Paper 2012/286
Protecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis
Sk Subidh Ali and Debdeep Mukhopadhyay
Abstract
In this paper we propose a new differential fault analysis (DFA) on CLEFIA of 128-bit key. The proposed attack requires to induce byte faults at the fourteenth round of CLEFIA encryption. The attack uses only two pairs of fault-free and faulty ciphertexts and uniquely determines the 128-bit secret key. The attacker does not need to know the plaintext. The most efficient reported fault attack on CLEFIA, needs fault induction at the fifteenth round of encryption and can be performed with two pairs of fault-free and faulty ciphertexts and brute-force search of around 20 bits. Therefore, the proposed attack can evade the countermeasures against the existing DFAs which only protect the last four rounds of encryption. Extensive simulation results have been presented to validate the proposed attack. The simulation results show that the attack can retrieve the 128-bit secret key in around one minute of execution time. To the best of authors’ knowledge the proposed attack is the most efficient attack in terms of both the input requirements as well as the complexity.
Metadata
- Available format(s)
-
PDF
PS
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- Differential Fault AnalysisDFAFault AttackCLEFIAGeneralized Feistel Structure.
- Contact author(s)
- subidh @ gmail com
- History
- 2012-05-29: received
- Short URL
- https://ia.cr/2012/286
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2012/286,
author = {Sk Subidh Ali and Debdeep Mukhopadhyay},
title = {Protecting Last Four Rounds of {CLEFIA} is Not Enough Against Differential Fault Analysis},
howpublished = {Cryptology {ePrint} Archive, Paper 2012/286},
year = {2012},
url = {https://eprint.iacr.org/2012/286}
}
