Using SAT Solving to Improve Differential Fault Analysis of Trivium

  • Mohamed Saied Emam Mohamed
  • Stanislav Bulygin
  • Johannes Buchmann
Part of the Communications in Computer and Information Science book series (CCIS, volume 200)


Combining different cryptanalytic methods to attack a cryptosystem became one of the hot topics in cryptanalysis. In particular, algebraic methods in side channel and differential fault analysis (DFA) attracted a lot of attention recently. In [9], Hojsík and Rudolf used DFA to recover the inner state of the stream cipher Trivium which leads to recovering the secret key. For this attack, they required 3.2 one-bit fault injections on average and 800 keystream bits. In this paper, we give an example of combining DFA attacks and algebraic attacks. We use algebraic methods to improve the DFA of Trivium [9]. Our improved DFA attack recovers the inner state of Trivium by using only 2 fault injections and only 420 keystream bits.


Differential Fault Analysis algebraic attack SAT-Solvers Trivium 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Albrecht, M., Soos, M.: ANF2CNF – Converting ANF to CNF for algebraic attack using SAT solver (2008),
  2. 2.
    Bard, G.V.: Algebraic Cryptanalysis. Springer, London (2009)CrossRefzbMATHGoogle Scholar
  3. 3.
    Brickenstein, M., Dreyer, A.: PolyBoRi: A framework for Gröbner-basis computations with Boolean polynomials. Journal of Symbolic Computation 44(9), 1326–1345 (2009); Effective Methods in Algebraic GeometryMathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Canniere, C.D., Preneel, B.: Trivium specifications. eSTREAM, ECRYPT Stream Cipher Project (2006)Google Scholar
  5. 5.
    Courtois, N.T., Bard, G.V., Wagner, D.: Algebraic and slide attacks on keeLoq. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 97–115. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Eibach, T., Pilz, E., Völkel, G.: Attacking bivium using SAT solvers. In: Kleine Büning, H., Zhao, X. (eds.) SAT 2008. LNCS, vol. 4996, pp. 63–76. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases (F4). Pure and Applied Algebra 139(1-3), 61–88 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation (ISSAC), pp. 75–83. ACM Press, Lille (2002)CrossRefGoogle Scholar
  9. 9.
    Hojsík, M., Rudolf, B.: Floating fault analysis of trivium. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 239–250. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Mohamed, M.S.E., Cabarcas, D., Ding, J., Buchmann, J., Bulygin, S.: MXL3: An efficient algorithm for computing gröbner bases of zero-dimensional ideals. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 87–100. Springer, Heidelberg (2010) (accepted for publication)CrossRefGoogle Scholar
  11. 11.
    Niklas Een, N.S.: MinSat 2.0 – one of the best known SAT solvers (2008),
  12. 12.
    Robshaw, M.: The estream project. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs, pp. 1–6. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Mohamed Saied Emam Mohamed
    • 1
  • Stanislav Bulygin
    • 2
  • Johannes Buchmann
    • 1
  1. 1.FB InformatikTU DarmstadtDarmstadtGermany
  2. 2.Center for Advanced Security Research Darmstadt (CASED)Germany

Personalised recommendations