Information-Combining Differential Fault Attacks on DEFAULT

Marcel Nageler, Christoph Erwin Dobraunig, Maria Eichlseder

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Differential fault analysis (DFA) is a very powerful attack vector for implementations of symmetric cryptography. Most countermeasures are applied at the implementation level. At ASIACRYPT 2021, Baksi et al. proposed a design strategy that aims to provide inherent cipher level resistance against DFA by using S-boxes with linear structures. They argue that in their instantiation, the block cipher DEFAULT, a DFA adversary can learn at most 64 of the 128 key bits, so the remaining brute-force complexity of 2 64 is impractical. In this paper, we show that a DFA adversary can combine information across rounds to recover the full key, invalidating their security claim. In particular, we observe that such ciphers exhibit large classes of equivalent keys that can be represented efficiently in normalized form using linear equations. We exploit this in combination with the specifics of DEFAULT’s strong key schedule to recover the key using less than 100 faulty computation and negligible time complexity. Moreover, we show that even an idealized version of DEFAULT with independent round keys is vulnerable to our information-combining attacks based on normalized keys.

Original languageEnglish
Title of host publicationAdvances in Cryptology – EUROCRYPT 2022 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2022, Proceedings
EditorsOrr Dunkelman, Stefan Dziembowski
PublisherSpringer
Pages168-191
Number of pages24
ISBN (Electronic)978-3-031-07082-2
ISBN (Print)978-3-031-07081-5
DOIs
Publication statusPublished - May 2022
Event41st Annual International Conference on the Theory and Applications of Cryptographic Techniques: EUROCRYPT 2022 - Trondheim, Norway
Duration: 30 May 20223 Jun 2022
https://eurocrypt.iacr.org/2022/

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13277 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference41st Annual International Conference on the Theory and Applications of Cryptographic Techniques
Country/TerritoryNorway
CityTrondheim
Period30/05/223/06/22
Internet address

Keywords

  • Differential Fault Attacks (DFA)
  • Cryptanalysis
  • Linear structures
  • DEFAULT

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fields of Expertise

  • Information, Communication & Computing

Fingerprint

Dive into the research topics of 'Information-Combining Differential Fault Attacks on DEFAULT'. Together they form a unique fingerprint.

Cite this