Journal of Cryptographic Engineering

, Volume 5, Issue 1, pp 13–29 | Cite as

Improved differential fault attack on MICKEY 2.0

Regular Paper

Abstract

In this paper we describe several ideas related to differential fault attack (DFA) on MICKEY 2.0, a stream cipher from eStream hardware profile. Using the standard assumptions for fault attacks, we first show that if the adversary can induce random single bit faults in the internal state of the cipher, then by injecting around \(2^{16.7}\) faults and performing \(2^{32.5}\) computations on an average, it is possible to recover the entire internal state of MICKEY at the beginning of the key-stream generation phase. We further consider the scenario where the fault may affect more than one (at most three) neighboring bits and in that case we require around \(2^{18.4}\) faults on an average to mount the DFA. We further show that if the attacker can solve multivariate equations (say, using SAT solvers) then the attack can be carried out using around \(2^{14.7}\) faults in the single-bit fault model and \(2^{16.06}\) faults for the multiple-bit scenario

Keywords

eStream Fault attacks MICKEY 2.0  Stream cipher 

References

  1. 1.
    Babbage, S, Dodd, M.: The stream cipher MICKEY 2.0. ECRYPT Stream Cipher Project Report. http://www.ecrypt.eu.org/stream/p3ciphers/mickey/mickey_p3. Accessed 23 July 2014
  2. 2.
    Babbage, S., Dodd, M.: The stream cipher MICKEY-128 2.0. ECRYPT Stream Cipher Project Report. http://www.ecrypt.eu.org/stream/p3ciphers/mickey/mickey128_p3. Accessed 23 July 2014
  3. 3.
    Banik, S., Maitra, S.: A differential fault attack on MICKEY 2.0. In: CHES 2013, LNCS, Vol. 8086, pp. 215–232 (2013)Google Scholar
  4. 4.
    Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family of stream ciphers. In: CHES 2012, LNCS, vol. 7428, pp. 122–139 (2012)Google Scholar
  5. 5.
    Banik, S., Maitra, S., Sarkar, S. A differential fault attack on the grain family under reasonable assumptions. In: INDOCRYPT 2012, LNCS, vol. 7668, pp. 191–208 (2012)Google Scholar
  6. 6.
    Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)CrossRefGoogle Scholar
  7. 7.
    Berzati, A., Canovas, C., Castagnos, G., Debraize, B., Goubin, L., Gouget, A., Paillier, P., Salgado, S.: Fault analysis of Grain-128. In: IEEE International Workshop on Hardware-Oriented Security and Trust, pp. 7–14 (2009)Google Scholar
  8. 8.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: CRYPTO 1997, LNCS, vol. 1294, pp. 513–525 (1997)Google Scholar
  9. 9.
    Blömer, J., Seifert, J.-P.: Fault based cryptanalysis of the advanced encryption standard (AES). In: Financial Cryptography 2003, LNCS, vol. 2742, pp. 162–181 (2003)Google Scholar
  10. 10.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: EUROCRYPT 1997, LNCS, vol. 1233, pp. 37–51 (1997)Google Scholar
  11. 11.
    Cid, C., Robshaw, M. (editors), Babbage, S., Borghoff, J., Velichkov, V. (Contributors): The eSTREAM Portfolio in 2012, 16 January 2012, version 1.0. http://www.ecrypt.eu.org/documents/D.SYM.10-v1 (2012)
  12. 12.
    Erdős, P., Rényi, A.: On a classical problem of probability theory. Magyar Tudományos Akadémia Matematikai Kutató Intézetének Közleményei, vol. 6, pp. 215–220, MR 0150807, 1961. http://www.renyi.hu/p_erdos/1961-09 (1961)
  13. 13.
    Gierlichs, B., Batina, L., Clavier, C., Eisenbarth, T., Gouget, A., Handschuh, H., Kasper, T., Lemke-Rust, K., Mangard, S., Moradi, A., Oswald, E.: Susceptibility of eSTREAM candidates towards side channel analysis. In: Proceedings of SASC 2008. http://www.ecrypt.eu.org/stvl/sasc2008/ (2008)
  14. 14.
    Hoch, J.J., Shamir, A.: Fault analysis of stream ciphers. In: CHES 2004, LNCS, vol. 3156, pp. 1–20 (2004)Google Scholar
  15. 15.
    Hojsík, M., Rudolf, B.: Differential fault analysis of Trivium. In: FSE 2008, LNCS, vol. 5086, pp. 158–172 (2008)Google Scholar
  16. 16.
    Hojsík, M., Rudolf, B.: Floating fault analysis of Trivium. In: INDOCRYPT 2008, LNCS, vol. 5365, pp. 239–250 (2008)Google Scholar
  17. 17.
    Hong, J., Kim, W.: TMD-Tradeoff and state entropy loss considerations of stream cipher MICKEY. In: INDOCRYPT 2005, LNCS, vol. 3797, pp. 169–182 (2005)Google Scholar
  18. 18.
    Karmakar, S., Roy Chowdhury, D.; Fault analysis of Grain-128 by targeting NFSR. In: AFRICACRYPT 2011, LNCS, vol. 6737, pp. 298–315 (2011)Google Scholar
  19. 19.
    Mohamed, M.S.E., Bulygin, S., Buchmann, J.: Improved differential fault analysis of Trivium. In: COSADE 2011, Darmstadt, Germany (2011)Google Scholar
  20. 20.
    Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: CHES 2003, LNCS, vol. 2779, pp. 77–88 (2003)Google Scholar
  21. 21.
    Sarkar, S., Banik, S., Maitra, S.: Differential Fault Attack Against Grain Family with Very Few Faults and Minimal Assumptions. IACR eprint archive, 2013:494. http://eprint.iacr.org/2013/494
  22. 22.
    Skorobogatov, S.P.: Optically enhanced position-locked power analysis. In: CHES 2006, LNCS, vol. 4249, pp. 61–75 (2006)Google Scholar
  23. 23.
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: CHES 2002, LNCS, vol. 2523, pp. 2–12 (2002)Google Scholar
  24. 24.
    Soos, M.: CryptoMiniSat-2.9.5. http://www.msoos.org/cryptominisat2/. Accessed 23 July 2014
  25. 25.
    Stein, W.: Sage Mathematics Software. Free Software Foundation Inc, 2009. http://www.sagemath.org (Open source project initiated by W. Stein and contributed by many)

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Subhadeep Banik
    • 1
  • Subhamoy Maitra
    • 1
  • Santanu Sarkar
    • 2
  1. 1.Indian Statistical InstituteKolkata India
  2. 2.Chennai Mathematical InstituteChennai India

Personalised recommendations