Differential Fault Attack on Grain v1, ACORN v3 and Lizard
Differential Fault Attack (DFA) is a very well known technique to evaluate security of a stream cipher. This considers that the stream cipher can be weakened by injection of the fault. In this paper we study DFA on three ciphers, namely Grain v1, Lizard and ACORN v3. We show that Grain v1 (an eStream cipher) can be attacked with injection of only 5 faults instead of 10 that has been reported in 2012. For the first time, we have mounted the fault attack on Lizard, a very recent design and show that one requires only 5 faults to obtain the state. ACORN v3 is a third round candidate of CAESAR and there is only one hard fault attack on an earlier version of this cipher. However, the ‘hard fault’ model requires a lot more assumption than the generic DFA. In this paper, we mount a DFA on ACORN v3 that requires 9 faults to obtain the state. In case of Grain v1 and ACORN v3, we can obtain the secret key once the state is known. However, that is not immediate in case of Lizard. While we have used the basic framework of DFA that appears in literature quite frequently, specific tweaks have to be explored to mount the actual attacks that were not used earlier. To the best of our knowledge, these are the best known DFAs on these three ciphers.
KeywordsDifferential Fault Attack Stream cipher Grain v1 ACORN v3 Lizard
The first author would like to thank Department of Science and Technology DST-FIST Level-1 Program Grant No. SR/FST/MSI-092/2013 for providing the computational facilities.
- 1.Babbage, S., Dodd, M.: The stream cipher MICKEY 2.0. ECRYPT stream cipher project report. http://ecrypt.eu.org/stream/p3ciphers/mickey/mickey_p3.pdf
- 5.Banik, S., Isobe, T.: Some cryptanalytic results on Lizard. http://eprint.iacr.org/2017/346.pdf
- 7.De Cannire, C., Preneel, B.: TRIVIUM specifications. eSTREAM, ECRYPT Stream Cipher Project, ReportGoogle Scholar
- 9.Hamann, M., Krause, M., Meier, W.: LIZARD - a lightweight stream cipher for power-constrained devices. IACR Trans. Symmetric Cryptol. 2017(1), 45–79 (2017). http://tosc.iacr.org/index.php/ToSC/article/view/584 Google Scholar
- 10.Hell, M., Johansson, T., Meier, W.: Grain - a stream cipher for constrained environments. ECRYPT stream cipher project report 2005/001 (2005). http://www.ecrypt.eu.org/stream
- 14.Maitra, S., Siddhanti, A., Sarkar, S.: A dierential fault attack on plantlet. IEEE Trans. Comput. 66(10), 1804–1808 (2017). https://doi.org/10.1109/TC.2017.2700469. An earlier version is available at Cryptology ePrint Archive: Report 2017/088, 4 February 2017. http://eprint.iacr.org/2017/088 CrossRefGoogle Scholar
- 15.Maitra, S., Sarkar, S., Baksi, A., Dey, P.: Key recovery from state information of sprout: application to cryptanalysis and fault attack (2015). http://eprint.iacr.org/2015/236
- 16.Mikhalev, V., Armknecht, F., Müller, C.: On ciphers that continuously access the non-volatile key. In: FSE 2017. TOSC, vol. 2016, no. 2, pp. 52–79 (2016). http://tosc.iacr.org/index.php/ToSC/article/view/565/507
- 19.Stein, W.: Sage Mathematics Software. Free Software Foundation, Inc., (2009). http://www.sagemath.org. (Open source project initiated by W. Stein and contributed by many)
- 20.The ECRYPT stream cipher project. eSTREAM portfolio of stream ciphers. http://www.ecrypt.eu.org/stream/
- 21.The project CAESAR on authenticated ciphers. http://competitions.cr.yp.to/caesar.html
- 22.Wu, H.: ACORN: a lightweight authenticated cipher (v3) (2016). https://competitions.cr.yp.to/round3/acornv3.pdf