A Differential Fault Attack on Grain-128a Using MACs
نویسندگان
چکیده
The 32-bit MAC of Grain-128a is a linear combination of the first 64 and then the alternative keystream bits. In this paper we describe a successful differential fault attack on Grain-128a, in which we recover the secret key by observing the correct and faulty MACs of certain chosen messages. The attack works due to certain properties of the Boolean functions and corresponding choices of the taps from the LFSR. We present methods to identify the fault locations and then construct set of linear equations to obtain the contents of the LFSR and the NFSR. Our attack requires less than 2 fault injections and invocations of less than 2 MAC generation routines.
منابع مشابه
Fault Analysis of Grain Family of Stream Ciphers
In this paper, we present fault attack on Grain family of stream ciphers, an eStream finalist. The earlier fault attacks on Grain work on LFSR whereas our target for fault induction is the NFSR. Our attack requires a small number of faults to be injected; 150 only for Grain v1 and only 312 and 384 for Grain-128 and Grain-128a, respectively. The number of faults are much lesser than the earlier ...
متن کاملProbabilistic Signature Based Framework for Differential Fault Analysis of Stream Ciphers
Differential Fault Attack (DFA) has received serious attention in cryptographic literature and very recently such attacks have been mounted against several popular stream ciphers for example Grain v1, MICKEY 2.0 and Trivium, that are parts of the eStream hardware profile. The basic idea of the fault attacks consider injection of faults and the most general set-up should consider faults at rando...
متن کاملA Chosen IV Related Key Attack on Grain-128a
Due to the symmetric padding used in the stream cipher Grain v1 and Grain-128, it is possible to find Key-IV pairs that gener ate shifted keystreams efficiently. Based on this observation, Lee et al. presented a chosen IV related key attack on Grain v1 and Grain-128 at ACISP 2008. Later, the designers introduced Grain-128a having an asymmetric padding. As a result, the existing idea of chosen ...
متن کاملFault analysis and weak key-IV attack on Sprout
Armknecht and Mikhalev proposed a new stream cipher ‘Sprout’ based on the design specification of the stream cipher, Grain-128a. Sprout has shorter state size than Grain family with a round key function. The output of the round key function is XOR’ed with the feedback bit of the NFSR of the cipher. In this paper, we propose a new fault attack on Sprout by injecting a single bit fault after the ...
متن کاملRelaxed Differential Fault Analysis of SHA-3
In this paper, we propose a new method of differential fault analysis of SHA-3 which is based on the differential relations of the algorithm. Employing those differential relations in the fault analysis of SHA-3 gives new features to the proposed attacks, e.g., the high probability of fault detection and the possibility of re-checking initial faults and the possibility to recover internal state...
متن کامل