Information-Combining Differential Fault Attacks on DEFAULT

Marcel Nageler; Christoph Erwin Dobraunig; Maria Eichlseder

doi:10.1007/978-3-031-07082-2_7

Information-Combining Differential Fault Attacks on DEFAULT

Marcel Nageler, Christoph Erwin Dobraunig, Maria Eichlseder

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

Differential fault analysis (DFA) is a very powerful attack vector for implementations of symmetric cryptography. Most countermeasures are applied at the implementation level. At ASIACRYPT 2021, Baksi et al. proposed a design strategy that aims to provide inherent cipher level resistance against DFA by using S-boxes with linear structures. They argue that in their instantiation, the block cipher DEFAULT, a DFA adversary can learn at most 64 of the 128 key bits, so the remaining brute-force complexity of 2 ⁶⁴ is impractical. In this paper, we show that a DFA adversary can combine information across rounds to recover the full key, invalidating their security claim. In particular, we observe that such ciphers exhibit large classes of equivalent keys that can be represented efficiently in normalized form using linear equations. We exploit this in combination with the specifics of DEFAULT’s strong key schedule to recover the key using less than 100 faulty computation and negligible time complexity. Moreover, we show that even an idealized version of DEFAULT with independent round keys is vulnerable to our information-combining attacks based on normalized keys.

Originalsprache	englisch
Titel	Advances in Cryptology – EUROCRYPT 2022 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2022, Proceedings
Redakteure/-innen	Orr Dunkelman, Stefan Dziembowski
Herausgeber (Verlag)	Springer
Seiten	168-191
Seitenumfang	24
ISBN (elektronisch)	978-3-031-07082-2
ISBN (Print)	978-3-031-07081-5
DOIs	https://doi.org/10.1007/978-3-031-07082-2_7
Publikationsstatus	Veröffentlicht - Mai 2022
Veranstaltung	41st Annual International Conference on the Theory and Applications of Cryptographic Techniques: EUROCRYPT 2022 - Trondheim, Norwegen Dauer: 30 Mai 2022 → 3 Juni 2022 https://eurocrypt.iacr.org/2022/

Publikationsreihe

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band	13277 LNCS
ISSN (Print)	0302-9743
ISSN (elektronisch)	1611-3349

Konferenz

Konferenz	41st Annual International Conference on the Theory and Applications of Cryptographic Techniques
Kurztitel	EUROCRYPT 2022
Land/Gebiet	Norwegen
Ort	Trondheim
Zeitraum	30/05/22 → 3/06/22
Internetadresse	https://eurocrypt.iacr.org/2022/

ASJC Scopus subject areas

Theoretische Informatik
Informatik (insg.)

Fields of Expertise

Information, Communication & Computing

Zugriff auf Dokument

10.1007/978-3-031-07082-2_7

https://eprint.iacr.org/2021/1374Lizenz: CC BY 4.0

Andere Dateien und Links

Verknüpfung zur Publikation in Scopus

3 Vortrag bei Workshop, Seminar oder Kurs
1 Vortrag bei Konferenz oder Fachtagung

Information-Combining Differential Fault Attacks on DEFAULT
Marcel Nageler (Redner/in)
22 März 2022
Aktivität: Vortrag oder Präsentation › Vortrag bei Workshop, Seminar oder Kurs › Science to science
Information-Combining Differential Fault Attacks on DEFAULT
Maria Eichlseder (Redner/in)
24 Juni 2022
Aktivität: Vortrag oder Präsentation › Vortrag bei Workshop, Seminar oder Kurs › Science to science
Information-Combining Differential Fault Attacks on DEFAULT
Marcel Nageler (Redner/in)
2 Juni 2022
Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science

Dieses zitieren

Nageler, M., Dobraunig, C. E., & Eichlseder, M. (2022). Information-Combining Differential Fault Attacks on DEFAULT. in O. Dunkelman, & S. Dziembowski (Hrsg.), Advances in Cryptology – EUROCRYPT 2022 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2022, Proceedings (S. 168-191). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 13277 LNCS). Springer. https://doi.org/10.1007/978-3-031-07082-2_7

Information-Combining Differential Fault Attacks on DEFAULT. / Nageler, Marcel; Dobraunig, Christoph Erwin; Eichlseder, Maria.
Advances in Cryptology – EUROCRYPT 2022 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2022, Proceedings. Hrsg. / Orr Dunkelman; Stefan Dziembowski. Springer, 2022. S. 168-191 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 13277 LNCS).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Nageler, M, Dobraunig, CE & Eichlseder, M 2022, Information-Combining Differential Fault Attacks on DEFAULT. in O Dunkelman & S Dziembowski (Hrsg.), Advances in Cryptology – EUROCRYPT 2022 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bd. 13277 LNCS, Springer, S. 168-191, 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Trondheim, Norwegen, 30/05/22. https://doi.org/10.1007/978-3-031-07082-2_7

Nageler M, Dobraunig CE, Eichlseder M. Information-Combining Differential Fault Attacks on DEFAULT. in Dunkelman O, Dziembowski S, Hrsg., Advances in Cryptology – EUROCRYPT 2022 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2022, Proceedings. Springer. 2022. S. 168-191. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-07082-2_7

Nageler, Marcel ; Dobraunig, Christoph Erwin ; Eichlseder, Maria. / Information-Combining Differential Fault Attacks on DEFAULT. Advances in Cryptology – EUROCRYPT 2022 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2022, Proceedings. Hrsg. / Orr Dunkelman ; Stefan Dziembowski. Springer, 2022. S. 168-191 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{0bda43d726904d4b9ec7e5512f8f49cf,

title = "Information-Combining Differential Fault Attacks on DEFAULT",

abstract = "Differential fault analysis (DFA) is a very powerful attack vector for implementations of symmetric cryptography. Most countermeasures are applied at the implementation level. At ASIACRYPT 2021, Baksi et al. proposed a design strategy that aims to provide inherent cipher level resistance against DFA by using S-boxes with linear structures. They argue that in their instantiation, the block cipher DEFAULT, a DFA adversary can learn at most 64 of the 128 key bits, so the remaining brute-force complexity of 2 64 is impractical. In this paper, we show that a DFA adversary can combine information across rounds to recover the full key, invalidating their security claim. In particular, we observe that such ciphers exhibit large classes of equivalent keys that can be represented efficiently in normalized form using linear equations. We exploit this in combination with the specifics of DEFAULT{\textquoteright}s strong key schedule to recover the key using less than 100 faulty computation and negligible time complexity. Moreover, we show that even an idealized version of DEFAULT with independent round keys is vulnerable to our information-combining attacks based on normalized keys. ",

keywords = "Differential Fault Attacks (DFA), Cryptanalysis, Linear structures, DEFAULT",

author = "Marcel Nageler and Dobraunig, {Christoph Erwin} and Maria Eichlseder",

year = "2022",

month = may,

doi = "10.1007/978-3-031-07082-2_7",

language = "English",

isbn = "978-3-031-07081-5",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "168--191",

editor = "Orr Dunkelman and Stefan Dziembowski",

booktitle = "Advances in Cryptology – EUROCRYPT 2022 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2022, Proceedings",

note = "41st Annual International Conference on the Theory and Applications of Cryptographic Techniques : EUROCRYPT 2022, EUROCRYPT 2022 ; Conference date: 30-05-2022 Through 03-06-2022",

url = "https://eurocrypt.iacr.org/2022/",

}

TY - GEN

T1 - Information-Combining Differential Fault Attacks on DEFAULT

AU - Nageler, Marcel

AU - Dobraunig, Christoph Erwin

AU - Eichlseder, Maria

PY - 2022/5

Y1 - 2022/5

N2 - Differential fault analysis (DFA) is a very powerful attack vector for implementations of symmetric cryptography. Most countermeasures are applied at the implementation level. At ASIACRYPT 2021, Baksi et al. proposed a design strategy that aims to provide inherent cipher level resistance against DFA by using S-boxes with linear structures. They argue that in their instantiation, the block cipher DEFAULT, a DFA adversary can learn at most 64 of the 128 key bits, so the remaining brute-force complexity of 2 64 is impractical. In this paper, we show that a DFA adversary can combine information across rounds to recover the full key, invalidating their security claim. In particular, we observe that such ciphers exhibit large classes of equivalent keys that can be represented efficiently in normalized form using linear equations. We exploit this in combination with the specifics of DEFAULT’s strong key schedule to recover the key using less than 100 faulty computation and negligible time complexity. Moreover, we show that even an idealized version of DEFAULT with independent round keys is vulnerable to our information-combining attacks based on normalized keys.

AB - Differential fault analysis (DFA) is a very powerful attack vector for implementations of symmetric cryptography. Most countermeasures are applied at the implementation level. At ASIACRYPT 2021, Baksi et al. proposed a design strategy that aims to provide inherent cipher level resistance against DFA by using S-boxes with linear structures. They argue that in their instantiation, the block cipher DEFAULT, a DFA adversary can learn at most 64 of the 128 key bits, so the remaining brute-force complexity of 2 64 is impractical. In this paper, we show that a DFA adversary can combine information across rounds to recover the full key, invalidating their security claim. In particular, we observe that such ciphers exhibit large classes of equivalent keys that can be represented efficiently in normalized form using linear equations. We exploit this in combination with the specifics of DEFAULT’s strong key schedule to recover the key using less than 100 faulty computation and negligible time complexity. Moreover, we show that even an idealized version of DEFAULT with independent round keys is vulnerable to our information-combining attacks based on normalized keys.

KW - Differential Fault Attacks (DFA)

KW - Cryptanalysis

KW - Linear structures

KW - DEFAULT

UR - http://www.scopus.com/inward/record.url?scp=85132101529&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-07082-2_7

DO - 10.1007/978-3-031-07082-2_7

M3 - Conference paper

SN - 978-3-031-07081-5

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 168

EP - 191

BT - Advances in Cryptology – EUROCRYPT 2022 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2022, Proceedings

A2 - Dunkelman, Orr

A2 - Dziembowski, Stefan

PB - Springer

T2 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques

Y2 - 30 May 2022 through 3 June 2022

ER -

Information-Combining Differential Fault Attacks on DEFAULT

Abstract

Publikationsreihe

Konferenz

ASJC Scopus subject areas

Fields of Expertise

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Aktivitäten