## Abstract

Performing differential fault attack (DFA) for any sponge authenticated encryption (AE) in the encryption query is a challenging task due to the employment of a unique nonce. Therefore, we need to repeat the nonce to perform DFA and, probably, this can be done through the decryption queries. The sponge duplex is a popular mode of operation for constructing authenticated encryption schemes, where 25 out of the 56 round 1 submissions in the ongoing NIST lightweight cryptography standardization process are sponge-based. The majority of these sponge-based constructions employed substitution permutation networks (SPN)/Feistel-like structures inside their underlying permutation. In this paper, we are interested in Feistel-based permutations used in the sponge AE construction. We call this kind of Feistel design a generalized Feistel network (GFN). We observe that, for a duplex sponge mode with GFN-based permutation, we might be able to recover the state by performing faulty forgeries in the decryption query. We make the reasonable assumption that the internal round function used in GFN follows an SPN-like structure. In this work, under random fault model, we first present an attack on the CiliPadi family of an authenticated encryption scheme to retrieve its state and then recover the secret key. We show that around \(2^{21}\) (data complexity) faulty queries are sufficient to recover its master key. Also, the time and memory complexities of this attack are respectively \(2^{14.5}\) and \(2^{8.5}\) nibbles. Then, we generalize this attack for any GFN-based sponge AE where SPN internally used inside the GFN. We propose two fault attacks to recover the internal state. In the first case, we assume that SPN has at least two rounds used in GFN. In the second case, GFN has employed one round SPN inside it. In both attacks, we recover the state by performing faulty forgery at the final permutation call (before the tag is obtained) under two different fault models. Then, we give a complete theoretical analysis to perform faulty forgeries. We also discuss the possibilities to extend state recovery attacks to full key recovery. Finally, we propose a general countermeasure against these kinds of fault attacks. To the best of our knowledge, this is the first fault attack reported on GFN-based sponge AE, where GFN internally uses SPN to fulfill its structure.

This is a preview of subscription content, access via your institution.

## Notes

SPN is sometimes defined more generally, e.g., by allowing the

*S*-box to vary across rounds or by allowing a more complex interaction with*k*than XOR\(\mathcal {L}_{*,j,h} = (\mathcal {L}_{0,j,h},\mathcal {L}_{1,j,h},\mathcal {L}_{2,j,h},\mathcal {L}_{3,j,h})\)

Let us take the \(\mathbf {f^{'}}\) state difference as \(\Delta _{in} = (0,0,\ldots ,\delta _e,0)\), \(\delta _e > 0\) and \(0\le e \le m-1\). Then, \(\mathrm{MCS}\circ \mathrm{SR}\big (\Delta _{in}\big ) = (\delta ^{'}_{0}, \delta ^{'}_{1}, \cdots , \delta ^{'}_{m-1})\), where \(\delta ^{'}_{j} > 0,\;\forall j \in \{o_1,\cdots ,o_\sigma \}\) and \(\delta ^{'}_{j} = 0\) for the remaining \(m-\sigma\) positions. Based on the above example, we define a new function \(\mathrm{MC}:\{1,2,3,\cdots ,m\} \rightarrow \{1,2,3,\cdots ,m\}\) such that \(\mathrm{MC}(e) = \{o_1,o_2,\cdots ,o_\sigma \}\), where

*e*represent a byte/nibble fault position and \(o_1,o_2,\cdots ,o_\sigma\) are different byte/nibble (non-zero difference) positions after applying SR, MCS operations to \(\Delta _{in}\).

## References

Daemen J, Rijmen V (2002) AES and the wide trail design strategy. In: Advances in Cryptology - EUROCRYPT 2002, International Conference on the Theory and Applications of Cryptographic Techniques, Amsterdam, The Netherlands, April 28 - May 2, 2002, Proceedings. pp 108–109. https://doi.org/10.1007/3-540-46035-7_7

Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. In: Paillier P, Verbauwhede I (eds) Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings, Springer, Lecture Notes in Computer Science, vol 4727. pp 450–466. https://doi.org/10.1007/978-3-540-74735-2_31

NBS FIPS PUB 46 National Bureau of Standards (1977) Data encryption standard. In: National Bureau of Standards, U.S. Department of Commerce

Beaulieu R, Shors D, Smith J, Treatman-Clark S, Weeks B, Wingers L (2015) The SIMON and SPECK lightweight block ciphers. In: Proceedings of the 52nd Annual Design Automation Conference - DAC 2015. ACM, pp 175:1–175:6

Sorkin A (1984) Lucifer, a cryptographic algorithm. Cryptologia 8(1):22–42. https://doi.org/10.1080/0161-118491858746

Shimizu A, Miyaguchi S (1987) Fast data encipherment algorithm FEAL. In: Advances in Cryptology - EUROCRYPT ’87, Workshop on the Theory and Application of of Cryptographic Techniques, Amsterdam, The Netherlands, April 13-15, 1987, Proceedings. pp 267–278. https://doi.org/10.1007/3-540-39118-5_24

Gosudarstvennyi Standard 28147-89 GOST (1989) Cryptographic protection for data processing systems. In: Government Committee of the USSR for Standards

Merkle RC (1990) Fast software encryption functions. In: Advances in Cryptology - CRYPTO ’90, 10th Annual International Cryptology Conference, Santa Barbara, California, USA, August 11-15, 1990, Proceedings. pp 476–501. https://doi.org/10.1007/3-540-38424-3_34

Brown L, Kwan M, Pieprzyk J, Seberry J (1991) Improving resistance to differential cryptanalysis and the redesign of LOKI. In: Advances in Cryptology - ASIACRYPT ’91, International Conference on the Theory and Applications of Cryptology, Fujiyoshida, Japan, November 11–14, 1991, Proceedings. pp 36–50. https://doi.org/10.1007/3-540-57332-1_3

Adams C, Tavares S (1993) Designing s-boxes for ciphers resistant to differential cryptanalysis. In: Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography, Rome, Italy 15-16:181–190

Schneier B (1993) Description of a new variable-length key, 64-bit block cipher (blowfish). In: Fast Software Encryption, Cambridge Security Workshop, Cambridge, UK, December 9-11, 1993. Proceedings. pp 191–204. https://doi.org/10.1007/3-540-58108-1_24

Rivest RL (1994) The RC5 encryption algorithm. In: Fast Software Encryption: Second International Workshop. Leuven, Belgium, 14-16 December 1994, Proceedings. pp 86–96

Zheng Y, Matsumoto T, Imai H (1989) On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In: Advances in Cryptology - CRYPTO ’89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 1989, Proceedings. pp 461–480

Schneier B, Kelsey J (1996) Unbalanced Feistel networks and block cipher design. In: Fast Software Encryption, Third International Workshop, Cambridge, UK, February 21-23, 1996, Proceedings. pp 121–144. https://doi.org/10.1007/3-540-60865-6_49

Anderson RJ, Biham E (1996) Two practical and provably secure block ciphers: BEARS and LION. In: Fast Software Encryption, Third International Workshop, Cambridge, UK, February 21-23, 1996, Proceedings. pp 113–120. https://doi.org/10.1007/3-540-60865-6_48

Lucks S (1996) Faster Luby-Rackoff ciphers. In: Fast Software Encryption, Third International Workshop, Cambridge, UK, February 21-23, 1996, Proceedings. pp 189–203. https://doi.org/10.1007/3-540-60865-6_53

Skipjack and KEA Algorithm Specifications (1998) Available at the National Institute of Standards and Technology’s web page. https://web.archive.org/web/20010603000755/http://csrc.nist.gov/encryption/skipjack/skipjack.pdf

Rivest RL, Robshaw MJB, Yin YL (2000) RC6 as the AES. The Third Advanced Encryption Standard Candidate Conference, April 13–14, 2000. New York, New York, USA., pp 337–342

Burwick C, Coppersmith D, Avignon ED, Gennaro R, Halevi S, Jutla C, Matyas SM Jr, O’Connor L, Peyravian M, Safford D, Zunic N (1998) MARS – a candidate cipher for AES. In: Proceedings of the First AES candidate conference, 20–22 August 1998. National Institute of Standard and Technology, Gaithersburg

Bogdanov A, Shibutani K (2013) Generalized Feistel networks revisited. Des Codes Cryptogr 66(1–3):75–97. https://doi.org/10.1007/s10623-012-9660-z

Hoang VT, Rogaway P (2010) On generalized Feistel networks. In: Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. Proceedings. pp 613–630. https://doi.org/10.1007/978-3-642-14623-7_33

Nyberg K (1996) Generalized Feistel networks. In: Advances in Cryptology - ASIACRYPT ’96, International Conference on the Theory and Applications of Cryptology and Information Security, Kyongju, Korea, November 3-7, 1996, Proceedings. pp 91–104. https://doi.org/10.1007/BFb0034838

Suzaki T, Minematsu K (2010) Improving the generalized Feistel. In: Fast Software Encryption, 17th International Workshop, FSE 2010, Seoul, Korea, February 7-10, 2010, Revised Selected Papers. pp 19–39. https://doi.org/10.1007/978-3-642-13858-4_2

Chakraborti A, Datta N, Nandi M, Yasuda K (2018) Beetle family of lightweight and secure authenticated encryption ciphers. IACR Trans Cryptogr Hardw Embed Syst 2018(2):218–241. https://doi.org/10.13154/tches.v2018.i2.218-241

Dobraunig C, Eichlsederc M, Mendel F, Schlaffer M (2019) ASCON v1.2. https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-docrnd2/ascon-spec-round2.pdf

Dobraunig C, Mangard S, Mendel F, Primas R (2018) Fault attacks on nonce-based authenticated encryption: application to Keyak and Ketje. In: Cid C, Jr MJJ (eds) Selected Areas in Cryptography - SAC 2018 - 25th International Conference, Calgary, AB, Canada, August 15-17, 2018, Revised Selected Papers, Springer, Lecture Notes in Computer Science, vol 11349. pp 257–277. https://doi.org/10.1007/978-3-030-10970-7_12

Roy DB, Chakraborti A, Chang D, Kumar SVD, Mukhopadhyay D, Nandi M (2017) Two efficient fault-based attacks on CLOC and SILC. J Hardw Syst Secur 1(3):252–268. https://doi.org/10.1007/s41635-017-0022-1

Z’aba MR, Jamil N, Rohmad MS, Rani HA, Shamsuddin S (2019) The CiliPadi family of lightweight authenticated encryption, version 1.0

Guo J, Peyrin T, Poschmann A, Robshaw MJB (2011) The LED block cipher. In: Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011, Proceedings. pp 326–341. https://doi.org/10.1007/978-3-642-23951-9_22

Banik S, Pandey SK, Peyrin T, Sasaki Y, Sim SM, Todo Y (2017) GIFT: a small present - towards reaching the limit of lightweight encryption. In: Fischer W, Homma N (eds) Cryptographic Hardware and Embedded Systems - CHES 2017 - 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings, Springer, Lecture Notes in Computer Science, vol 10529. pp 321–345. https://doi.org/10.1007/978-3-319-66787-4_16

Bertoni G, Daemen J, Peeters M, Van Assche G (2015) Cryptographic sponges. https://keccak.team/sponge_duplex.html

Aagaard M, AlTawy R, Gong G, Mandal K, Rohit R (2019) ACE: an authenticated encryption and hash algorithm

Bhattacharjee A, List E, Loṕez CM, Nandi M (2019) The Oribatida family of lightweight authenticated encryption schemes, version v1.1

Beierle C, Biryukov A, dos Santos LC, Großschädl J, Perrin L, Udovenko A, Velichkov V, Wang Q (2019) Schwaemm and Esch: lightweight authenticated encryption and hashing using the Sparkle permutation family, version v1.0

AlTawy R, Gong G, He M, Mandal K, Rohit R (2019) Spix: an authenticated cipher

AlTawy R, Gong G, He M, Jha A, Mandal K, Nandi M, Rohit R (2019) SpoC: an authenticated cipher

Bertoni G, Daemen J, Peeters M, Assche GV (2012) Permutation-based encryption, authentication and authenticated encryption

Bertoni G, Daemen J, Peeters M, Assche GV, Keer RV (2016) Caesar submission: Ketje v2. Caesar: competition for authenticated encryption: security, applicability, and robustness

## Acknowledgements

The preliminary of this work has started during my internship at the NTT Secure Platform Laboratories, Tokyo, Japan. The author would like to thank Dr. Yu Sasaki and Dr. Avik Chakraborty for the initial discussion and the guidance of this work. Also, the author would like to thank Dr. Ashwin Jha for a fruitful discussion on this work.

## Author information

### Authors and Affiliations

### Corresponding author

## Additional information

### Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

## Appendix

### Appendix

### Fault Attack on Single Round SPN-Based GFN Sponge AE

In this attack, we first describe the fault model. Then, we give a description of the state recovery by repeatedly performing faulty forgery in the decryption query.

#### The Fault Model

In this attack, we have considered a known byte/nibble fault model where the injected byte/nibble fault is only assumed to disturb a particular byte/nibble in such a way that the distribution of the faulty value is fully biased. More specifically, the attacker perfectly knows the statistical distribution of the faulty value.

#### The Fault Attack Description

In this attack model, we will inject a byte/nibble fault at the last round of SPN (\(\mathbf {f}\)) structure (before SC operation). Here, we assume that the last round of \(\mathbf {f}\) permutation has the MixColumnsSerial operation. The following steps, by an attacker to get a faulty forgery using faults in the decryption query, are given in Algorithm 6.

For better understanding, the above steps are explained for AES-like \(\mathbf {f^{'}}\), where MCS is used in the last round of \(\mathbf {f^{'}}\) permutation. Faults will be injected at the last round of \(\mathbf {f^{'}}\) just before the SC operation. At the 1st phase, we choose \(i_0\)-th byte/nibble as the fault position. Repeatedly make faulty decryption queries by injecting faults at the \(i_0\)-th position until we collect \(q_{0}\) number of tag forgeries. Next at the 2nd phase, we choose the \(i_1\)-th byte/nibble as the fault position so that \(\mathrm{MC}(i_1)\cap \mathrm{MC}(i_0)\) will be minimized or an empty set. Then, repeat the faulty decryption queries (with faults at the \(i_{1}\)-th position) until we collect \(q_{1}\) number of tag forgeries. We will continue this for other faulty positions until we have \(\mathrm{MC}(i_0) \cup \mathrm{MC}(i_1)\cup \cdots \cup \mathrm{MC}(i_{PC-1}) = \{1,2,\cdots ,m\}\).

The number of required faulty decryptions to get one forgery is summarized in the following proposition.

### Proposition 5

Let \(\chi\) denote the number of faulty decryption queries to collect *q* distinct tag forgeries, i.e., repeatedly induce nibble (known) faults at the fixed posision in the state (last round) until we get *q* different forgeries. Then, \(E(\chi ) < \lambda ^{2}\cdot \Big [1+ \log \bigg (\frac{\lambda }{\lambda -q+1}\bigg )\Big ]\).

### Proof

To make a valid forgery, we have to satisfy this condition: \(\textsf {SC} (\Delta _{in}) = \Delta _{out}^{'}\). Therefore, at any phase \(i, 0\le i < 4\),

Let, \(\chi _{j}, 1\le j \le q\) be the number of trials needed to collect \(j^{th}\) forgery after \(j-1\) forgeries have been collected. As \(\chi\) represents the number of independent trials needed to collect *q* number of successful forgeries, we have, \(\chi = \chi _1+\cdots +\chi _q\). Furthermore, the probability of collecting \(j^{th}\) forgery is \(p_j = \frac{\lambda -j+1}{\lambda \times \lambda }= \frac{\lambda -j+1}{\lambda ^{2}}\). Therefore, \(\chi _j\) follows geometric distribution and \(E(\chi _j) = \frac{1}{p_j}\). By the linearity of expectations, we have,

#### State Recovery of Sponge AE

Based on the collected lists \(\mathcal {H}_{PC}\) according to Algorithm 6, we have to recover the \(\mathbf {f^{'}}\) state byte/nibble-wise since there is only one difference in \(\Delta _{out}^{'}\) (see Fig. 10). Let \(r_{PC}\) (=1) denote the number of byte/nibble differences in \(\Delta _{out}^{'}\). The state recovery of \(\mathbf {f^{'}}\) is described in Algorithm 7.

Furthermore, we can recover other branches of \(\textsf {GFN} ^{\mathbf {f^{'}}}\) in the similar way that we have discussed in Sect. 7.1.4. Finally, the key can be recovered when either the key is directly used to output the tag by XORing with the state (output of the last permutation) or there are no extra key injections used after the initialization or before the finalization calls.

#### Attack Complexity

According to Proposition 3, to get at least one successful forgery, we need to perform \(\mu (=\lambda )\) number of faulty decryption queries. Let us assume that the retrieval of \(\mathbf {f^{'}}\) (SPN) state has been done by *z* number of phases using Algorithm 6. Now, let \(q = q_0+q_1+\cdots +q_{z-1}\) (\(q_0=\ldots =q_{z-1}\)) represent total number of different forging tags to retrieve the \(\mathbf {f^{'}}\) state uniquely. Thus, we need at least \(z \cdot \lambda\) number of byte/nibble faults to recover the full \(\mathbf {f}\) state uniquely. Again, there are *l* different branches for the \(\textsf {GFN} ^{\mathbf {f}}\) inside the sponge-based AE. Hence, we need approximately \(l \cdot z \cdot \lambda\) number of byte/nibble faults to recover the full \(\textsf {GFN} ^{\mathbf {f}}\) (sponge) state.

## Rights and permissions

## About this article

### Cite this article

Jana, A. Differential Fault Attack on Feistel-Based Sponge AE Schemes.
*J Hardw Syst Secur* **6**, 1–16 (2022). https://doi.org/10.1007/s41635-022-00124-w

Received:

Accepted:

Published:

Issue Date:

DOI: https://doi.org/10.1007/s41635-022-00124-w

### Keywords

- DFA
- Authenticated encryption
- AEAD
- CiliPadi
- Differential fault attack