Abstract
Persistent fault analysis (PFA) has emerged as a powerful technique that can recover the secret key by influencing ciphertext distribution. Most research work highlights its application for investigating the last round key. This work presents PFA attack methods to recover deeper round keys of SPN ciphers, wherein the last round key alone can not determine the entire master key. We use GIFT and KLEIN ciphers to validate our methods and show the effectiveness of the proposed approach through simulation. We could recover the full master keys of both the GIFT cipher versions by retrieving the round keys up to the depth 2 and 4 for GIFT-128 and GIFT-64, respectively. Our method recovered KLEIN’s last round key and penultimate round key in average 75 and 180 ciphertexts, respectively. We also analyzed the success rate of our approach for varying depths and Hamming distances. In GIFT-64, for Hamming distance 1, keys were recovered in approximately 110, 290, and 750 ciphertexts for round numbers 28, 27, and 26, respectively, with a 100% success rate. For round 25, around 2000 ciphertexts were sufficient to recover the round key in 90% of the cases out of 1000 experiments. For 39th round of GIFT-128, the round key can be recovered with a 100% success rate in roughly 380, 575, and 1100 ciphertexts for the Hamming distance 1, 2, and 3, respectively. However, for the same round with Hamming distance of value 4, the success rate is 75% for around 2000 ciphertexts. In addition, we propose a countermeasure to thwart PFA attacks and Intermediate-oriented fault attacks, such as, differential fault analysis.
Similar content being viewed by others
Notes
For exhaustive list of round constants please refer [3].
References
Arora, A., Kothari, K., Joshi, P., Mazumdar, B.: Revisiting persistent fault analysis: assessing weak keys and strong keys in gift-64 lightweight cipher. In: AsianHOST, pp. 1–6 (2020)
Baksi, A., Saha, D., Sarkar, S.: To infect or not to infect: a critical analysis of infective countermeasures in fault attacks. J. Cryptogr. Eng. 10(4), 355–374 (2020). https://doi.org/10.1007/s13389-020-00224-9
Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small present—towards reaching the limit of lightweight encryption. In: Fischer, W., Homma, N. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2017—19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings. Lecture Notes in Computer Science, 10529, 321–345. Springer (2017)
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006). https://doi.org/10.1109/JPROC.2005.862424
Battistello, A., Giraud, C.: A note on the security of ches 2014 symmetric infective countermeasure. In: Standaert, F.X., Oswald, E. (eds.) Constructive Side-Channel Analysis and Secure Design, pp. 144–159. Springer, Cham (2016)
Bertoni, G., Breveglieri, L., Koren, I., Maistri, P., Piuri, V.: Error analysis and detection procedures for a hardware implementation of the advanced encryption standard. IEEE Trans. Comput. 52(4), 492–505 (2003). https://doi.org/10.1109/TC.2003.1190590
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: B.S.K., Jr. (ed.) Advances in Cryptology - CRYPTO ’97. Springer
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: Advances in Cryptology - EUROCRYPT ’97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11–15, 1997, Proceeding (1997)
Breier, J., Khairallah, M., Hou, X., Liu, Y.: A countermeasure against statistical ineffective fault analysis. IEEE Trans. Circuits Syst. II Express Briefs 67(12), 3322–3326 (2020). https://doi.org/10.1109/TCSII.2020.2989184
Caforio, A., Banik, S.: A study of persistent fault analysis. In: Bhasin, S., Mendelson, A., Nandi, M. (eds.) Security, Privacy, and Applied Cryptography Engineering, pp. 13–33. Springer, Cham (2019)
Carré, S., Guilley, S., Rioul, O.: Persistent fault analysis with few encryptions. IACR Cryptol. ePrint Arch. 2020, 671 (2020)
Chakraborty, A., Bhattacharya, S., Saha, S., Mukhopadhyay, D.: Explframe: Exploiting page frame cache for fault analysis of block ciphers. In: 2020 Design, Automation & Test in Europe Conference & Exhibition, DATE 2020, Grenoble, France, March 9–13, 2020. 1303–1306. IEEE (2020)
Cheng, Y., Zheng, M., Huang, F., Zhang, J., Hu, H., Yu, N.: A fast-detection and fault-correction algorithm against persistent fault attack. In: 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 557–568 (2021). https://doi.org/10.1109/TrustCom53373.2021.00086
Daemen, J., Dobraunig, C., Eichlseder, M., Gross, H., Mendel, F., Primas, R.: Protecting against statistical ineffective fault attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems 2020(3), 508–543 (2020). https://doi.org/10.13154/tches.v2020.i3.508-543
Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: Sifa: exploiting ineffective fault inductions on symmetric cryptography. IACR Transactions on Cryptographic Hardware and Embedded Systems 2018(3), 547–572 (2018). https://doi.org/10.13154/tches.v2018.i3.547-572
Feng, J., Chen, H., Li, Y., Jiao, Z., Xi, W.: A framework for evaluation and analysis on infection countermeasures against fault attacks. IEEE Trans. Inf. Forensics Secur. 15, 391–406 (2020). https://doi.org/10.1109/TIFS.2019.2903653
Fuhr, T., Jaulmes, É., Lomné, V., Thillard, A.: Fault attacks on AES with faulty ciphertexts only. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, Los Alamitos, CA, USA, August 20, 2013. pp. 108–118 (2013)
Ghosh, S., Saha, D., Sengupta, A., Roy Chowdhury, D.: Preventing fault attacks using fault randomization with a case study on AES. In: Foo, E., Stebila, D. (eds.) Information Security and Privacy, pp. 343–355. Springer, Cham (2015)
Gierlichs, B., Schmidt, J.M., Tunstall, M.: Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. In: Hevia, A., Neven, G. (eds.) Progress in Cryptology - LATINCRYPT 2012, pp. 305–321. Springer, Berlin (2012)
Gong, Z., Nikova, S., Law, Y.W.: Klein: A new family of lightweight block ciphers. In: Juels, A., Paar, C. (eds.) RFID. Security and Privacy. 1–18. Springer, Berlin (2012)
Gruber, M., Probst, M., Tempelmeier, M.: Persistent fault analysis of ocb, DEOXYS and COLM. In: 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2019, Atlanta, GA, USA, August 24, 2019. 17–24. IEEE (2019)
Joshi, P., Mazumdar, B.: Extpfa: Extended persistent fault analysis for deeper rounds of bit permutation based ciphers with a case study on gift. In: Security. Privacy, and Applied Cryptography Engineering, pp. 101–122. Springer, Cham (2020)
Joshi, P., Mazumdar, B.: SPSA: semi-permanent stuck-at fault analysis of AES Rijndael SBox. J. Cryptogr. Eng. 13(2), 201–222 (2023). https://doi.org/10.1007/s13389-022-00301-1
Joye, M., Manet, P., Rigaud, J.: Strengthening hardware AES implementations against fault attacks. IET Inf. Secur. 1(3), 106–110 (2007). https://doi.org/10.1049/iet-ifs:20060163
Karpovsky, M., Kulikowski, K., Taubin, A.: Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard. In: International Conference on Dependable Systems and Networks. 93–101 (2004). https://doi.org/10.1109/DSN.2004.1311880
Karpovsky, M., Kulikowski, K.J., Taubin, A.: Differential fault analysis attack resistant architectures for the advanced encryption standard. In: Quisquater, J.J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) Smart Card Research and Advanced Applications VI, pp. 177–192. Springer, USA (2004)
Karri, R., Wu, K., Mishra, P., Kim, Y.: Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 21(12), 1509–1517 (2002). https://doi.org/10.1109/TCAD.2002.804378
Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J., Lee, D., Wilkerson, C., Lai, K., Mutlu, O.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, Minneapolis, MN, USA, June 14–18, 2014. 361–372. IEEE Computer Society (2014)
Lomné, V., Roche, T., Thillard, A.: On the need of randomness in fault attack countermeasures - application to aes. In: 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 85–94 (2012). https://doi.org/10.1109/FDTC.2012.19
Maistri, P., Leveugle, R.: Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans. Comput. 57(11), 1528–1539 (2008). https://doi.org/10.1109/TC.2008.149
Pan, J., Zhang, F., Ren, K., Bhasin, S.: One fault is all it needs: Breaking higher-order masking with persistent fault analysis. In: Teich, J., Fummi, F. (eds.) Design, Automation and Test in Europe Conference and Exhibition, DATE 2019, Florence, Italy, March 25–29, 2019. 1–6. IEEE (2019)
Patranabis, S., Chakraborty, A., Mukhopadhyay, D.: Fault tolerant infective countermeasure for AES. In: Chakraborty, R.S., Schwabe, P., Solworth, J.A. (eds.) Security, Privacy, and Applied Cryptography Engineering—5th International Conference, SPACE 2015, Jaipur, India, October 3–7, 2015, Proceedings. Lecture Notes in Computer Science, vol. 9354, 190–209. Springer (2015). https://doi.org/10.1007/978-3-319-24126-5_12
Patranabis, S., Datta, N., Jap, D., Breier, J., Bhasin, S., Mukhopadhyay, D.: SCADFA: combined SCA+DFA attacks on block ciphers with practical validations. IEEE Trans. Comput. 68(10), 1498–1510 (2019)
Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna, C.A., Zhou, J. (eds.) Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication—5th IFIP WG 11.2 International Workshop, WISTP 2011, Heraklion, Crete, Greece, June 1–3, 2011. Proceedings. Lecture Notes in Computer Science, vol. 6633, pp. 224–233. Springer (2011)
Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Destroying fault invariant with randomization. In: Batina, L., Robshaw, M. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2014, pp. 93–111. Springer, Berlin (2014)
Wang, B., Liu, L., Deng, C., Zhu, M., Yin, S., Zhou, Z., Wei, S.: Exploration of benes network in cryptographic processors: a random infection countermeasure for block ciphers against fault attacks. IEEE Trans. Inf. Forensics Secur. 12(2), 309–322 (2017). https://doi.org/10.1109/TIFS.2016.2612638
Wu, K., Karri, R., Kuznetsov, G., Goessel, M.: Low cost concurrent error detection for the advanced encryption standard. In: 2004 International Conference on Test, pp. 1242–1248 (2004). https://doi.org/10.1109/TEST.2004.1387397
Xu, G., Zhang, F., Yang, B., Zhao, X., He, W., Ren, K.: Pushing the limit of PFA: enhanced persistent fault analysis on block ciphers. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 40(6), 1102–1116 (2021). https://doi.org/10.1109/TCAD.2020.3048280
Zhang, F., Lou, X., Zhao, X., Bhasin, S., He, W., Ding, R., Qureshi, S., Ren, K.: Persistent fault analysis on block ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 150–172 (2018)
Zhang, F., Xu, G., Yang, B., Liang, Z., Ren, K.: Theoretical analysis of persistent fault attack. Sci. China Inf. Sci. 63(3) (2020)
Zhang, F., Zhang, Y., Jiang, H., Zhu, X., Bhasin, S., Zhao, X., Liu, Z., Gu, D., Ren, K.: Persistent fault attack in practice. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 172–195 (2020)
Zhao, X., Guo, S., Zhang, F., Wang, T., Shi, Z., Ji, K.: Algebraic differential fault attacks on LED using a single fault injection. IACR Cryptol. ePrint Arch. 2012, 347 (2012)
Acknowledgements
This research work is funded by Project: IHUB-NTIHAC/2021/01/21 by C3iHub, IIT Kanpur. Authors would like to thank C3iHub, IIT Kanpur, for supporting this work.
Author information
Authors and Affiliations
Contributions
All the authors wrote the main manuscript and reviewed it.
Corresponding author
Ethics declarations
Competing interests
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Joshi, P., Mazumdar, B. Deep round key recovery attacks and countermeasure in persistent fault model: a case study on GIFT and KLEIN. J Cryptogr Eng (2024). https://doi.org/10.1007/s13389-024-00349-1
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13389-024-00349-1