Fault Analysis of the PRINCE Family of Lightweight Ciphers

In ASHES 2020 (Aikata et al., in: Proceedings of the 4th ACM workshop on attacks and solutions in hardware security workshop, ASHES@CCS 2020, virtual event, November 13, 2020, USA, ACM, 2020), new integral and slow diffusion trails were reported on PRINCE and were used to mount fault attacks with practical complexities. We extend this work by performing new differential fault attacks based on the popular random bit-flip fault model, which has not been looked at in isolation for PRINCE until today. Additionally, we look at the construction of PRINCEv2 reported in SAC 2020 in the light of the attacks developed in this work and find that PRINCEv2 is equally vulnerable to them. We also highlight an interesting aspect of fault-reflection, which amplifies the scope of fault injection on PRINCE-like ciphers. The bit-flip model can recover the key uniquely at the expense of 7 random bit-faults injected at the input of Round-10 with a time complexity of 2 ²¹. The integral fault attack has a time complexity of 2 ³⁶ and 2 ²⁰ with 15 nibble faults in rounds 8.5 and 9.5, while the slow diffusion differential fault attack works with four bit-faults in the 10th round with a complexity of 2 ²². The array of fault attacks presented in this work constitute a comprehensive account of fault attack vulnerability of both PRINCE and PRINCEv2. Moreover, the 3D visualization model of PRINCE state introduced can be used to extend or improve existing attacks on PRINCE.