Random Fault Attack against Shrinking Generator
We concern security of shrinking generator against fault attacks. While this pseudorandom bitstream generator is cryptographically strong and well suited for hardware implementations, especially for cheap artefacts, we show that using it for the devices that are not fault resistant is risky. That is, even if a device concerned is tamper-proof, generating random faults and analyzing the results may reveal secret keys stored inside the device.
For the attack we flip a random bit and observe propagation of errors. The attack uses peculiar properties of the shrinking generator and presents a new kind of threats for designs based on combining weaker generators. In particular, it indicates that potentially all designs based on combining LFSR generators might be practically weak due to slow propagation of errors in a single LFSR.
KeywordsControl Register Input Sequence Control Sequence Output Sequence Input Generator
Unable to display preview. Download preview PDF.
- 1.Alfke, P.: Efficient Shift Registers, LFSR Counters, and Long Pseudo-Random Sequence Generators. Application Note, XAPP 052 July 7 (1996) (Version 1.1), http://www.xilinx.com/bvdocs/appnotes/xapp052.pdf
- 14.Rao, T.R.N., Yang, C.-H., Zeng, K.: An Improved Linear Syndrome Algorithm in Cryptanalysis With Applications. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 34–47. Springer, Heidelberg (1991)Google Scholar