Advertisement

Journal of Hardware and Systems Security

, Volume 1, Issue 2, pp 156–172 | Cite as

Differential Fault Analysis of SHA-3 Under Relaxed Fault Models

  • Pei Luo
  • Yunsi FeiEmail author
  • Liwei Zhang
  • A. Adam Ding
Article

Abstract

Keccak-based algorithms such as Secure Hash Algorithm-3 (SHA-3) will be widely used in cryptosystems, and evaluating their security against different kinds of attacks is vitally important. This paper presents an efficient differential fault analysis (DFA) method on all four modes of SHA-3 to recover an entire internal state, which leads to message recovery in the regular hashing mode and key retrieval in the message authentication code (MAC) mode. We adopt relaxed fault models in this paper, assuming the attacker can inject random single-byte faults into the penultimate round input of SHA-3. We also propose algorithms to find the lower bound on the number of fault injections needed to recover an entire internal state for the proposed attacks. Results show that on average, the attacker needs about 120 random faults to recover an internal state, while he needs 17 faults at best if he has control of the faults injected. The proposed attack method is further extended for systems with input messages longer than the bitrate.

Keywords

SHA-3 Keccak Differential fault analysis Hardware security 

Notes

Acknowledgements

This work was supported in part by the National Science Foundation under grants SaTC-1314655 and MRI-1337854. Simulation code used in this paper is available at http://tescase.coe.neu.edu/.

References

  1. 1.
    Bertoni G, Daemen J, Peeters M, Assche G (2011) The Keccak reference. Submission to NIST (Round 3) JanuaryGoogle Scholar
  2. 2.
    Pub NF, FIPS PUB (2015) 202. SHA-3 standard: permutation-based hash and extendable-output functions Federal Information Processing Standards PublicationGoogle Scholar
  3. 3.
    Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. In: Advances in Cryptology – CRYPTO, pp 513–525Google Scholar
  4. 4.
    Piret G, Quisquater J-J (2003) A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: 5th International Wkshp on Cryptographic Hardware and Embedded Systems, Cologne, Germany, pp 77–88Google Scholar
  5. 5.
    Chen H, Wu W, Feng D (2007) Differential fault analysis on CLEFIA. In: 9th International Conference on Information and Communications Security, Zhengzhou, China, pp 284–295Google Scholar
  6. 6.
    Karmakar S, Chowdhury DR (2013) Differential fault analysis of MICKEY-128 2.0. In: Wkshp on Fault Diagnosis and Tolerance in Cryptography, pp 52–59Google Scholar
  7. 7.
    Banik S, Maitra S (2013) A differential fault attack on MICKEY 2.0. In: 15th International Wkshp on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, USA, pp 215–232Google Scholar
  8. 8.
    Banik S, Maitra S, Sarkar S (2012) A differential fault attack on the Grain family of stream ciphers. In: 14th International Wkshp on Cryptographic Hardware and Embedded Systems, Leuven, Belgium, pp 122–139Google Scholar
  9. 9.
    Dey P, Chakraborty A, Adhikari A, Mukhopadhyay D (2015) Improved practical differential fault analysis of Grain-128. In: Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition, pp 459–464Google Scholar
  10. 10.
    Hemme L, Hoffmann L (2011) Differential fault analysis on the SHA1 compression function. In: Wkshp on Fault Diagnosis and Tolerance in Cryptography, pp 54–62Google Scholar
  11. 11.
    Altawy R, Youssef AM (2015) Differential fault analysis of Streebog. In: 11th International Conference on Information Security Practice and Experience, Beijing, China, pp 35–49Google Scholar
  12. 12.
    Li W, Tao Z, Gu D, Wang Y, Liu Z, Liu Y (2013) Differential fault analysis on the MD5 compression function. J Comput 8(11):2888–2894Google Scholar
  13. 13.
    Fischer W, Reuter CA (2012) Differential fault analysis on Grøstl. In: Wkshp on Fault Diagnosis and Tolerance in Cryptography, pp 44–54Google Scholar
  14. 14.
    Boura C, Canteaut A (2010) A zero-sum property for the KECCAK-f permutation with 18 rounds. In: IEEE International Symposium on Information Theory, pp 2488–2492Google Scholar
  15. 15.
    Das S, Meier W (2014) Differential biases in reduced-round Keccak. In: Progress in Cryptology – AFRICACRYPT 2014: 7th International Conference on Cryptology in Africa, Marrakesh, Morocco, pp 69–87Google Scholar
  16. 16.
    Dinur I, Dunkelman O, Shamir A (2013) Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. In: 20th International Workshop on Fast Software Encryption, Singapore, pp 219–240Google Scholar
  17. 17.
    Dinur I, Morawiecki P, Pieprzyk J, Srebrny M, Straus M (2015) Cube attacks and cube-attack-like cryptanalysis on the round-reduced Keccak sponge function. In: Advances in Cryptology – EUROCRYPT: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, pp 733–761Google Scholar
  18. 18.
    Luo P, Fei Y, Fang X, Ding A, Kaeli DR, Leeser M (2015) Side-channel analysis of MAC-Keccak hardware implementations. In: Proceedings of the Fourth Wkshp on Hardware and Architectural Support for Security and PrivacyGoogle Scholar
  19. 19.
    Morawiecki P, Pieprzyk J, Srebrny M (2013) Rotational cryptanalysis of round-reduced Keccak. In: 20th International Wkshp on Fast Software Encryption, Singapore, pp 241–262Google Scholar
  20. 20.
    Naya-Plasencia M, Röck A, Meier W (2011) Practical analysis of reduced-round Keccak. In: Progress in Cryptology – INDOCRYPT 2011: 12th International Conference on Cryptology in India, Chennai, India, pp 236–254Google Scholar
  21. 21.
    Taha M, Schaumont P (2013) Side-channel analysis of MAC-Keccak. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp 125–130Google Scholar
  22. 22.
    Bagheri N, Ghaedi N, Sanadhya S (2015) Differential fault analysis of SHA-3. In: Progress in Cryptology – INDOCRYPT 2015: 16th International Conference on Cryptology in India, Bangalore, India, pp 253–269Google Scholar
  23. 23.
    Luo P, Fei Y, Zhang L, Ding A (2016) Differential fault analysis of SHA3-224 and SHA3-256. In: Thirteenth Wkshp on Fault Diagnosis and Tolerance in CryptographyGoogle Scholar
  24. 24.
    Daemen J (1995) Cipher and hash function design strategies based on linear and differential cryptanalysis, Ph.D. dissertation, Doctoral Dissertation, March 1995 KU LeuvenGoogle Scholar
  25. 25.
    Bertoni G, Daemen J, Peeters M, Van Assche G (2011) Cryptographic sponge functions, Submission to NIST (Round 3)Google Scholar
  26. 26.
  27. 27.
    Pessl P, Hutter M (2013) Pushing the limits of SHA-3 hardware implementations to fit on RFID. In: 15th International Wkshp on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, USA, pp 126–141Google Scholar
  28. 28.
    Bertoni G, Daemen J, Peeters M, Van Assche G, Van Keer R (2012) Keccak implementation overview, Report, STMicroelectronics. Antwerp, BelgiumGoogle Scholar
  29. 29.
    Karpinski M, Zelikovsky A (1998) Approximating dense cases of covering problems. In: DIMACS Wkshp on Network Design: Connectivity and Facilites Location, pp 169–178Google Scholar
  30. 30.
    Bowman KA, Tokunaga C, Tschanz JW, Raychowdhury A, Khellah MM, Geuskens BM, Lu S-LL, Aseron PA, Karnik T, De VK (2011) All-digital circuit-level dynamic variation monitor for silicon debug and adaptive clock control. IEEE Trans Circuits Syst Regul Pap 58(9):2017–2025CrossRefMathSciNetGoogle Scholar
  31. 31.
    Luo P, Luo C, Fei Y (2016) System clock and power supply cross-checking for glitch detection, Cryptology ePrint Archive Report 2016/968Google Scholar
  32. 32.
    Luo P, Li C, Fei Y (2016) Concurrent error detection for reliable SHA-3 design. In: 26th edition on Great Lakes Symposium on VLSI, pp 39–44Google Scholar
  33. 33.
    Luo P, Zhang L, Fei Y, Ding A (2016) An improvement of both security and reliability for Keccak implementations on smart card, Cryptology ePrint Archive Report 2016/214Google Scholar
  34. 34.
    Bayat-Sarmadi S, Mozaffari-Kermani M, Reyhani-Masoleh A (2014) Efficient and concurrent reliable realization of the secure cryptographic SHA-3 algorithm. IEEE Trans Comput Aided Des Integr Circuits Syst 33 (7):1105–1109CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringNortheastern UniversityBostonUSA
  2. 2.Department of MathematicsNortheastern UniversityBostonUSA

Personalised recommendations