Differential Fault Analysis (DFA) attack is a powerful cryptanalytic technique that could be used to retrieve the secret key by exploiting computational errors in the encryption (decryption) procedure. In the present paper, we propose a new DFA attack on SMS4 using a single fault. We show that if a random byte fault is induced into either the second, third, or fourth word register at the input ...

Fault Injection Attacks are a powerful form of active attack mechanism which can threaten even the strongest of cryptographic algorithms. This attack vector has become more pertinent with the growing popularity of the Internet of things (IoT), which is based on small omnipresent embedded systems interacting with sensitive data of personal or critical nature. This tutorial addresses this issue o...

Is it possible that a block cipher apparently immune to classical differential cryptanalysis can be attacked considering a different operation on the message space? Recently Calderini and Sala showed how to effectively compute alternative operations on a vector space which can serve as message space for a block cipher such that the resulting structure is still a vector space. The latter were us...

The threat from ransomware continues to grow both in the number of affected victims as well cost incurred by people and organisations impacted a successful attack. In majority cases, once victim has been attacked there remain only two courses action open them; either pay ransom or lose their data. One common behaviour shared between all crypto strains is that at some point during execution they...

In this paper we provide the first side-channel analysis of the K2 stream cipher. K2 is a fast and secure stream cipher built upon the strengths of SNOW 2.0. We apply timing attacks, power analysis, and differential fault analysis to K2. We show that naively implemented K2 is vulnerable to cache-timing attacks, and describe how to implement efficient countermeasures to protect K2 against side-c...

This paper presents improved collision attacks on roundreduced variants of the hash function CubeHash, one of the SHA-3 second round candidates. We apply two methods for finding linear differential trails that lead to lower estimated attack complexities when used within the framework introduced by Brier, Khazaei, Meier and Peyrin at ASIACRYPT 2009. The first method yields trails that are relati...

At CRYPTO’16, Beierle et al. presented SKINNY, a family of lightweight tweakable block ciphers intended to compete with SIMON. SKINNY can be implemented efficiently in both softand hardware, possesses a SubstitutionPermutation-Network structure, and supports block sizes of 64 and 128 bits as well as key and tweak sizes of 64, 128, 192, and 256 bits. This paper outlines a related-tweakey impossi...

Local differential privacy (LDP) has been received increasing attention as a formal definition without trusted server. In typical LDP protocol, the clients perturb their data locally with randomized mechanism before sending it to server for analysis. Many studies in literature of implicitly assume that honestly follow protocol; however, two recent show is generally vulnerable under malicious cl...