Skip to main content
SpringerLink
Log in

Deep round key recovery attacks and countermeasure in persistent fault model: a case study on GIFT and KLEIN

  • Research Article
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Persistent fault analysis (PFA) has emerged as a powerful technique that can recover the secret key by influencing ciphertext distribution. Most research work highlights its application for investigating the last round key. This work presents PFA attack methods to recover deeper round keys of SPN ciphers, wherein the last round key alone can not determine the entire master key. We use GIFT and KLEIN ciphers to validate our methods and show the effectiveness of the proposed approach through simulation. We could recover the full master keys of both the GIFT cipher versions by retrieving the round keys up to the depth 2 and 4 for GIFT-128 and GIFT-64, respectively. Our method recovered KLEIN’s last round key and penultimate round key in average 75 and 180 ciphertexts, respectively. We also analyzed the success rate of our approach for varying depths and Hamming distances. In GIFT-64, for Hamming distance 1, keys were recovered in approximately 110, 290, and 750 ciphertexts for round numbers 28, 27, and 26, respectively, with a 100% success rate. For round 25, around 2000 ciphertexts were sufficient to recover the round key in 90% of the cases out of 1000 experiments. For 39th round of GIFT-128, the round key can be recovered with a 100% success rate in roughly 380, 575, and 1100 ciphertexts for the Hamming distance 1, 2, and 3, respectively. However, for the same round with Hamming distance of value 4, the success rate is 75% for around 2000 ciphertexts. In addition, we propose a countermeasure to thwart PFA attacks and Intermediate-oriented fault attacks, such as, differential fault analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Algorithm 1
Fig. 5
Fig. 6
Algorithm 2
Fig. 7
Algorithm 3
Fig. 8
Algorithm 4

Similar content being viewed by others

Notes

  1. For exhaustive list of round constants please refer [3].

References

  1. Arora, A., Kothari, K., Joshi, P., Mazumdar, B.: Revisiting persistent fault analysis: assessing weak keys and strong keys in gift-64 lightweight cipher. In: AsianHOST, pp. 1–6 (2020)

  2. Baksi, A., Saha, D., Sarkar, S.: To infect or not to infect: a critical analysis of infective countermeasures in fault attacks. J. Cryptogr. Eng. 10(4), 355–374 (2020). https://doi.org/10.1007/s13389-020-00224-9

    Article  Google Scholar 

  3. Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small present—towards reaching the limit of lightweight encryption. In: Fischer, W., Homma, N. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2017—19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings. Lecture Notes in Computer Science, 10529, 321–345. Springer (2017)

  4. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006). https://doi.org/10.1109/JPROC.2005.862424

    Article  Google Scholar 

  5. Battistello, A., Giraud, C.: A note on the security of ches 2014 symmetric infective countermeasure. In: Standaert, F.X., Oswald, E. (eds.) Constructive Side-Channel Analysis and Secure Design, pp. 144–159. Springer, Cham (2016)

    Chapter  Google Scholar 

  6. Bertoni, G., Breveglieri, L., Koren, I., Maistri, P., Piuri, V.: Error analysis and detection procedures for a hardware implementation of the advanced encryption standard. IEEE Trans. Comput. 52(4), 492–505 (2003). https://doi.org/10.1109/TC.2003.1190590

    Article  Google Scholar 

  7. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: B.S.K., Jr. (ed.) Advances in Cryptology - CRYPTO ’97. Springer

  8. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: Advances in Cryptology - EUROCRYPT ’97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11–15, 1997, Proceeding (1997)

  9. Breier, J., Khairallah, M., Hou, X., Liu, Y.: A countermeasure against statistical ineffective fault analysis. IEEE Trans. Circuits Syst. II Express Briefs 67(12), 3322–3326 (2020). https://doi.org/10.1109/TCSII.2020.2989184

    Article  Google Scholar 

  10. Caforio, A., Banik, S.: A study of persistent fault analysis. In: Bhasin, S., Mendelson, A., Nandi, M. (eds.) Security, Privacy, and Applied Cryptography Engineering, pp. 13–33. Springer, Cham (2019)

    Chapter  Google Scholar 

  11. Carré, S., Guilley, S., Rioul, O.: Persistent fault analysis with few encryptions. IACR Cryptol. ePrint Arch. 2020, 671 (2020)

    Google Scholar 

  12. Chakraborty, A., Bhattacharya, S., Saha, S., Mukhopadhyay, D.: Explframe: Exploiting page frame cache for fault analysis of block ciphers. In: 2020 Design, Automation & Test in Europe Conference & Exhibition, DATE 2020, Grenoble, France, March 9–13, 2020. 1303–1306. IEEE (2020)

  13. Cheng, Y., Zheng, M., Huang, F., Zhang, J., Hu, H., Yu, N.: A fast-detection and fault-correction algorithm against persistent fault attack. In: 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 557–568 (2021). https://doi.org/10.1109/TrustCom53373.2021.00086

  14. Daemen, J., Dobraunig, C., Eichlseder, M., Gross, H., Mendel, F., Primas, R.: Protecting against statistical ineffective fault attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems 2020(3), 508–543 (2020). https://doi.org/10.13154/tches.v2020.i3.508-543

  15. Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: Sifa: exploiting ineffective fault inductions on symmetric cryptography. IACR Transactions on Cryptographic Hardware and Embedded Systems 2018(3), 547–572 (2018). https://doi.org/10.13154/tches.v2018.i3.547-572

  16. Feng, J., Chen, H., Li, Y., Jiao, Z., Xi, W.: A framework for evaluation and analysis on infection countermeasures against fault attacks. IEEE Trans. Inf. Forensics Secur. 15, 391–406 (2020). https://doi.org/10.1109/TIFS.2019.2903653

    Article  Google Scholar 

  17. Fuhr, T., Jaulmes, É., Lomné, V., Thillard, A.: Fault attacks on AES with faulty ciphertexts only. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, Los Alamitos, CA, USA, August 20, 2013. pp. 108–118 (2013)

  18. Ghosh, S., Saha, D., Sengupta, A., Roy Chowdhury, D.: Preventing fault attacks using fault randomization with a case study on AES. In: Foo, E., Stebila, D. (eds.) Information Security and Privacy, pp. 343–355. Springer, Cham (2015)

    Chapter  Google Scholar 

  19. Gierlichs, B., Schmidt, J.M., Tunstall, M.: Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. In: Hevia, A., Neven, G. (eds.) Progress in Cryptology - LATINCRYPT 2012, pp. 305–321. Springer, Berlin (2012)

    Chapter  Google Scholar 

  20. Gong, Z., Nikova, S., Law, Y.W.: Klein: A new family of lightweight block ciphers. In: Juels, A., Paar, C. (eds.) RFID. Security and Privacy. 1–18. Springer, Berlin (2012)

  21. Gruber, M., Probst, M., Tempelmeier, M.: Persistent fault analysis of ocb, DEOXYS and COLM. In: 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2019, Atlanta, GA, USA, August 24, 2019. 17–24. IEEE (2019)

  22. Joshi, P., Mazumdar, B.: Extpfa: Extended persistent fault analysis for deeper rounds of bit permutation based ciphers with a case study on gift. In: Security. Privacy, and Applied Cryptography Engineering, pp. 101–122. Springer, Cham (2020)

  23. Joshi, P., Mazumdar, B.: SPSA: semi-permanent stuck-at fault analysis of AES Rijndael SBox. J. Cryptogr. Eng. 13(2), 201–222 (2023). https://doi.org/10.1007/s13389-022-00301-1

    Article  Google Scholar 

  24. Joye, M., Manet, P., Rigaud, J.: Strengthening hardware AES implementations against fault attacks. IET Inf. Secur. 1(3), 106–110 (2007). https://doi.org/10.1049/iet-ifs:20060163

    Article  Google Scholar 

  25. Karpovsky, M., Kulikowski, K., Taubin, A.: Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard. In: International Conference on Dependable Systems and Networks. 93–101 (2004). https://doi.org/10.1109/DSN.2004.1311880

  26. Karpovsky, M., Kulikowski, K.J., Taubin, A.: Differential fault analysis attack resistant architectures for the advanced encryption standard. In: Quisquater, J.J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) Smart Card Research and Advanced Applications VI, pp. 177–192. Springer, USA (2004)

    Chapter  Google Scholar 

  27. Karri, R., Wu, K., Mishra, P., Kim, Y.: Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 21(12), 1509–1517 (2002). https://doi.org/10.1109/TCAD.2002.804378

    Article  Google Scholar 

  28. Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J., Lee, D., Wilkerson, C., Lai, K., Mutlu, O.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, Minneapolis, MN, USA, June 14–18, 2014. 361–372. IEEE Computer Society (2014)

  29. Lomné, V., Roche, T., Thillard, A.: On the need of randomness in fault attack countermeasures - application to aes. In: 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 85–94 (2012). https://doi.org/10.1109/FDTC.2012.19

  30. Maistri, P., Leveugle, R.: Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans. Comput. 57(11), 1528–1539 (2008). https://doi.org/10.1109/TC.2008.149

    Article  MathSciNet  Google Scholar 

  31. Pan, J., Zhang, F., Ren, K., Bhasin, S.: One fault is all it needs: Breaking higher-order masking with persistent fault analysis. In: Teich, J., Fummi, F. (eds.) Design, Automation and Test in Europe Conference and Exhibition, DATE 2019, Florence, Italy, March 25–29, 2019. 1–6. IEEE (2019)

  32. Patranabis, S., Chakraborty, A., Mukhopadhyay, D.: Fault tolerant infective countermeasure for AES. In: Chakraborty, R.S., Schwabe, P., Solworth, J.A. (eds.) Security, Privacy, and Applied Cryptography Engineering—5th International Conference, SPACE 2015, Jaipur, India, October 3–7, 2015, Proceedings. Lecture Notes in Computer Science, vol. 9354, 190–209. Springer (2015). https://doi.org/10.1007/978-3-319-24126-5_12

  33. Patranabis, S., Datta, N., Jap, D., Breier, J., Bhasin, S., Mukhopadhyay, D.: SCADFA: combined SCA+DFA attacks on block ciphers with practical validations. IEEE Trans. Comput. 68(10), 1498–1510 (2019)

    Article  MathSciNet  Google Scholar 

  34. Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna, C.A., Zhou, J. (eds.) Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication—5th IFIP WG 11.2 International Workshop, WISTP 2011, Heraklion, Crete, Greece, June 1–3, 2011. Proceedings. Lecture Notes in Computer Science, vol. 6633, pp. 224–233. Springer (2011)

  35. Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Destroying fault invariant with randomization. In: Batina, L., Robshaw, M. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2014, pp. 93–111. Springer, Berlin (2014)

  36. Wang, B., Liu, L., Deng, C., Zhu, M., Yin, S., Zhou, Z., Wei, S.: Exploration of benes network in cryptographic processors: a random infection countermeasure for block ciphers against fault attacks. IEEE Trans. Inf. Forensics Secur. 12(2), 309–322 (2017). https://doi.org/10.1109/TIFS.2016.2612638

    Article  Google Scholar 

  37. Wu, K., Karri, R., Kuznetsov, G., Goessel, M.: Low cost concurrent error detection for the advanced encryption standard. In: 2004 International Conference on Test, pp. 1242–1248 (2004). https://doi.org/10.1109/TEST.2004.1387397

  38. Xu, G., Zhang, F., Yang, B., Zhao, X., He, W., Ren, K.: Pushing the limit of PFA: enhanced persistent fault analysis on block ciphers. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 40(6), 1102–1116 (2021). https://doi.org/10.1109/TCAD.2020.3048280

    Article  Google Scholar 

  39. Zhang, F., Lou, X., Zhao, X., Bhasin, S., He, W., Ding, R., Qureshi, S., Ren, K.: Persistent fault analysis on block ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 150–172 (2018)

    Article  Google Scholar 

  40. Zhang, F., Xu, G., Yang, B., Liang, Z., Ren, K.: Theoretical analysis of persistent fault attack. Sci. China Inf. Sci. 63(3) (2020)

  41. Zhang, F., Zhang, Y., Jiang, H., Zhu, X., Bhasin, S., Zhao, X., Liu, Z., Gu, D., Ren, K.: Persistent fault attack in practice. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 172–195 (2020)

    Article  Google Scholar 

  42. Zhao, X., Guo, S., Zhang, F., Wang, T., Shi, Z., Ji, K.: Algebraic differential fault attacks on LED using a single fault injection. IACR Cryptol. ePrint Arch. 2012, 347 (2012)

    Google Scholar 

Download references

Acknowledgements

This research work is funded by Project: IHUB-NTIHAC/2021/01/21 by C3iHub, IIT Kanpur. Authors would like to thank C3iHub, IIT Kanpur, for supporting this work.

Author information

Authors and Affiliations

  1. Indian Institute of Technology Indore, Khandwa Road, Simrol, Madhya Pradesh, 453552, India

    Priyanka Joshi & Bodhisatwa Mazumdar

Authors
  1. Priyanka Joshi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bodhisatwa Mazumdar
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All the authors wrote the main manuscript and reviewed it.

Corresponding author

Correspondence to Priyanka Joshi.

Ethics declarations

Competing interests

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Joshi, P., Mazumdar, B. Deep round key recovery attacks and countermeasure in persistent fault model: a case study on GIFT and KLEIN. J Cryptogr Eng (2024). https://doi.org/10.1007/s13389-024-00349-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s13389-024-00349-1

Keywords

Search

Navigation