacr.org/2021/1374.pdf. [8] G. Piret and J.-J. Quisquater, A differential fault attack technique against SPN structures, with application to the AES and KHAZAD, in Cryptographic Hardware and Embedded Systems - CHES 2003, Lecture Notes in Comput. Sci., 2779, Springer, 2003, 77–88. doi: 10.1007/978-3-540-45238-6_7. [9] D. Saha, D. Mukhopadhyay and D. Roy Chowdhury, A diagonal fault attack on the advanced encryption standard., IACR Cryptol. ePrint Arch., (2009). Available from: https://eprint.iacr.org/2009/581.pdf. [10] T. Simon, L. Batina, J. Daemen, V. Grosso, P. M. C. Massolino, K. Papagiannopoulos, F. Regazzoni and and N. Samwel, Friet: An authenticated encryption scheme with built-in fault detection, in Advances in Cryptology - EUROCRYPT 2020, Lecture Notes in Comput. Sci., 12105, Springer, Cham, 2020,581–611. doi: 10.1007/978-3-030-45721-1_21.

show all references

##### References:
 [1] A. Baksi, Classical and physical security of symmetric key cryptographic algorithms, IFIP/IEEE 29th International Conference on Very Large Scale Integration (VLSI-SoC), Singapore, 2021. doi: 10.1109/VLSI-SoC53125.2021.9606988. [2] A. Baksi, S. Bhasin, J. Breier, M. Khairallah, T. Peyrin, S. Sarkar and S. M. Sim, DEFAULT: Cipher level resistance against differential fault attack, in Advances in Cryptology - ASIACRYPT 2021, Lecture Notes in Comput. Sci., 13091, Springer, 2021,124–156. doi: 10.1007/978-3-030-92075-3_5. [3] S. Banik, S. K. Pandey, T. Peyrin, Y. Sasaki, S. M. Sim and Y. Todo, GIFT: {A} small present, in Cryptographic Hardware and Embedded Systems - CHES 2017, Lecture Notes in Comput. Sci., 10529, Springer, 2017,321–345. doi: 10.1007/978-3-319-66787-4_16. [4] C. Beierle, G. Leander, A. Moradi and S. Rasoolzadeh, CRAFT: Lightweight tweakable block cipher with efficient protection against DFA attacks, IACR Trans. Symmetric Cryptol., 2019 (2019), 5-45.  doi: 10.46586/tosc.v2019.i1.5-45. [5] E. Biham and A. Shamir, Differential fault analysis of secret key cryptosystems, in Advances in Cryptology - CRYPTO '97, Lecture Notes in Comput. Sci., 1294, Springer, 1997,513–525. doi: 10.1007/BFb0052259. [6] D. Boneh, R. A. DeMillo and R. J. Lipton, On the importance of checking cryptographic protocols for faults (extended abstract), in Advances in Cryptology - EUROCRYPT '97 (Konstanz), Lecture Notes in Comput. Sci., 1233, Springer, Berlin, 1997, 37–51. doi: 10.1007/3-540-69053-0_4. [7] M. Nageler, C. Dobraunig and M. Eichlseder, Information-combining differential fault attacks on DEFAULT, IACR Cryptol. ePrint Arch., (2021). Available from: https://eprint.iacr.org/2021/1374.pdf. [8] G. Piret and J.-J. Quisquater, A differential fault attack technique against SPN structures, with application to the AES and KHAZAD, in Cryptographic Hardware and Embedded Systems - CHES 2003, Lecture Notes in Comput. Sci., 2779, Springer, 2003, 77–88. doi: 10.1007/978-3-540-45238-6_7. [9] D. Saha, D. Mukhopadhyay and D. Roy Chowdhury, A diagonal fault attack on the advanced encryption standard., IACR Cryptol. ePrint Arch., (2009). Available from: https://eprint.iacr.org/2009/581.pdf. [10] T. Simon, L. Batina, J. Daemen, V. Grosso, P. M. C. Massolino, K. Papagiannopoulos, F. Regazzoni and and N. Samwel, Friet: An authenticated encryption scheme with built-in fault detection, in Advances in Cryptology - EUROCRYPT 2020, Lecture Notes in Comput. Sci., 12105, Springer, Cham, 2020,581–611. doi: 10.1007/978-3-030-45721-1_21.
Fault at penultimate round ( corresponds to faulty nibble)
DEFAULT permutation
 $i$ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 $P_{128}(i)$ 0 33 66 99 96 1 34 67 64 97 2 35 32 65 98 3 4 37 70 103 100 5 38 71 68 101 $i$ 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 $P_{128}(i)$ 6 39 36 69 102 7 8 41 74 107 104 9 42 75 72 105 10 43 40 73 106 11 12 45 78 111 $i$ 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 $P_{128}(i)$ 108 13 46 79 76 109 14 47 44 77 110 15 16 49 82 115 112 17 50 83 80 113 18 51 48 81 $i$ 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 $P_{128}(i)$ 114 19 20 53 86 119 116 21 54 87 84 117 22 55 52 85 118 23 24 57 90 123 120 25 58 91 $i$ 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 $P_{128}(i)$ 88 121 26 59 56 89 122 27 28 61 94 127 124 29 62 95 92 125 30 63 60 93 126 31
 $i$ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 $P_{128}(i)$ 0 33 66 99 96 1 34 67 64 97 2 35 32 65 98 3 4 37 70 103 100 5 38 71 68 101 $i$ 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 $P_{128}(i)$ 6 39 36 69 102 7 8 41 74 107 104 9 42 75 72 105 10 43 40 73 106 11 12 45 78 111 $i$ 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 $P_{128}(i)$ 108 13 46 79 76 109 14 47 44 77 110 15 16 49 82 115 112 17 50 83 80 113 18 51 48 81 $i$ 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 $P_{128}(i)$ 114 19 20 53 86 119 116 21 54 87 84 117 22 55 52 85 118 23 24 57 90 123 120 25 58 91 $i$ 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 $P_{128}(i)$ 88 121 26 59 56 89 122 27 28 61 94 127 124 29 62 95 92 125 30 63 60 93 126 31
DEFAULT round constants
 Cipher Round constants # of rounds DEFAULT-LAYER 1, 3, 7, 15, 31, 62, 61, 59, 55, 47, 30, 60, 57, 51, 39, 14, 29, 58, 53, 43, 22, 44, 24, 48, 33, 2, 5, 11 28 DEFAULT-CORE 1, 3, 7, 15, 31, 62, 61, 59, 55, 47, 30, 60, 57, 51, 39, 14, 29, 58, 53, 43, 22, 44, 24, 48 24
 Cipher Round constants # of rounds DEFAULT-LAYER 1, 3, 7, 15, 31, 62, 61, 59, 55, 47, 30, 60, 57, 51, 39, 14, 29, 58, 53, 43, 22, 44, 24, 48, 33, 2, 5, 11 28 DEFAULT-CORE 1, 3, 7, 15, 31, 62, 61, 59, 55, 47, 30, 60, 57, 51, 39, 14, 29, 58, 53, 43, 22, 44, 24, 48 24
Toy version's permutation
 $i$ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 $\mathcal{P}_T(i)$ 0 5 10 15 12 1 6 11 8 13 2 7 4 9 14 3
 $i$ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 $\mathcal{P}_T(i)$ 0 5 10 15 12 1 6 11 8 13 2 7 4 9 14 3
Comparison of Attack Complexities with changing number of faults for initial version of DEFAULT
 Round Number of Faults Attack Complexity Last Round 64 $2^{64}$ Last two rounds 80 $2^{48}$ Last two rounds 96 $2^{32}$ Last two rounds 112 $2^{16}$
 Round Number of Faults Attack Complexity Last Round 64 $2^{64}$ Last two rounds 80 $2^{48}$ Last two rounds 96 $2^{32}$ Last two rounds 112 $2^{16}$
 [1] Nishant Sinha. Internal state recovery of Espresso stream cipher using conditional sampling resistance and TMDTO attack. Advances in Mathematics of Communications, 2021, 15 (3) : 539-556. doi: 10.3934/amc.2020081 [2] Tian Ma, Shouhong Wang. Block structure and block stability of two-dimensional incompressible flows. Discrete and Continuous Dynamical Systems - B, 2006, 6 (1) : 169-184. doi: 10.3934/dcdsb.2006.6.169 [3] Yinghui Dong, Guojing Wang. The dependence of assets and default threshold with thinning-dependence structure. Journal of Industrial and Management Optimization, 2012, 8 (2) : 391-410. doi: 10.3934/jimo.2012.8.391 [4] David Gómez-Ullate, Niky Kamran, Robert Milson. Structure theorems for linear and non-linear differential operators admitting invariant polynomial subspaces. Discrete and Continuous Dynamical Systems, 2007, 18 (1) : 85-106. doi: 10.3934/dcds.2007.18.85 [5] Xiaofeng Ren. Shell structure as solution to a free boundary problem from block copolymer morphology. Discrete and Continuous Dynamical Systems, 2009, 24 (3) : 979-1003. doi: 10.3934/dcds.2009.24.979 [6] David L. Russell. Coefficient identification and fault detection in linear elastic systems; one dimensional problems. Mathematical Control and Related Fields, 2011, 1 (3) : 391-411. doi: 10.3934/mcrf.2011.1.391 [7] Fang Chen, Ning Gao, Yao- Lin Jiang. On product-type generalized block AOR method for augmented linear systems. Numerical Algebra, Control and Optimization, 2012, 2 (4) : 797-809. doi: 10.3934/naco.2012.2.797 [8] Edward S. Canepa, Alexandre M. Bayen, Christian G. Claudel. Spoofing cyber attack detection in probe-based traffic monitoring systems using mixed integer linear programming. Networks and Heterogeneous Media, 2013, 8 (3) : 783-802. doi: 10.3934/nhm.2013.8.783 [9] Jingwen Wu, Jintao Hu, Hongjiong Tian. Functionally-fitted block $\theta$-methods for ordinary differential equations. Discrete and Continuous Dynamical Systems - S, 2020, 13 (9) : 2603-2617. doi: 10.3934/dcdss.2020164 [10] Qiang Du, M. D. Gunzburger, L. S. Hou, J. Lee. Analysis of a linear fluid-structure interaction problem. Discrete and Continuous Dynamical Systems, 2003, 9 (3) : 633-650. doi: 10.3934/dcds.2003.9.633 [11] Irene Márquez-Corbella, Edgar Martínez-Moro. Algebraic structure of the minimal support codewords set of some linear codes. Advances in Mathematics of Communications, 2011, 5 (2) : 233-244. doi: 10.3934/amc.2011.5.233 [12] Emine Kaya, Eugenio Aulisa, Akif Ibragimov, Padmanabhan Seshaiyer. A stability estimate for fluid structure interaction problem with non-linear beam. Conference Publications, 2009, 2009 (Special) : 424-432. doi: 10.3934/proc.2009.2009.424 [13] Pablo Neme, Jorge Oviedo. A note on the lattice structure for matching markets via linear programming. Journal of Dynamics and Games, 2021, 8 (1) : 61-67. doi: 10.3934/jdg.2021001 [14] Emine Kaya, Eugenio Aulisa, Akif Ibragimov, Padmanabhan Seshaiyer. FLUID STRUCTURE INTERACTION PROBLEM WITH CHANGING THICKNESS NON-LINEAR BEAM Fluid structure interaction problem with changing thickness non-linear beam. Conference Publications, 2011, 2011 (Special) : 813-823. doi: 10.3934/proc.2011.2011.813 [15] Yuan Guo, Xiaofei Gao, Desheng Li. Structure of the set of bounded solutions for a class of nonautonomous second order differential equations. Communications on Pure and Applied Analysis, 2010, 9 (6) : 1607-1616. doi: 10.3934/cpaa.2010.9.1607 [16] T. Caraballo, J. A. Langa, J. Valero. Structure of the pullback attractor for a non-autonomous scalar differential inclusion. Discrete and Continuous Dynamical Systems - S, 2016, 9 (4) : 979-994. doi: 10.3934/dcdss.2016037 [17] Beatris Adriana Escobedo-Trujillo, José Daniel López-Barrientos. Nonzero-sum stochastic differential games with additive structure and average payoffs. Journal of Dynamics and Games, 2014, 1 (4) : 555-578. doi: 10.3934/jdg.2014.1.555 [18] Beatris Adriana Escobedo-Trujillo, Alejandro Alaffita-Hernández, Raquiel López-Martínez. Constrained stochastic differential games with additive structure: Average and discount payoffs. Journal of Dynamics and Games, 2018, 5 (2) : 109-141. doi: 10.3934/jdg.2018008 [19] Elimhan N. Mahmudov. Optimal control of evolution differential inclusions with polynomial linear differential operators. Evolution Equations and Control Theory, 2019, 8 (3) : 603-619. doi: 10.3934/eect.2019028 [20] Vu Hoang Linh, Volker Mehrmann. Spectral analysis for linear differential-algebraic equations. Conference Publications, 2011, 2011 (Special) : 991-1000. doi: 10.3934/proc.2011.2011.991

2021 Impact Factor: 1.015