Differential Fault Analysis on Midori

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9977)


Midori is an energy-efficient lightweight block cipher published by Banik et al. in ASIACRYPT 2015, which consists of two variants with block sizes of 64-bit and 128-bit, respectively. In this paper, a new method is proposed to exploit cell-oriented fault propagation patterns in recognizing appropriate faulty ciphertexts and fault positions, which poses a serious threat to practical security of Midori. In light of this, we present a Differential Fault Attack against the Midori using cell-oriented fault model. Specifically, by inducing two random cell faults into the input of the antepenultimate round, our attack reduces the secret key search space from \(2^{128}\) to \(2^{32}\) for Midori-128 and from \(2^{128}\) to \(2^{80}\) for Midori-64, respectively. Our experiments confirmed that two faulty ciphertexts induced into the input of antepenultimate round could recover twelve in sixteen cells of subkey with over 80% probability.


Lightweight cipher Differential fault analysis Cell-oriented fault propagation Midori 



This work was supported in part by National Natural Science Foundation of China (Grant No. 61272478, No. 61472416 and No. 61632020) and Strategic Priority Research Program of the Chinese Academy of Sciences (Grant No. XDA06010701 and XDA06010703).


  1. 1.
    Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B.-S., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: a new block cipher suitable for low-resource device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006). doi: 10.1007/11894063_4 CrossRefGoogle Scholar
  2. 2.
    Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit blockcipher CLEFIA (extended abstract). In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74619-5_12 CrossRefGoogle Scholar
  3. 3.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74735-2_31 CrossRefGoogle Scholar
  4. 4.
    Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04138-9_20 CrossRefGoogle Scholar
  5. 5.
    Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçın, T.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34961-4_14 CrossRefGoogle Scholar
  6. 6.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-23951-9_22 CrossRefGoogle Scholar
  7. 7.
    Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-23951-9_23 CrossRefGoogle Scholar
  8. 8.
    Ray, B., Douglas, S., Jason, S., Stefan, T.-C., Bryan, W., Louis, W.: The SIMON and SPECK Families of Lightweight Block Ciphers. Cryptology ePrint Archive, Report 2013/404 (2013).
  9. 9.
    Banik, S., Bogdanov, A., Isobe, T., Shibutani, K., Hiwatari, H., Akishita, T., Regazzoni, F.: Midori: a block cipher for low energy. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 411–436. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48800-3_17 CrossRefGoogle Scholar
  10. 10.
    Cheng, Z., Wang, X.: Impossible Differential Cryptanalysis of Midori. Cryptology ePrint Archive, Report 2016/535 (2016).
  11. 11.
    Lin, L., Wu, W.: Meet-in-the-Middle Attacks on Reduced-Round Midori-64. Cryptology ePrint Archive, Report 2015/1165 (2015).
  12. 12.
    Dong, X., Shen, Y.: Cryptanalysis of Reduced-Round Midori64 Block Cipher. Cryptology ePrint Archive, Report 2016/676 (2016).
  13. 13.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991). doi: 10.1007/3-540-38424-3_1 CrossRefGoogle Scholar
  14. 14.
    Giraud, C.: DFA on AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2004. LNCS, vol. 3373, pp. 27–41. Springer, Heidelberg (2005). doi: 10.1007/11506447_4 CrossRefGoogle Scholar
  15. 15.
    Mukhopadhyay, D.: An improved fault based attack of the advanced encryption standard. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 421–434. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-02384-2_26 CrossRefGoogle Scholar
  16. 16.
    Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 224–233. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21040-2_15 CrossRefGoogle Scholar
  17. 17.
    Hemme, L.: A differential fault attack against early rounds of (triple-)DES. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 254–267. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28632-5_19 CrossRefGoogle Scholar
  18. 18.
    Li, R., Sun, B., Li, C., You, J.: Differential fault analysis on SMS4 using a single fault. J. Inf. Process. Lett. 111(4), 156–163 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Wu, W., Zhang, L.: Differential fault analysis on SMS4. J. Int. J. Comput. Intell. Syst. 9, 011 (2006)Google Scholar
  20. 20.
    Li, W., Gu, D., Xia, X., Zhao, C., Liu, Z., Liu, Y., Wang, Q.: Single byte differential fault analysis on the LED lightweight cipher in the wireless sensor network. J. Int. J. Comput. Intell. Syst. 5(5), 896–904 (2012)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.University of Chinese Academy of SciencesBeijingChina
  3. 3.Institute Mines-Tlcom, Telecom ParisTech, CNRS LTCIParisFrance

Personalised recommendations