Fault Attacks on Nonce-based Authenticated Encryption: Application to Keyak and Ketje

Christoph Erwin Dobraunig, Stefan Mangard, Florian Mendel, Robert Primas

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem Konferenzband

Abstract

In the context of fault attacks on nonce-based authenticated encryption, an attacker faces two restrictions. The first is the uniqueness of the nonce for each new encryption that prevents the attacker from collecting pairs of correct and faulty outputs to perform, e.g., differential fault attacks. The second restriction concerns the verification/decryption, which releases only verified plaintext. While many recent works either exploit misuse scenarios (e.g. nonce-reuse, release of unverified plaintext), we turn the fact that the decryption/verification gives us information on the effect of a fault (whether a fault changed a value or not) against it. In particular, we extend the idea of statistical ineffective fault attacks (SIFA) to target the initialization performed in nonce-based authenticated encryption schemes. By targeting the initialization performed during decryption/verification, most nonce-based authenticated encryption schemes provide the attacker with an oracle whether a fault was ineffective or not. This information is all the attacker needs to mount statistical ineffective fault attacks. To demonstrate the practical threat of the attack, we target software implementations of the authenticated encryption schemes Keyak and Ketje. The presented fault attacks can be carried out without the need of sophisticated equipment. In our practical evaluation the inputs corresponding to 24 ineffective fault inductions were required to reveal large parts of the secret key in both scenarios.

Originalspracheenglisch
TitelSelected Areas in Cryptography – SAC 2018
Redakteure/-innenCarlos Cid, Michael J. Jacobson
Herausgeber (Verlag)Springer
Seiten257-277
Seitenumfang21
ISBN (elektronisch)978-3-030-10970-7
ISBN (Print)978-3-030-10969-1
DOIs
PublikationsstatusVeröffentlicht - 2019

Publikationsreihe

NameLecture Notes in Computer Science
Band11349

ASJC Scopus subject areas

  • !!Theoretical Computer Science
  • !!Computer Science(all)

Fingerprint

Untersuchen Sie die Forschungsthemen von „Fault Attacks on Nonce-based Authenticated Encryption: Application to Keyak and Ketje“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren