New Property of Diffusion Switching Mechanism on CLEFIA and Its Application to DFA

  • Yosuke Todo
  • Yu Sasaki
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8231)


In this paper, we show a new property for the diffusion switching mechanism (DSM) which was proposed by Shirai and Shibutani in 2006, and propose new differential fault attacks (DFAs) on CLEFIA. The DSM is an effective mechanism to design Feistel ciphers, and Feistel ciphers using the DSM are more secure against the differential and the linear cryptanalysis. By applying the DSM to the generalized Feistel network, Shirai et al. proposed a 128-bit block cipher CLEFIA which was adopted as an ISO standard. Shirai and Shibutani proposed two types DSMs; one is using two matrices and the other is using three matrices. It was considered that the security difference between two types DSMs was quite small. In this paper, we propose a new property for the DSM. Our property can be applied to two types DSMs, in particular, it can be applied to the one using two matrices efficiently. We show a small security advantage of the DSM using three matrices, and our results contribute to the comprehension of the DSM. Moreover we can improve DFAs on CLEFIA by using our property. Existing DFAs can not execute without exploiting several faults induced after the 14-th round, but our new DFAs can execute by exploiting several faults induced after the 12-th round. The position where several faults are induced of new DFAs is improved, and it is two rounds earlier than that of existing works.


Block cipher Feistel cipher CLEFIA Diffusion switching mechanism Cryptanalysis Differential fault attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The 128-Bit Blockcipher CLEFIA Security and Performance Evaluations Revision 1.0. Sony Corporation (2007)Google Scholar
  2. 2.
    Ali, S.S., Mukhopadhyay, D.: Protecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis. Cryptology ePrint Archive, Report 2012/286 (2012)Google Scholar
  3. 3.
    Ali, S.S., Mukhopadhyay, D.: Improved Differential Fault Analysis of CLEFIA. In: FDTC (2013)Google Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. J. Cryptology 4(1), 3–72 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Chen, H., Wu, W., Feng, D.: Differential Fault Analysis on CLEFIA. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 284–295. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Derbez, P., Fouque, P.-A., Leresteux, D.: Meet-in-the-Middle and Impossible Differential Fault Analysis on AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 274–291. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Kim, C.H.: Efficient Methods for Exploiting Faults Induced at AES Middle Rounds. Cryptology ePrint Archive, Report 2011/349 (2011)Google Scholar
  8. 8.
    Li, Y., Wu, W., Zhang, L.: Improved Integral Attacks on Reduced-Round CLEFIA Block Cipher. In: Jung, S., Yung, M. (eds.) WISA 2011. LNCS, vol. 7115, pp. 28–39. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Mala, H., Dakhilalian, M., Shakiba, M.: Impossible Differential Attacks on 13-Round CLEFIA-128. J. Comput. Sci. Technol. 26(4), 744–750 (2011)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  11. 11.
    Matsui, M., Yamagishi, A.: A New Method for Known Plaintext Attack of FEAL Cipher. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 81–91. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  12. 12.
    Phan, R.C.-W., Yen, S.-M.: Amplifying Side-Channel Attacks with Techniques from Block Cipher Cryptanalysis. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 135–150. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Sasaki, Y., Li, Y., Sakamoto, H., Sakiyama, K.: Coupon Collector’s Problem for Fault Analysis Against AES — High Tolerance for Noisy Fault Injections. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 213–220. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  14. 14.
    Shirai, T., Preneel, B.: On Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Shirai, T., Shibutani, K.: Improving Immunity of Feistel Ciphers against Differential Cryptanalysis by Using Multiple MDS Matrices. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 260–278. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Shirai, T., Shibutani, K.: On Feistel Structures Using a Diffusion Switching Mechanism. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 41–56. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-Bit Blockcipher CLEFIA (Extended Abstract). In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Takahashi, J., Fukunaga, T.: Improved Differential Fault Analysis on CLEFIA. In: FDTC, pp. 25–34. IEEE Computer Society (2008)Google Scholar
  19. 19.
    Takahashi, J., Fukunaga, T.: Differential Fault Analysis on CLEFIA with 128, 192, and 256-Bit Keys. IEICE Transactions 93-A(1), 136–143 (2010)CrossRefGoogle Scholar
  20. 20.
    Tezcan, C.: The Improbable Differential Attack: Cryptanalysis of Reduced Round CLEFIA. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 197–209. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Jie Zhao, X., Wang, T., Zhe Gao, J.: Multiple Bytes Differential Fault Analysis on CLEFIA. Cryptology ePrint Archive, Report 2010/078 (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Yosuke Todo
    • 1
  • Yu Sasaki
    • 1
  1. 1.NTT Secure Platform LaboratoriesJapan

Personalised recommendations