Cryptanalysis of Two Fault Countermeasure Schemes

Subhadeep Banik, Andrey Bogdanov

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

In this paper, we look at two fault countermeasure schemes proposed very recently in literature. The first proposed in ACISP 2015 constructs a transformation function using a cellular automata based linear diffusion, and a non-linear layer using a series of bent functions. This countermeasure is meant for the protection of block ciphers like AES. The second countermeasure was proposed in IEEE-HOST 2015 and protects the Grain-128 stream cipher. The design divides the output function used in Grain-128 into two components. The first called the masking function, masks the input bits to the output function with some additional randomness and computes the value of the function. The second called the unmasking function, is computed securely using a different register and undoes the effect of the masking with random bits. We will show that there exists a weakness in the way in which both these schemes use the internally generated random bits which make these designs vulnerable. We will outline attacks that cryptanalyze the above schemes using 66 and 512 faults respectively.
Original languageEnglish
Title of host publicationProgress in Cryptology – INDOCRYPT 2015 : Proceedings of the 16th International Conference on Cryptology in India
EditorsAlex Biryukov, Vipul Goyal
Publication date2015
Pages241-252
ISBN (Print)978-3-319-26616-9
ISBN (Electronic)978-3-319-26617-6
DOIs
Publication statusPublished - 2015
Event16th International Conference on Cryptology in India - Bangalore, India
Duration: 6 Dec 20159 Dec 2015
Conference number: 16
http://www.indocrypt2015.org/

Conference

Conference16th International Conference on Cryptology in India
Number16
CountryIndia
CityBangalore
Period06/12/201509/12/2015
Internet address
SeriesLecture Notes in Computer Science
Volume9462
ISSN0302-9743

Keywords

  • AES
  • Fault analysis
  • Grain-128
  • Infective countermeasures

Fingerprint

Dive into the research topics of 'Cryptanalysis of Two Fault Countermeasure Schemes'. Together they form a unique fingerprint.

Cite this