Abstract
We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same key length of 80 bits. On the basis of the bit-oriented faulty model and the differential analysis principle, we describe the attack that combines differential fault attack with the meet-in-the-middle (MITM) attack on the KATAN32. More precisely, inducing a fault at a bit, we can recover some linear differential fault equations on the key bits. During solving equations, without the help of computer, we need only algebraic deduction to obtain relations of some key bits. The complexity in this process is neglectable. The secret key of the full cipher can be recovered faster than exhaustive search for all three block sizes in the KATAN family. Our result describes that KATAN32 is vulnerable.
Similar content being viewed by others
References
Canniére C D, Dunkelman O, Knežević M. KATAN & KTANTAN — A family of small and efficient hardware-oriented block ciphers [C]//Proceedings of Cryptographic Hardware and Embedded Systems. Berlin: Springer-Verlag, 2009: 272–288.
Boneh D, Demillo R A, Lipton R J. On the importance of checking cryptographic protocols for faults [C]// Proceedings of EUROCRYPT’97, LNCS 1233. Berlin: Springer-Verlag, 1997: 37–51.
Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems [J]. Journal of Cryptology, 1991, 4(1): 3–72.
Biham E, Shamir A. Differential fault analysis of secret key cryptosystems [C]//Proceedings of CRYPTO 1997, LNCS 1294. Berlin: Springer-Verlag, 1997: 513–525.
Diffie W, Hellman M E. Exhaustive cryptanalysis of the NBS data encryption standard [J]. IEEE Computer, 1977, 10(6): 74–84.
Zhang Lei, Gu Da-wu, Guo Zheng, et al. Correlation power analysis and implementation on KATAN32 cipher [J]. Journal of Computer Applications, 2011, 31(2): 504–510 (in Chinese).
Bard G V, Courtois N T, Nakahara J J, et al. Algebraic, AIDA/cube and side channel analysis of KATAN family of block ciphers [C]//Proceedings of INDOCRYPT. Berlin: Springer-Verlag, 2010: 176–196.
Abdul-Latip S F, Reyhanitabar M R, Susilo W, et al. Fault analysis of the KATAN family of block ciphers [EB/OL]. (2012-05-11). http://ro.uow.edu.au/infopapers/1882.
Knellwolf S, Meier W, Naya-Plasencia M. Conditional differential cryptanalysis of NLFSR-based cryptosystems [C]//Proceedings of ASIACRYPT 2010, LNCS 6744. Berlin: Springer-Verlag, 2010: 130–145.
Knellwolf S, Meier W, Naya-Plasencia M. Conditional differential cryptanalysis of trivium and KATAN [C]//Proceedings of Selected Areas in Cryptography (SAC) 2011, LNCS 7118. Berlin: Springer-Verlag, 2012: 200–212.
Zhang Wen-ying, Liu Xiang-zhong. A related-key and meet-in-the-middle match attack on the NFSR based block cipher KTANTAN32 [J]. Chinese Journal of Electronics, 2012, 40(10): 200–212 (in Chinese).
Wei L, Rechberger C, Guo J, et al. Improved meet-in-the-middle cryptanalysis of KTANTAN [C]//Proceedings of ACISP 2011, LNCS 6812. Berlin: Springer-Verlag, 2011: 433–438.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: the National Natural Science Foundation of China (No. 61272434), the Natural Science Foundation of Shandong Province (Nos. ZR2011FQ032 and ZR2012FM004), the Project of Shandong Province Higher Educational Science and Technology Program (No. J11LG33), and the Project of Senior Visiting Scholar of Shandong Province
Rights and permissions
About this article
Cite this article
Zhang, Wy., Liu, F., Liu, X. et al. Differential fault analysis and meet-in-the-middle attack on the block cipher KATAN32. J. Shanghai Jiaotong Univ. (Sci.) 18, 147–152 (2013). https://doi.org/10.1007/s12204-013-1377-2
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12204-013-1377-2