Paper 2023/1018

SDFA: Statistical-Differential Fault Attack on Linear Structured SBox-Based Ciphers

Amit Jana, Indian Statistical Institute
Anup Kumar Kundu, Indian Statistical Institute
Goutam Paul, Indian Statistical Institute
Abstract

At Asiacrypt 2021, Baksi et al. introduced DEFAULT, the first block cipher designed to resist differential fault attacks (DFA) at the algorithm level, boasting of a 64-bit DFA security. The cipher initially employed a straightforward key schedule, where a single key was XORed in all rounds, and the key schedule was updated by incorporating round-independent keys in a rotating fashion. However, during Eurocrypt 2022, Nageler et al. presented a DFA attack that exposed vulnerabilities in the claimed DFA security of DEFAULT, reducing it by up to 20 bits in the case of the simple key schedule and even allowing for unique key recovery in the presence of rotating keys. In this work, we have significantly improved upon the existing differential fault attack (DFA) on the DEFAULT cipher. Our enhanced attack allows us to effectively recover the encryption key with minimal faults. We have accomplished this by computing deterministic differential trails for up to five rounds, injecting around 5 faults into the simple key schedule for key recovery, recovering equivalent keys with just 36 faults in the DEFAULT-LAYER, and introducing a generic DFA approach suitable for round-independent keys within the DEFAULT cipher. These results represent the most efficient key recovery achieved for the DEFAULT cipher under DFA attacks. Additionally, we have introduced a novel fault attack called the Statistical-Differential Fault Attack (SDFA), specifically tailored for linear-structured SBOX-based ciphers like DEFAULT. This novel technique has been successfully applied to BAKSHEESH, resulting in a nearly unique key recovery. Our findings emphasize the vulnerabilities present in linear-structured SBOX-based ciphers, including both DEFAULT and BAKSHEESH, and underscore the challenges in establishing robust DFA protection for such cipher designs. In summary, our research highlights the significant risks associated with designing linear-structured SBOX-based block ciphers with the aim of achieving cipher-level DFA protection.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Differential Fault AttackStatistical Fault AttackStatistical-Differential Fault AttackDEFAULTDFA Security
Contact author(s)
janaamit001 @ gmail com
anupkundumath @ gmail com
goutam paul @ isical ac in
History
2024-04-15: revised
2023-06-30: received
See all versions
Short URL
https://ia.cr/2023/1018
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1018,
      author = {Amit Jana and Anup Kumar Kundu and Goutam Paul},
      title = {{SDFA}: Statistical-Differential Fault Attack on Linear Structured {SBox}-Based Ciphers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1018},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1018}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.