Fault Attack on the Authenticated Cipher ACORN v2

Security and Communication Networks ◽

10.1155/2017/3834685 ◽

2017 ◽

Vol 2017 ◽

pp. 1-16 ◽

Cited By ~ 3

Author(s):

Xiaojuan Zhang ◽

Xiutao Feng ◽

Dongdai Lin

Keyword(s):

Time Complexity ◽

Fault Injection ◽

Linear Equations ◽

Stream Ciphers ◽

Second Step ◽

System Of Equations ◽

Initial State ◽

Fault Attack ◽

Equation Solving ◽

Fault Locating

Fault attack is an efficient cryptanalysis method against cipher implementations and has attracted a lot of attention in recent public cryptographic literatures. In this work we introduce a fault attack on the CAESAR candidate ACORN v2. Our attack is done under the assumption of random fault injection into an initial state of ACORN v2 and contains two main steps: fault locating and equation solving. At the first step, we first present a fundamental fault locating method, which uses 99-bit output keystream to determine the fault injected location with probability 97.08%. And then several improvements are provided, which can further increase the probability of fault locating to almost 1. As for the system of equations retrieved at the first step, we give two solving methods at the second step, that is, linearization and guess-and-determine. The time complexity of our attack is not larger than c·2179.19-1.76N at worst, where N is the number of fault injections such that 31≤N≤88 and c is the time complexity of solving linear equations. Our attack provides some insights into the diffusion ability of such compact stream ciphers.

Download Full-text

A Fault Attack on the Family of Enocoro Stream Ciphers

Cryptography ◽

10.3390/cryptography5040026 ◽

2021 ◽

Vol 5 (4) ◽

pp. 26

Author(s):

Julian Danner ◽

Martin Kreuzer

Keyword(s):

Fault Injection ◽

Internal State ◽

Linear Equations ◽

Stream Ciphers ◽

Secret Key ◽

Fault Attack ◽

Time Period ◽

The Family ◽

Small Parts ◽

Differential Fault Attack

A differential fault attack framework for the Enocoro family of stream ciphers is presented. We only require that the attacker can reset the internal state and inject a random byte-fault, in a random register, during a known time period. For a single fault injection, we develop a differential clocking algorithm that computes a set of linear equations in the in- and output differences of the non-linear parts of the cipher and relates them to the differential keystream. The usage of these equations is two-fold. Firstly, one can determine those differentials that can be computed from the faulty keystream, and secondly they help to pin down the actual location and timing of the fault injection. Combining these results, each fault injection gives us information on specific small parts of the internal state. By encoding the information we gain from several fault injections using the weighted Horn clauses, we construct a guessing path that can be used to quickly retrieve the internal state using a suitable heuristic. Finally, we evaluate our framework with the ISO-standardized and CRYPTREC candidate recommended cipher Enocoro-128v2. Simulations show that, on average, the secret key can be retrieved within 20 min on a standard workstation using less than five fault injections.

Download Full-text

ANTI-SELF-DUAL SOLUTIONS OF THE YANG-MILLS EQUATIONS IN 4n DIMENSIONS

Modern Physics Letters A ◽

10.1142/s0217732392001816 ◽

1992 ◽

Vol 07 (23) ◽

pp. 2077-2085 ◽

Cited By ~ 17

Author(s):

A. D. POPOV

Keyword(s):

Scalar Field ◽

Euclidean Space ◽

Lie Algebra ◽

Linear Equations ◽

Dual Solutions ◽

Gauge Fields ◽

System Of Equations ◽

Semisimple Lie Algebra ◽

Yang Mills ◽

Self Duality

The anti-self-duality equations for gauge fields in d = 4 and a generalization of these equations to dimension d = 4n are considered. For gauge fields with values in an arbitrary semisimple Lie algebra [Formula: see text] we introduce the ansatz which reduces the anti-self-duality equations in the Euclidean space ℝ4n to a system of equations breaking up into the well known Nahm's equations and some linear equations for scalar field φ.

Download Full-text

Cryptanalysis of Loiss Stream Cipher-Revisited

Journal of Applied Mathematics ◽

10.1155/2014/457275 ◽

2014 ◽

Vol 2014 ◽

pp. 1-7

Author(s):

Lin Ding ◽

Chenhui Jin ◽

Jie Guan ◽

Qiuyan Wang

Keyword(s):

Time Complexity ◽

Stream Cipher ◽

Linear Equations ◽

Data Complexity ◽

Secret Key ◽

Key Recovery ◽

Systems Of Linear Equations ◽

Key Recovery Attack ◽

Better Than

Loiss is a novel byte-oriented stream cipher proposed in 2011. In this paper, based on solving systems of linear equations, we propose an improved Guess and Determine attack on Loiss with a time complexity of 2231and a data complexity of 268, which reduces the time complexity of the Guess and Determine attack proposed by the designers by a factor of 216. Furthermore, a related key chosenIVattack on a scaled-down version of Loiss is presented. The attack recovers the 128-bit secret key of the scaled-down Loiss with a time complexity of 280, requiring 264chosenIVs. The related key attack is minimal in the sense that it only requires one related key. The result shows that our key recovery attack on the scaled-down Loiss is much better than an exhaustive key search in the related key setting.

Download Full-text

Performance and Statistical Analysis of Stream ciphers in GSM Communications

Journal of Communications Software and Systems ◽

10.24138/jcomss.v16i1.892 ◽

2020 ◽

Vol 16 (1) ◽

pp. 11-18 ◽

Cited By ~ 1

Author(s):

Nagendar Yerukala ◽

V Kamakshi Prasad ◽

Allam Apparao

Keyword(s):

Statistical Analysis ◽

Stream Cipher ◽

Statistical Tests ◽

Stream Ciphers ◽

Test Suite ◽

Secret Key ◽

Initial State ◽

Detailed Statistical Analysis ◽

Almost All ◽

The Given

For a stream cipher to be secure, the keystream generated by it should be uniformly random with parameter 1/2.Statistical tests check whether the given sequence follow a certain probability distribution. In this paper, we perform a detailed statistical analysis of various stream ciphers used in GSM 2G,3G, 4G and 5G communications. The sequences output by these ciphers are checked for randomness using the statistical tests defined by the NIST Test Suite. It should also be not possible to derive any information about secret key and the initial state ofthe cipher from the keystream. Therefore, additional statisticaltests based on properties like Correlation between Keystreamand Key, and Correlation between Keystream and IV are also performed. Performance analysis of the ciphers also has been done and the results tabulated. Almost all the ciphers pass thetests in the NIST test suite with 99% confidence level. For A5/3stream cipher, the correlation between the keystream and key is high and correlation between the keystream and IV is low when compared to other ciphers in the A5 family.

Download Full-text

Hardware-Oriented Algebraic Fault Attack Framework with Multiple Fault Injection Support

2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) ◽

10.1109/fdtc.2019.00012 ◽

2019 ◽

Cited By ~ 2

Author(s):

Mael Gay ◽

Tobias Paxian ◽

Devanshi Upadhyaya ◽

Bernd Becker ◽

Ilia Polian

Keyword(s):

Fault Injection ◽

Multiple Fault ◽

Fault Attack

Download Full-text

A Novel Technique to Solve the Fuzzy System of Equations

Mathematics ◽

10.3390/math8050850 ◽

2020 ◽

Vol 8 (5) ◽

pp. 850

Author(s):

Nasser Mikaeilvand ◽

Zahra Noeiaghdam ◽

Samad Noeiaghdam ◽

Juan J. Nieto

Keyword(s):

Linear System ◽

Fuzzy Number ◽

Fuzzy System ◽

Linear Equations ◽

Second Step ◽

Negative Solution ◽

System Of Linear Equations ◽

Vector Solution ◽

Novel Technique ◽

Fuzzy Linear System

The aim of this research is to apply a novel technique based on the embedding method to solve the n × n fuzzy system of linear equations (FSLEs). By using this method, the strong fuzzy number solutions of FSLEs can be obtained in two steps. In the first step, if the created n × n crisp linear system has a non-negative solution, the fuzzy linear system will have a fuzzy number vector solution that will be found in the second step by solving another created n × n crisp linear system. Several theorems have been proved to show that the number of operations by the presented method are less than the number of operations by Friedman and Ezzati’s methods. To show the advantages of this scheme, two applicable algorithms and flowcharts are presented and several numerical examples are solved by applying them. Furthermore, some graphs of the obtained results are demonstrated that show the solutions are fuzzy number vectors.

Download Full-text

Vulnerability Analysis Against Fault Attack in terms of the Timing Behavior of Fault Injection

2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI) ◽

10.1109/isvlsi49217.2020.00075 ◽

2020 ◽

Author(s):

Mahboube Fakhire ◽

Ali Jahanian

Keyword(s):

Fault Injection ◽

Vulnerability Analysis ◽

Timing Behavior ◽

Fault Attack

Download Full-text

II. A memoir on the theory of matrices

Philosophical Transactions of the Royal Society of London ◽

10.1098/rstl.1858.0002 ◽

1858 ◽

Vol 148 ◽

pp. 17-37 ◽

Cited By ~ 90

Keyword(s):

Rational Function ◽

General Expression ◽

Linear Equations ◽

Integral Function ◽

The Other ◽

System Of Equations ◽

General Sense ◽

Condensed Form ◽

Restricted Sense ◽

The Matrix

The term matrix might be used in a more general sense, but in the present memoir I consider only square and rectangular matrices, and the term matrix used without qualification is to be understood as meaning a square matrix; in this restricted sense, a set of quantities arranged in the form of a square, e. g . ( a, b, c ) | a', b', c' | | a", b", c" | is said to be a matrix. The notion of such a matrix arises naturally from an abbreviated notation for a set of linear equations, viz. the equations X = ax + by + cz , Y = a'x + b'y + c'z , Z = a"x + b"y + c"z , may be more simply represented by ( X, Y, Z)=( a, b, c )( x, y, z ), | a', b', c' | | a", b", c" | and the consideration of such a system of equations leads to most of the fundamental notions in the theory of matrices. It will be seen that matrices (attending only to those of the same order) comport themselves as single quantities; they may be added, multiplied or compounded together, &c.: the law of the addition, of matrices is precisely similar to that for the addition of ordinary algebraical quantities; as regards their multiplication (or composition), there is the peculiarity that matrices are not in general convertible; it is nevertheless possible to form the powers (positive or negative, integral or fractional) of a matrix, and thence to arrive at the notion of a rational and integral function, or generally of any algebraical function, of a matrix. I obtain the remarkable theorem that any matrix whatever satisfies an algebraical equation of its own order, the coefficient of the highest power being unity, and those of the other powers functions of the terms of the matrix, the last coefficient being in fact the determinant; the rule for the formation of this equation may be stated in the following condensed form, which will be intelligible after a perusal of the memoir, viz. the determinant, formed out of the matrix diminished by the matrix considered as a single quantity involving the matrix unity, will be equal to zero. The theorem shows that every rational and integral function (or indeed every rational function) of a matrix may be considered as a rational and integral function, the degree of which is at most equal to that of the matrix, less unity; it even shows that in a sense, the same is true with respect to any algebraical function whatever of a matrix. One of the applications of the theorem is the finding of the general expression of the matrices which are convertible with a given matrix. The theory of rectangular matrices appears much less important than that of square matrices, and I have not entered into it further than by showing how some of the notions applicable to these may be extended to rectangular matrices.

Download Full-text

THE TWO-STEP APPROACH FOR WHOLE-CORE RESONANCE SELF-SHIELDING CALCULATION

EPJ Web of Conferences ◽

10.1051/epjconf/202124703014 ◽

2021 ◽

Vol 247 ◽

pp. 03014

Author(s):

Shuai Qin ◽

Qian Zhang ◽

Liang Liang ◽

Qingming He ◽

Hongchun Wu

Keyword(s):

Practical Problem ◽

Operating Conditions ◽

Second Step ◽

High Fidelity ◽

New Approach ◽

Resonance Effects ◽

Slowing Down ◽

Equation Solving ◽

Equivalence Relationship ◽

Core Problem

A two-step approach is proposed to accomplish high-fidelity whole-core resonance self-shielding calculation. Direct slowing-down equation solving based on the pin-cell scale is performed as the first step to simulate different operating conditions of the reactor. Resonance database is fitted using the results from the pin-cell calculation. Several techniques are used in the generation of the resonance database to estimate multiple types of resonance effects. The second step is the calculation of practical whole-core problem using the resonance database obtained from the first step. The transport solver is embedded both at the first step and the second step to establish the equivalence relationship between the fuel rod in the practical problem and the pin-cell at the first step. The numerical results show that the new approach have capability to perform high-fidelity resonance calculations for practical problem.

Download Full-text

FEDS: Comprehensive Fault Attack Exploitability Detection for Software Implementations of Block Ciphers

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2020.i2.272-299 ◽

2020 ◽

pp. 272-299

Author(s):

Keerthi K ◽

Indrani Roy ◽

Chester Rebeiro ◽

Aritra Hazra ◽

Swarup Bhunia

Keyword(s):

Fault Injection ◽

Comprehensive Assessment ◽

Fault Models ◽

Fault Attacks ◽

Fault Attack ◽

Injection Attacks ◽

Wide Range ◽

Software Implementations ◽

Implementation Level ◽

Automated Tools

Fault injection attacks are one of the most powerful forms of cryptanalytic attacks on ciphers. A single, precisely injected fault during the execution of a cipher like the AES, can completely reveal the key within a few milliseconds. Software implementations of ciphers, therefore, need to be thoroughly evaluated for such attacks. In recent years, automated tools have been developed to perform these evaluations. These tools either work on the cipher algorithm or on their implementations. Tools that work at the algorithm level can provide a comprehensive assessment of fault attack vulnerability for different fault attacks and with different fault models. Their application is, however, restricted because every realization of the cipher has unique vulnerabilities. On the other hand, tools that work on cipher implementations have a much wider application but are often restricted by the range of fault attacks and the number of fault models they can evaluate.In this paper, we propose a framework, called FEDS, that uses a combination of compiler techniques and model checking to merge the advantages of both, algorithmic level tools as well as implementation level tools. Like the algorithmic level tools, FEDS can provide a comprehensive assessment of fault attack exploitability considering a wide range of fault attacks and fault models. Like implementation level tools, FEDS works with implementations, therefore has wide application. We demonstrate the versatility of FEDS by evaluating seven different implementations of AES (including bitsliced implementation) and implementations of CLEFIA and CAMELLIA for Differential Fault Attacks. The framework automatically identifies exploitable instructions in all implementations. Further, we present an application of FEDS in a Fault Attack Aware Compiler, that can automatically identify and protect exploitable regions of the code. We demonstrate that the compiler can generate significantly more efficient code than a naïvely protected equivalent, while maintaining the same level of protection.

Download Full-text