Abstract
\(\textsf {CLOC}\) and \(\textsf {SILC}\) are two blockcipher based authenticated encryption schemes, submitted to the CAESAR competition, that aim to use low area buffer and handle short input efficiently. The designers of the schemes claimed \(\frac{n}{2}\)-bit integrity security against nonce reusing adversaries, where n is the blockcipher state size in bits. In this paper, we present single fault-based almost universal forgeries on both \(\textsf {CLOC}\) and \(\textsf {SILC}\) with only one single bit fault at a fixed position of a specific blockcipher input. In the case of CLOC, the forgery can be done for almost any nonce, associated data and message triplet, except some nominal restrictions on associated data. In the case of SILC, the forgery can be done for almost any associated data and message, except some nominal restrictions on associated data along with a fixed nonce. Both the attacks on \(\textsf {CLOC}\) and SILC require several nonce-misusing encryption queries. This attack is independent of the underlying blockcipher and works on the encryption mode. In this paper, we also validate the proposed fault based forgery methodology by performing actual fault attacks by electromagnetic pulse injection which shows practicality of the proposed forgery procedure. Finally, we provide updated constructions, that can resist the fault attack on the mode assuming the underlying blockcipher is fault resistant. We would like to note that our attacks do not violate the designers’ claims as our attacks require fault. However, it shows some vulnerability of the schemes when fault is feasible.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
— (no editor), CAESAR Competition. http://competitions.cr.yp.to/caesar.html
Banik, S., Maitra, S.: A differential fault attack on MICKEY 2.0. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 215–232. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40349-1_13
Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family of stream ciphers. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 122–139. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33027-8_8
Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family under reasonable assumptions. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 191–208. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34931-7_12
Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004). doi:10.1007/978-3-540-25937-4_25
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997). doi:10.1007/BFb0052259
Biham, E., Granboulan, L., Nguyen, P.Q.: Impossible fault analysis of RC4 and differential fault analysis of RC4. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 359–367. Springer, Heidelberg (2005). doi:10.1007/11502760_24
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74735-2_31
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). doi:10.1007/3-540-69053-0_4
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the. Journal of Cryptography. 2001, 101–119 (2001)
Daemen, J., Rijmen, V.: Rijndael for AES. In: AES Candidate Conference, pp. 343–348 (2000)
Daemen, J., Rijmen, V.: The design of Rijndael: AES - the advanced encryption standard. In: Information Security and Cryptography, Springer, Heidelberg (2002)
Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45203-4_23
Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality (2004). NIST Special, Publication, 800-38C (2004)
Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23951-9_22
Hemme, L., Hoffman, L., Lee, C.: Differential Fault Analysis on the SHA1 Compression Function. In: FDTC 2011, pp. 54–62, 11 (2011)
Hoch, J.J., Shamir, A.: Fault analysis of stream ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 240–253. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28632-5_18
HojsĂk, M., Rudolf, B.: Floating fault analysis of trivium. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 239–250. Springer, Heidelberg (2008). doi:10.1007/978-3-540-89754-5_19
HojsĂk, M., Rudolf, B.: Differential fault analysis of trivium. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 158–172. Springer, Heidelberg (2008). doi:10.1007/978-3-540-71039-4_10
Iwata, T., Minematsu, K., Guo, J., Morioka, S., Kobayashi, E.: Re: Fault Based Forgery on CLOC and SILC. https://groups.google.com/forum/#!topic/crypto-competitions/_qxORmqcSrY
Iwata, T., Minematsu, K., Guo, J., Morioka, S., Kobayashi, E.: SILC: SImple Lightweight CFB (2014). http://competitions.cr.yp.to/round1/silcv1.pdf
Iwata, T., Minematsu, K., Guo, J., Morioka, S., Kobayashi, E.: CLOC: Compact Low- Overhead CFB (2014). http://competitions.cr.yp.to/round1/clocv1.pdf
Jeong, K., Lee, C.: Differential fault analysis on block cipher LED-64. In: Park, J.J., Leung, V.C.M., Wang, C.-L., Shon, T. (eds.) Future Information Technology, Application, and Service. LNEE, vol. 164, pp. 747–755. Springer, Heidelberg (2012). doi:10.1007/978-94-007-4516-2_79
Jovanovic, P., Kreuzer, M., Polian, I.: A fault attack on the LED block cipher. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 120–134. Springer, Heidelberg (2012). doi:10.1007/978-3-642-29912-4_10
Minematsu, K., Lucks, S., Iwata, T.: Improved authenticity bound of EAX, and refinements. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec 2013. LNCS, vol. 8209, pp. 184–201. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41227-1_11
Moise, A., Beroset, E., Phinney, T., Burns, M.: EAX0 Cipher Mode. NIST Submission, 2011: Technique against SPN Structures, with Application to the AES and KHAZAD(2011). http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax-prime/eax-prime-spec.pdf
Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and Khazad. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45238-6_7
Saha, D., Kuila, S., Roy Chowdhury, D.: EscApe: diagonal fault analysis of APE. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 197–216. Springer, Heidelberg (2014). doi:10.1007/978-3-319-13039-2_12
Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: \(\mathit{TWINE}\): a lightweight block cipher for multiple platforms. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 339–354. Springer, Heidelberg (2013). doi:10.1007/978-3-642-35999-6_22
Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 224–233. Springer, Heidelberg (2011). doi:10.1007/978-3-642-21040-2_15
Whiting, D., Houeley, R., Ferguson, N.: Counter with CBC-MAC, Submission to NIST: (2002). http://csrc.nist.gov/groups/ST/toolkit/BCM/modesdevelopment.html
Agoyan, M., Dutertre, J.-M., Mirbaha, A.-P., Tria, A.: How to Flip a Bit?, On-Line Testing Symposium (IOLTS). In: 2010 IEEE 16th International, 2010 (2010)
Fournier, J.J.A., Moore, S., Li, H., Mullins, R., Taylor, G.: Security evaluation of asynchronous circuits. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 137–151. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45238-6_12
Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_2
Skorobogatov, S.: Local heating attacks on flash memory devices. In: IEEE International Workshop on Hardware-Oriented Security and Trust, 2009 (2009)
Dehbaoui, A., Dutertre, J.-M., Robisson, B., Tria, A.: Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES. Fault Diagnosis and Tolerance, 2012 (2012)
— (no editor). http://satoh.cs.uec.ac.jp/SAKURA/hardware/SAKURA-G_Spec_Ver1.0_English.pdf
Acknowledgement
Avik Chakraborti and Mridul Nandi are supported by the Centre of Excellence in Cryptology, Indian Statistical Institute, Kolkata. We would also like to thank the reviewers for their useful comments on our paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Roy, D.B., Chakraborti, A., Chang, D., Kumar, S.V.D., Mukhopadhyay, D., Nandi, M. (2016). Fault Based Almost Universal Forgeries on CLOC and SILC . In: Carlet, C., Hasan, M., Saraswat, V. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2016. Lecture Notes in Computer Science(), vol 10076. Springer, Cham. https://doi.org/10.1007/978-3-319-49445-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-49445-6_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49444-9
Online ISBN: 978-3-319-49445-6
eBook Packages: Computer ScienceComputer Science (R0)