Advertisement

Differential Fault Analysis of Rabbit

  • Aleksandar Kircanski
  • Amr M. Youssef
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5867)

Abstract

Rabbit is a high speed scalable stream cipher with 128-bit key and a 64-bit initialization vector. It has passed all three stages of the ECRYPT stream cipher project and is a member of eSTREAM software portfolio. In this paper, we present a practical fault analysis attack on Rabbit. The fault model in which we analyze the cipher is the one in which the attacker is assumed to be able to fault a random bit of the internal state of the cipher but cannot control the exact location of injected faults. Our attack requires around 128 − 256 faults, precomputed table of size 241.6 bytes and recovers the complete internal state of Rabbit in about 238 steps.

Keywords

Internal State Success Probability Stream Cipher Fault Injection Fault Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Anderson, R., Kuhn, M.: Low Cost Attacks on Tamper Resistant Devices. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Aumasson, J.P.: On a bias of Rabbit. In: Proc. of the State of the Art of Stream Ciphers, SASC (2007)Google Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
  4. 4.
    Boesgaard, M., Vesterager, M., Pedersen, T., Christiansen, J., Scavenius, O.: Rabbit: A new high-performance Stream Cipher. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 307–329. Springer, Heidelberg (2003)Google Scholar
  5. 5.
    Boneh, D., Demillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  6. 6.
    Biham, E., Granboulan, L., Nguyen, P.Q.: Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 359–367. Springer, Heidelberg (2005)Google Scholar
  7. 7.
    Cannière, C., Preneel, B.: TRIVIUM: A stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Cryptico A/S, Algebaric Analysis of Rabbit (2003), http://www.cryptico.com
  9. 9.
    Cryptico A/S, Analysis of the key setup function in Rabbit (2003), http://www.cryptico.com
  10. 10.
    Cryptico A/S, Hamming weights of the g-function (2003), http://www.cryptico.com
  11. 11.
    Cryptico A/S, Periodic properties of Rabbit (2003), http://www.cryptico.com
  12. 12.
    Cryptico A/S, Second degree approximations of the g-function (2003), http://www.cryptico.com
  13. 13.
    Cryptico A/S, Security Analysis of the IV-setup for Rabbit (2003), http://www.cryptico.com
  14. 14.
    Cryptico A/S, Mod n analysis of Rabbit (2003), http://www.cryptico.com
  15. 15.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on AES. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003)Google Scholar
  16. 16.
    Hoch, J., Shamir, A.: Fault Analysis of Stream Ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 240–253. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  19. 19.
    Lu, Y., Wang, H., Ling, S.: Cryptanalysis of Rabbit. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 204–214. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Hojsík, M., Rudolf, B.: Differential fault analysis of Trivium. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 158–172. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Hojsík, M., Rudolf, B.: Floating fault analysis of Trivium. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 239–250. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Maximov, A., Johansson, T.: Fast computation of large distributions and its cryptographic properties. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 313–332. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Zenner, E.: A Cache Timing Analysis of HC-256. In: Avanzi, R., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381. Springer, Heidelberg (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Aleksandar Kircanski
    • 1
  • Amr M. Youssef
    • 1
  1. 1.Concordia Institute for Information Systems EngineeringConcordia UniversityMontrealCanada

Personalised recommendations