Fault Analysis of Rabbit: Toward a Secret Key Leakage
نویسندگان
چکیده
Although Differential Fault Analysis (DFA) led to powerful applications against public key [15] and secret key [12] cryptosystems, very few works have been published in the area of stream ciphers. In this paper, we present the first application of DFA to the software eSTREAM candidate Rabbit that leads to a full secret key recovery. We show that by modifying modular additions of the next-state function, 32 faulty outputs are enough for recovering the whole internal state in time O ` 2 ́ and extracting the secret key. Thus, this work improves the previous fault attack against Rabbit both in terms of computational complexity and fault number.
منابع مشابه
Public Key Perturbation of Randomized RSA Implementations
Among all countermeasures that have been proposed to thwart side-channel attacks against RSA implementations, the exponent randomization method – also known as exponent blinding – has been very early suggested by P. Kocher in 1996, and formalized by J.-S. Coron at CHES 1999. Although it has been used for a long time, some authors pointed out the fact that it does not intrinsically remove all so...
متن کاملA Leakage-Resilient Spatial Encryption Scheme
A scheme is said leakage resilient if it remains secure even when an adversary is able to learn partial information about some secret values used throughout the lifetime of the system. This recent area appeared because of the need to develop schemes that resist to sidechannel attacks, such as power-consumption, fault or time analyses. Today, there exist a few encryption schemes that implement t...
متن کاملSecret Key Leakage from Public Key Perturbation of DLP-Based Cryptosystems
Finding efficient countermeasures for cryptosystems against fault attacks is challenged by a constant discovery of flaws in designs. Even elements, such as public keys, that do not seem critical must be protected. From the attacks against RSA [5,4], we develop a new attack of DLP-based cryptosystems, built in addition on a lattice analysis [26] to recover DSA public keys from partially known no...
متن کاملFully leakage-resilient signatures revisited: Graceful degradation, noisy leakage, and construction in the bounded-retrieval model
We construct new leakage-resilient signature schemes. Our schemes remain unforgeable against an adversary leaking arbitrary (yet bounded) information on the entire state of the signer (sometimes known as fully leakage resilience), including the random coin tosses of the signing algorithm. The main feature of our constructions is that they offer a graceful degradation of security in situations w...
متن کاملDifferential Fault Intensity Analysis on PRESENT and LED Block Ciphers
Differential Fault Intensity Analysis (DFIA) is a recently introduced fault analysis technique. This technique is based on the observation that faults are biased and thus are non-uniformly distributed over the cipher state variables. The adversary uses the fault bias as a source of leakage by controlling the intensity of fault injection. DFIA exploits statistical analysis to correlate the secre...
متن کامل