Differential Fault Attack on Grain v1, ACORN v3 and Lizard

  • Akhilesh Siddhanti
  • Santanu SarkarEmail author
  • Subhamoy Maitra
  • Anupam Chattopadhyay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10662)


Differential Fault Attack (DFA) is a very well known technique to evaluate security of a stream cipher. This considers that the stream cipher can be weakened by injection of the fault. In this paper we study DFA on three ciphers, namely Grain v1, Lizard and ACORN v3. We show that Grain v1 (an eStream cipher) can be attacked with injection of only 5 faults instead of 10 that has been reported in 2012. For the first time, we have mounted the fault attack on Lizard, a very recent design and show that one requires only 5 faults to obtain the state. ACORN v3 is a third round candidate of CAESAR and there is only one hard fault attack on an earlier version of this cipher. However, the ‘hard fault’ model requires a lot more assumption than the generic DFA. In this paper, we mount a DFA on ACORN v3 that requires 9 faults to obtain the state. In case of Grain v1 and ACORN v3, we can obtain the secret key once the state is known. However, that is not immediate in case of Lizard. While we have used the basic framework of DFA that appears in literature quite frequently, specific tweaks have to be explored to mount the actual attacks that were not used earlier. To the best of our knowledge, these are the best known DFAs on these three ciphers.


Differential Fault Attack Stream cipher Grain v1 ACORN v3 Lizard 



The first author would like to thank Department of Science and Technology DST-FIST Level-1 Program Grant No. SR/FST/MSI-092/2013 for providing the computational facilities.


  1. 1.
    Babbage, S., Dodd, M.: The stream cipher MICKEY 2.0. ECRYPT stream cipher project report.
  2. 2.
    Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family of stream ciphers. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 122–139. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  3. 3.
    Banik, S., Maitra, S.: A differential fault attack on MICKEY 2.0. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 215–232. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  4. 4.
    Banik, S., Maitra, S., Sarkar, S.: Improved differential fault attack on MICKEY 2.0. J. Cryptogr. Eng. 5(1), 13–29 (2015). CrossRefGoogle Scholar
  5. 5.
    Banik, S., Isobe, T.: Some cryptanalytic results on Lizard.
  6. 6.
    Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault Injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012). CrossRefGoogle Scholar
  7. 7.
    De Cannire, C., Preneel, B.: TRIVIUM specifications. eSTREAM, ECRYPT Stream Cipher Project, ReportGoogle Scholar
  8. 8.
    Dey, P., Rohit, R.S., Adhikari, A.: Full key recovery of ACORN with a single fault. J. Inf. Secur. Appl. 29(C), 57–64 (2016). Elsevier Science Inc. New York, NY, USAGoogle Scholar
  9. 9.
    Hamann, M., Krause, M., Meier, W.: LIZARD - a lightweight stream cipher for power-constrained devices. IACR Trans. Symmetric Cryptol. 2017(1), 45–79 (2017). Google Scholar
  10. 10.
    Hell, M., Johansson, T., Meier, W.: Grain - a stream cipher for constrained environments. ECRYPT stream cipher project report 2005/001 (2005).
  11. 11.
    Hojsík, M., Rudolf, B.: Differential fault analysis of Trivium. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 158–172. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  12. 12.
    Hojsík, M., Rudolf, B.: Floating fault analysis of Trivium. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 239–250. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  13. 13.
    Hu, Y., Gao, J., Liu, Q., Zhang, Y.: Fault analysis of Trivium. Des. Codes Cryptograph. 62(3), 289–311 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Maitra, S., Siddhanti, A., Sarkar, S.: A dierential fault attack on plantlet. IEEE Trans. Comput. 66(10), 1804–1808 (2017). An earlier version is available at Cryptology ePrint Archive: Report 2017/088, 4 February 2017. CrossRefGoogle Scholar
  15. 15.
    Maitra, S., Sarkar, S., Baksi, A., Dey, P.: Key recovery from state information of sprout: application to cryptanalysis and fault attack (2015).
  16. 16.
    Mikhalev, V., Armknecht, F., Müller, C.: On ciphers that continuously access the non-volatile key. In: FSE 2017. TOSC, vol. 2016, no. 2, pp. 52–79 (2016).
  17. 17.
    Sugawara, T., Suzuki, D., Fujii, R., Tawa, S., Hori, R., Shiozaki, M., Fujino, T.: Reversing stealthy dopant-level circuits. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 112–126. Springer, Heidelberg (2014). Google Scholar
  18. 18.
    Sarkar, S., Banik, S., Maitra, S.: Dierential fault attack against grain family with very few faults and minimal assumptions. IEEE Trans. Comput. 64(6), 1647–1657 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Stein, W.: Sage Mathematics Software. Free Software Foundation, Inc., (2009). (Open source project initiated by W. Stein and contributed by many)
  20. 20.
    The ECRYPT stream cipher project. eSTREAM portfolio of stream ciphers.
  21. 21.
    The project CAESAR on authenticated ciphers.
  22. 22.
    Wu, H.: ACORN: a lightweight authenticated cipher (v3) (2016).

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Akhilesh Siddhanti
    • 1
  • Santanu Sarkar
    • 2
    Email author
  • Subhamoy Maitra
    • 3
  • Anupam Chattopadhyay
    • 4
  1. 1.BITS Pilani KK Birla Goa CampusZuarinagarIndia
  2. 2.Department of MathematicsIIT MadrasChennaiIndia
  3. 3.Applied Statistics UnitISI KolkataKolkataIndia
  4. 4.School of Computer EngineeringNTUSingaporeSingapore

Personalised recommendations