Journal of Cryptographic Engineering

, Volume 9, Issue 1, pp 53–67 | Cite as

Internal differential fault analysis of parallelizable ciphers in the counter-mode

  • Dhiman SahaEmail author
  • Dipanwita Roy Chowdhury
Regular Paper


In Saha and Chowdhury (Cryptographic hardware and embedded systems—CHES 2016—18th international conference, Santa Barbara, CA, USA, August 17–19, 2016, Proceedings, 2016) the concept of fault analysis using internal differentials within a cipher was introduced and used to overcome the nonce barrier of conventional differential fault analysis with a demonstration on authenticated cipher PAEQ. However, the attack had a limitation with regard to the fault model which restricted one of the faults to be injected in the last byte of the counter. This in turn also required the message size to be fixed at 255 complete blocks. In this work, we overcome these limitations by extending the concept in a more general setting. In particular, we look at the concept of Fault-Quartets which is central to these kind of fault-based attacks. We theorize the relation of the fault model with the message size which forms an important aspect as regards the complexity of internal differential fault analysis (IDFA). Our findings reveal that the fault model undertaken while targeting the counter can be relaxed at the expense of an exponentially larger message size. Interestingly, the algorithm for finding a Fault-Quartet still remains linear. This in turns implies that in case of PAEQ the time complexities of the IDFA attack reported remain unaffected. The internal differential fault attack is able to uniquely retrieve the key of three versions of full-round PAEQ of key sizes 64, 80 and 128 bits with complexities of about \(2^{16}\), \(2^{16}\) and \(2^{50}\), respectively.


Fault analysis Authenticated encryption PAEQ Internal differential AESQ Nonce AES 


  1. 1.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Advances in cryptology—CRYPTO ’97, 17th Annual International Cryptology Conference, Santa Barbara, California, USA, August 17–21, 1997, Proceedings, pp. 513–525 (1997)Google Scholar
  2. 2.
    Giraud, C.: DFA on AES. In: Advanced Encryption Standard—AES, 4th International Conference, AES 2004, Bonn, Germany, May 10–12, 2004, Revised Selected and Invited Papers, pp. 27–41 (2004)Google Scholar
  3. 3.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. IACR Cryptology ePrint Archive, vol. 2003, p. 10 (2003).
  4. 4.
    Piret, G., Quisquater, J-J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Cryptographic Hardware and Embedded Systems—CHES 2003, 5th International Workshop, Cologne, Germany, September 8–10, 2003, Proceedings, pp. 77–88 (2003)Google Scholar
  5. 5.
    Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A generalized method of differential fault attack against AES cryptosystem. In: Cryptographic Hardware and Embedded Systems—CHES 2006, 8th International Workshop, Yokohama, Japan, October 10–13, 2006, Proceedings, pp. 91–100 (2006)Google Scholar
  6. 6.
    Mukhopadhyay, Debdeep.: An improved fault based attack of the advanced encryption standard. In: Progress in Cryptology—AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21–25, 2009. Proceedings, pp. 421–434 (2009)Google Scholar
  7. 7.
    Saha, D., Mukhopadhyay, D., Chowdhury, D.R.: A diagonal fault attack on the advanced encryption standard. In: IACR Cryptology ePrint Archive, vol. 2009, p. 581 (2009).
  8. 8.
    Rogaway, P.: Nonce-based symmetric encryption. In: Fast Software Encryption, 11th International Workshop, FSE 2004, Delhi, India, February 5–7, 2004, Revised Papers, pp. 348–359 (2004)Google Scholar
  9. 9.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Joye, M., Lenstra, A.K., Quisquater, J.-J.: Chinese remaindering based cryptosystems in the presence of faults. J. Cryptol. 12(4), 241–245 (1999)CrossRefzbMATHGoogle Scholar
  11. 11.
    Coron, J-S., Joux, A., Kizhvatov, I., Naccache, D., Paillier, P.: Fault attacks on RSA signatures with partially unknown messages. In: Cryptographic Hardware and Embedded Systems—CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6–9, 2009, Proceedings, pp. 444–456 (2009)Google Scholar
  12. 12.
    Saha, D., Kuila, S., Chowdhury, D.R.: EscApe: diagonal fault analysis of APE. In: Progress in Cryptology—INDOCRYPT 2014—15th International Conference on Cryptology in India, New Delhi, India, December 14–17, 2014, Proceedings, pp. 197–216 (2014)Google Scholar
  13. 13.
    Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Wang, Q., Yasuda, K.: PRIMATEs v1.02. Submission to the CAESAR Competition (2014). Accessed 23 Nov 2017
  14. 14.
    Dobraunig, C., Eichlseder, M., Korak, T., Lomné, V., Mendel, F.: Statistical fault attacks on nonce-based authenticated encryption schemes. In: Advances in Cryptology—ASIACRYPT 2016—22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4–8, 2016, Proceedings, Part I, pp. 369–395 (2016)Google Scholar
  15. 15.
    Peyrin, T.: Improved differential attacks for ECHO and Grøstl. In: Advances in Cryptology—CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15–19, 2010. Proceedings, pp. 370–392 (2010)Google Scholar
  16. 16.
    Dinur, I., Dunkelman, O., Shamir, A.: Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. In: Fast Software Encryption—20th International Workshop, FSE 2013, Singapore, March 11–13, 2013. Revised Selected Papers, pp. 219–240 (2013)Google Scholar
  17. 17.
    CAESAR: competition for authenticated encryption: security, applicability, and robustness. Accessed 23 Nov 2017
  18. 18.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES–The Advanced Encryption Standard. Information Security and Cryptography. Springer, Berlin (2002)CrossRefzbMATHGoogle Scholar
  19. 19.
    Saha, D., Chowdhury, D.R.: EnCounter: on breaking the nonce barrier in differential fault analysis with a case-study on PAEQ. In: Cryptographic Hardware and Embedded Systems—CHES 2016—18th International Conference, Santa Barbara, CA, USA, August 17–19, 2016, Proceedings, pp. 581–601 (2016)Google Scholar
  20. 20.
    Bagheri, N., Mendel, F., Sasaki, Y.: Improved rebound attacks on AESQ: core permutation of CAESAR candidate PAEQ. In: 21st Australasian Conference on Information Security and Privacy—ACISP 2016, Springer, pp. 301–316 (2016)Google Scholar
  21. 21.
    Saha, D., Kakarla, S., Mandava, S., Chowdhury, D.R.: Gain: practical key-recovery attacks on round-reduced PAEQ. In: Security, Privacy, and Applied Cryptography Engineering—6th International Conference, SPACE 2016, Hyderabad, India, December 14–18, 2016, Proceedings, pp. 194–210 (2016)Google Scholar
  22. 22.
    Saha, D., Kakarla, S., Mandava, S., Chowdhury, D.R.: Gain: practical key-recovery attacks on round-reduced PAEQ. J. Hardw. Syst. Secur. (2017).
  23. 23.
    Biryukov, A., Khovratovich, D.: PAEQ: parallelizable permutation-based authenticated encryption. In: Information Security—17th International Conference, ISC 2014, Hong Kong, China, October 12–14, 2014. Proceedings, pp. 72–89 (2014)Google Scholar
  24. 24.
    Khovratovich, D., Biryukov, A.: PAEQ v1. Submission to the CAESAR competition (2014).
  25. 25.
    van Woudenberg, J.G.J., Witteman, M.F., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, Tokyo, Japan, September 29, 2011, pp. 91–99 (2011)Google Scholar
  26. 26.
    Courbon, F., Loubet-Moundi, P., Fournier, J.J.A., Tria, A.: Adjusting laser injections for fully controlled faults. In: Constructive Side-Channel Analysis and Secure Design—5th International Workshop, COSADE 2014, Paris, France, April 13–15, 2014. Revised Selected Papers, pp. 229–242 (2014)Google Scholar
  27. 27.
    Agoyan, M., Dutertre, J-M., Naccache, D., Robisson, B., Tria, A.: When clocks fail: on critical paths and clock faults. In: Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14–16, 2010. Proceedings, pp. 182–193 (2010)Google Scholar
  28. 28.
    Moro, N., Heydemann, K., Dehbaoui, A., Robisson, B., Encrenaz, E.: Experimental evaluation of two software countermeasures against fault attacks. CoRR, abs/1407.6019 (2014)Google Scholar
  29. 29.
    Verbauwhede, I., Karaklajic, D., Schmidt, J-M.: The fault attack jungle—a classification model to guide you. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, Tokyo, Japan, September 29, 2011, pp. 3–8 (2011)Google Scholar
  30. 30.
    Schmidt, J.-M., Medwed,M.: Countermeasures for symmetric key ciphers. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography, pp. 73–87. Springer, Berlin, Heidelberg (2012)Google Scholar
  31. 31.
    Wang, B., Liu, L., Deng, C., Zhu, M., Yin, S., Wei, S.: Against double fault attacks: injection effort model, space and time randomization based countermeasures for reconfigurable array architecture. IEEE Trans. Inf. Forensics Secur. 11(6), 1151–1164 (2016)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2017

Authors and Affiliations

  1. 1.Crypto Research Lab, Department of Computer Science and EngineeringIITKharagpurIndia

Personalised recommendations