Floating Fault analysis of Trivium under Weaker Assumptions

Trivium is a hardware-oriented stream cipher, and one of the finally chosen ciphers by eSTREAM project. Michal Hojsik and Bohuslav Rudolf presented an effective attack to Trivium, named floating fault analysis, at INDOCRYPT 2008. Their attack makes use of the fault injection and the fault float. In this paper, we present an improvement of this attack. Our attack is under following weaker and more practical assumptions. The fault injection can be made for the state at a random time. The positions of the fault bits are from random one of 3 NFSRs, and from a random area within 8 neighboring bits. We present a checking method, by which either the injecting time and fault positions can be determined, or the state differential at a known time can be determined. Each of these two determinations is enough for floating attack. After the determination, the attacker can averagely obtain 67.167 additional linear equations from 82 original quadratic equations, and obtain 66 additional quadratic equations from 66 original cubic equations. A modification of our model is similarly effective with the model of Michal Hojsik and Bohuslav, for the floating attack.