Semi-Permanent Stuck-At Fault injection attacks on Elephant and GIFT lightweight ciphers
Article No.: 66, Pages 1 - 32
Abstract
Fault attacks pose a potent threat to modern cryptographic implementations, particularly those used in physically approachable embedded devices in IoT environments. Information security in such resource-constrained devices is ensured using lightweight ciphers, where combinational circuit implementations of SBox are preferable over look-up tables as they are more efficient regarding area, power, and memory requirements. Most existing fault analysis techniques focus on fault injection in memory cells and registers. Recently, a novel fault model and analysis technique, namely Semi-Permanent Stuck-At (SPSA) fault analysis, has been proposed to evaluate the security of ciphers with combinational circuit implementation of Substitution layer elements, SBox. In this work, we propose optimized techniques to recover the key in a minimum number of ciphertexts in such implementations of lightweight ciphers. Based on the proposed techniques, a key recovery attack on the NIST lightweight cryptography (NIST-LWC) standardization process finalist, Elephant AEAD, has been proposed. The proposed key recovery attack is validated on two versions of Elephant cipher. The proposed fault analysis approach recovered the secret key within 85–240 ciphertexts, calculated over 1,000 attack instances. To the best of our knowledge, this is the first work on fault analysis attacks on the Elephant scheme. Furthermore, an optimized combinational circuit implementation of Spongent SBox (SBox used in Elephant cipher) is proposed, having a smaller gate count than the optimized implementation reported in the literature. The proposed fault analysis techniques are validated on primary and optimized versions of Spongent SBox through Verilog simulations. Further, we pinpoint SPSA hotspots in the lightweight GIFT cipher SBox architecture. We observe that GIFT SBox exhibits resilience toward the proposed SPSA fault analysis technique under the single fault adversarial model. However, eight SPSA fault patterns reduce the nonlinearity of the SBox to zero, rendering it vulnerable to linear cryptanalysis. Conclusively, SPSA faults may adversely affect the cryptographic properties of an SBox, thereby leading to trivial key recovery. The GIFT cipher is used as an example to focus on two aspects: (i) its SBox construction is resilient to the proposed SPSA analysis and therefore characterizing such constructions for SPSA resilience and (ii) an SBox even though resilient to the proposed SPSA analysis, may exhibit vulnerabilities toward other classical analysis techniques when subjected to SPSA faults. Our work reports new vulnerabilities in fault analysis in the combinational circuit implementations of cryptographic protocols.
References
[1]
Alejandro Cabrera Aldaya, Alejandro Cabrera Sarmiento, and Santiago Sánchez-Solano. 2016. AES T-Box tampering attack. J. Cryptogr. Eng. 6, 1 (2016), 31–48.
[2]
Stéphanie Anceau, Pierre Bleuet, Jessy Clédière, Laurent Maingault, Jean-Luc Rainard, and Rémi Tucoulou. 2017. Nanofocused x-ray beam to reprogram secure circuits. In Proceedings of the 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES’17),Lecture Notes in Computer Science, Vol. 10529, Wieland Fischer and Naofumi Homma (Eds.). Springer, Cham, 175–188.
[3]
Subhadeep Banik, Andrey Bogdanov, Atul Luykx, and Elmar Tischhauser. 2018. SUNDAE: Small universal deterministic authenticated encryption for the internet of things. IACR Trans. Symmetr. Cryptol. 2018, 3 (2018), 1–35.
[4]
Subhadeep Banik, Avik Chakraborti, Tetsu Iwata, Kazuhiko Minematsu, Mridul Nandi, Thomas Peyrin, Yu Sasaki, Siang Meng Sim, and Yosuke Todo. 2020. GIFT-COFB. IACR Cryptol. ePrint Arch. 2020 (2020), 738.
[5]
Subhadeep Banik, Sumit Kumar Pandey, Thomas Peyrin, Yu Sasaki, Siang Meng Sim, and Yosuke Todo. 2017. GIFT: A small present - towards reaching the limit of lightweight encryption. In Proceedings of the 19th International ConferenceCryptographic Hardware and Embedded Systems (CHES’17),Lecture Notes in Computer Science, Vol. 10529. Springer, Cham, 321–345.
[6]
T. Beyne, Y. L. Chen, C. Dobraunig, and B. Mennink. 2021. Elephant v2, Submission to the NIST Lightweight Cryptography Standardization Process. National Institute of Standard and Technology. https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/elephant-spec-final.pdf
[7]
Tim Beyne, Yu Long Chen, Christoph Dobraunig, and Bart Mennink. 2020. Dumbo, jumbo, and delirium: Parallel authenticated encryption for the lightweight circus. IACR Trans. Symmetr. Cryptol. 2020, S1 (2020), 5–30.
[8]
Swarup Bhunia and Mark Tehranipoor. 2019. Physical attacks and countermeasures. In Hardware Security, Swarup Bhunia and Mark Tehranipoor (Eds.). Morgan Kaufmann, Elsevier, 245–290.
[9]
Eli Biham and Adi Shamir. 1997. Differential fault analysis of secret key cryptosystems. In Advances in Cryptology: Proceedings of the 17th Annual International Cryptology Conference (CRYPTO’97)Lecture Notes in Computer Science, Vol. 1294 Burton S. Kaliski Jr. (Ed.). Springer, Cham, 513–525.
[10]
Johannes Blömer and Volker Krummel. 2006. Fault based collision attacks on AES. In Fault Diagnosis and Tolerance in Cryptography, Luca Breveglieri, Israel Koren, David Naccache, and Jean-Pierre Seifert (Eds.). Springer, Berlin, 106–120.
[11]
Andrey Bogdanov, Miroslav Knezevic, Gregor Leander, Deniz Toz, Kerem Varici, and Ingrid Verbauwhede. 2011. spongent: A lightweight hash function. In Proceedings of the 13th International WorkshopCryptographic Hardware and Embedded Systems (CHES’11),Lecture Notes in Computer Science, Vol. 6917 Bart Preneel and Tsuyoshi Takagi (Eds.). Springer, Berlin, 312–325.
[12]
Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the importance of checking cryptographic protocols for faults (extended abstract). In Advances in Cryptology: Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT’97),Lecture Notes in Computer Science, Vol. 1233, Walter Fumy (Ed.). Springer, Cham, 37–51.
[13]
Julia Borghoff, Anne Canteaut, Tim Güneysu, Elif Bilge Kavun, Miroslav Knezevic, Lars R. Knudsen, Gregor Leander, Ventzislav Nikov, Christof Paar, Christian Rechberger, Peter Rombouts, Søren S. Thomsen, and Tolga Yalçın. 2012. PRINCE—A low-latency block cipher for pervasive computing applications. In Advances in Cryptology: ASIACRYPT 2012, Xiaoyun Wang and Kazue Sako (Eds.). Springer, Berlin, 208–225.
[14]
Claude Carlet. 2010. Vectorial Boolean Functions for Cryptography. Cambridge University Press, Cambridge, UK, 257–397.
[15]
Sébastien Carré, Sylvain Guilley, and Olivier Rioul. 2020. Persistent fault analysis with few encryptions. IACR Cryptol. ePrint Arch. 2020 (2020), 671.
[16]
Avik Chakraborti, Nilanjan Datta, Ashwin Jha, Snehal Mitragotri, and Mridul Nandi. 2020. From combined to hybrid: Making feedback-based AE even smaller. IACR Trans. Symmetr. Cryptol. 2020, S1 (2020), 417–445.
[17]
Franck Courbon, Philippe Loubet-Moundi, Jacques J. A. Fournier, and Assia Tria. 2014. Adjusting laser injections for fully controlled faults. In Constructive Side-Channel Analysis and Secure Design, Emmanuel Prouff (Ed.). Springer International Publishing, Cham, 229–242.
[18]
Nicolas Courtois, David Ware, and Keith Jackson. 2010. Fault-algebraic attacks on inner rounds of DES. In Proceedings of the eSmart’10. e-Smart, UCL, 22–24.
[19]
Christoph Dobraunig, Maria Eichlseder, Thomas Korak, Stefan Mangard, Florian Mendel, and Robert Primas. 2018. SIFA: Exploiting ineffective fault inductions on symmetric cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 3 (2018), 547–572.
[20]
Jean-Max Dutertre, Vincent Beroulle, Philippe Candelier, Stephan De Castro, Louis-Barthelemy Faber, Marie-Lise Flottes, Philippe Gendrier, David Hély, Regis Leveugle, Paolo Maistri, Giorgio Di Natale, Athanasios Papadimitriou, and Bruno Rouzeyre. 2018. Laser fault injection at the CMOS 28 nm technology node: An analysis of the fault model. In Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’18). 1–6.
[21]
Thomas Fuhr, Éliane Jaulmes, Victor Lomné, and Adrian Thillard. 2013. Fault attacks on AES with faulty ciphertexts only. In Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography. IEEE Computer Society, IEEE, 108–118.
[22]
Nahid Farhady Ghalaty, Bilgiday Yuce, Mostafa M. I. Taha, and Patrick Schaumont. 2014. Differential fault intensity analysis. In Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’14). IEEE Computer Society, Los Alamitos, CA, 49–58.
[23]
Priyanka Joshi. and Bodhisatwa Mazumdar. 2020. ExtPFA: Extended persistent fault analysis for deeper rounds of bit permutation based ciphers with a case study on GIFT. In Proceedings of the Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE’20), Lecture Notes in Computer Science, Vol. 12586. Springer, Cham.
[24]
Priyanka Joshi and Bodhisatwa Mazumdar. 2023. SPSA: Semi-permanent stuck-at fault analysis of AES rijndael SBox. J. Cryptogr. Eng. 13, 2 (01 Jun 2023), 201–222.
[25]
Roman Korkikian, Sylvain Pelissier, and David Naccache. 2014. Blind fault attack against SPN ciphers. In Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’14). IEEE Computer Society, Los Alamitos, CA, 94–103.
[26]
Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Toshinori Fukunaga, Junko Takahashi, and Kazuo Ohta. 2010. Fault sensitivity analysis. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, Cham, 320–334.
[27]
Pieter Maene and Ingrid Verbauwhede. 2016. Single-cycle implementations of block ciphers. In Lightweight Cryptography for Security and Privacy, Tim Güneysu, Gregor Leander, and Amir Moradi (Eds.). Springer International Publishing, Cham, 131–147.
[28]
Sihem Mesnager, Chunming Tang, and Maosheng Xiong. 2020. On the boomerang uniformity of quadratic permutations. Des. Codes Cryptogr. 88, 10 (2020), 2233–2246.
[29]
Natasa Miskov-Zivanov and Diana Marculescu. 2010. Multiple transient faults in combinational and sequential circuits: A systematic approach. IEEE Trans. Comput. Aided Des. Integr. Circ. Syst. 29, 10 (2010), 1614–1627.
[30]
Amir Moradi, Mohammad T. Manzuri Shalmani, and Mahmoud Salmasizadeh. 2006. A generalized method of differential fault attack against AES cryptosystem. In Cryptographic Hardware and Embedded Systems: Proceedings of the 8th International Workshop (CHES’06),Lecture Notes in Computer Science, Vol. 4249, Louis Goubin and Mitsuru Matsui (Eds.). Springer, 91–100.
[31]
Debdeep Mukhopadhyay. 2020. Faultless to a fault? The case of threshold implementations of crypto-systems vs fault template attacks. In Proceedings of the IEEE/ACM International Conference On Computer Aided Design (ICCAD’20). IEEE, USA, 66:1–66:9.
[32]
T. R. Oldham and F. B. McLean. 2003. Total ionizing dose effects in MOS oxides and devices. IEEE Trans. Nucl. Sci. 50, 3 (2003), 483–499.
[33]
Shashank Raghuraman and Leyla Nazhandali. 2019. Does gate count matter? Hardware effciency of logic-minimization techniques for cryptographic primitives. In NIST-LWC Lightweight Cryptography Workshop. Information Technology Laboratory, Computer Security Resource Center, NIST.
[34]
Bahram Rashidi. 2021. Efficient full data-path width and serialized hardware structures of SPONGENT lightweight hash function. Microelectr. J. 115 (2021), 105167.
[35]
Jan Richter-Brockmann, Pascal Sasdrich, and Tim Güneysu. 2023. Revisiting fault adversary models - hardware faults in theory and practice. IEEE Trans. Comput. 72, 2 (2023), 572–585.
[36]
Dhiman Saha and Dipanwita Roy Chowdhury. 2016. EnCounter: On breaking the nonce barrier in differential fault analysis with a case-study on PAEQ. In Proceedings of the 18th International Conference on Cryptographic Hardware and Embedded Systems (CHES’16). Springer, Cham, 581–601.
[37]
Sayandeep Saha, Arnab Bag, Debapriya Basu Roy, Sikhar Patranabis, and Debdeep Mukhopadhyay. 2020. Fault template attacks on block ciphers exploiting fault propagation. In Advances in Cryptology: Proceedings of the 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’20), Part I,Lecture Notes in Computer Science, Vol. 12105, Anne Canteaut and Yuval Ishai (Eds.). Springer, Cham, 612–643.
[38]
Jörn-Marc Schmidt, Michael Hutter, and Thomas Plos. 2009. Optical fault attacks on AES: A threat in violet. In Proceedings of the 6th International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’09), Luca Breveglieri, Israel Koren, David Naccache, Elisabeth Oswald, and Jean-Pierre Seifert (Eds.). IEEE Computer Society, USA, 13–22.
[39]
Toral Shah, Anzhela Yu. Matrosova, Masahiro Fujita, and Virendra Singh. 2018. Multiple stuck-at fault testability analysis of ROBDD based combinational circuit design. J. Electron. Test. 34, 1 (2018), 53–65.
[40]
Yin Tan, Guang Gong, and Bo Zhu. 2016. Enhanced criteria on differential uniformity and nonlinearity of cryptographically significant functions. Cryptogr. Commun. 8, 2 (2016), 291–311.
[41]
Randy Torrance and Dick James. 2009. The state-of-the-art in IC reverse engineering. In Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’09)Lecture Notes in Computer Science, Vol. 5747, Christophe Clavier and Kris Gaj (Eds.). Springer, 363–381.
[42]
Michael Tunstall, Debdeep Mukhopadhyay, and Subidh Ali. 2011. Differential fault analysis of the advanced encryption standard using a single fault. In Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication: Proceedings of the 5th IFIP WG 11.2 International Workshop (WISTP’11), Vol. 6633. Springer, Berlin, 224–233.
[43]
Raphael Viera. 2018. Thesis: Simulating and Modeling the Effects of Laser Fault Injection on Integrated Circuits. Ph.D. Dissertation.
[44]
Sung-Ming Yen and Marc Joye. 2000. Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49, 9 (2000), 967–970.
[45]
Fan Zhang, Xiaoxuan Lou, Xinjie Zhao, Shivam Bhasin, Wei He, Ruyi Ding, Samiya Qureshi, and Kui Ren. 2018. Persistent fault analysis on block ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 3 (2018), 150–172.
Index Terms
- Semi-Permanent Stuck-At Fault injection attacks on Elephant and GIFT lightweight ciphers
Recommendations
ExtPFA: Extended Persistent Fault Analysis for Deeper Rounds of Bit Permutation Based Ciphers with a Case Study on GIFT
Security, Privacy, and Applied Cryptography EngineeringAbstractPersistent fault analysis (PFA) has emerged as a potent fault analysis technique that can recover the secret key by influencing ciphertext distribution. PFA employs the persistent fault model that alters algorithm constants such as Sbox elements, ...
Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT
ACISP '09: Proceedings of the 14th Australasian Conference on Information Security and PrivacyDesign and analysis of lightweight block ciphers have become more popular due to the fact that the future use of block ciphers in ubiquitous devices is generally assumed to be extensive. In this respect, several lightweight block ciphers are designed, ...
Fault attacks on Tiaoxin-346
ACSW '18: Proceedings of the Australasian Computer Science Week MulticonferenceThis paper describes two different fault injection attacks on the authenticated encryption stream cipher Tiaoxin-346, a third round candidate in the CAESAR cryptographic competition. The first type of fault injection uses a bit-flipping fault model to ...
Comments
Information & Contributors
Information
Published In
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Published: 21 June 2024
Online AM: 29 April 2024
Accepted: 21 April 2024
Revised: 24 January 2024
Received: 14 August 2022
Published in TODAES Volume 29, Issue 4
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- C3iHub, IIT Kanpur
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 182Total Downloads
- Downloads (Last 12 months)182
- Downloads (Last 6 weeks)27
Reflects downloads up to 31 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in