Round Addition Differential Fault Analysis on Lightweight Block Ciphers with On-the-Fly Key Scheduling

Round addition differential fault analysis using operation skipping for lightweight block ciphers with on-the-fly key scheduling is presented. For 64-bit KLEIN, it is shown that only a pair of correct and faulty ciphertexts can be used to derive the secret master key. For PRESENT, one correct ciphertext and two faulty ciphertexts are required to reconstruct the secret key. Furthermore, secret key extraction is demonstrated for the LBlock Feistel-type lightweight block cipher.

Authors:

• Hideki Yoshikawa
• Masahiro Kaminaga
• Arimitsu Shikoda
• Toshinori Suzuki

Keywords:

• Differential Fault Analysis (DFA)
• round addition
• block cipher
• on-the-fly key schedule.

References:

[1] H. Choukri and M. Tunstall, “Round Reduction Using Faults,” Proc. of
FDTC, pp.13-24, 2005.
[2] J. Park, S. Moon, D. Choi, Y. Kang, and J. Ha, “Differential Fault
Analysis for Round-Reduced AES by Fault Injection,” ETRI Journal,
Vol.33, No.3, pp.434-442, 2011.
[3] M. Kaminaga, A. Shikoda, and H. Yoshikawa, “Development and
evaluation of a microstep DFA vulnerability estimation method,” IEICE
Electronics Express, vol. 8, no.22, pp.1899-1904, Nov. 2011.
[4] H. Yoshikawa, M. Kaminaga, and A. Shikoda, “Round Addition Using
Faults for Generalized Feistel Network,” IEICE Trans. Info. & Syst.,
Vol.E96-D, No.1, pp.146-150, Jan. 2013.
[5] H. Yoshikawa, M. Kaminaga, A. Shikoda, and T. Suzuki, “Round
Addition DFA on 80-bit Piccolo and TWINE,” IEICE Trans. Info. &
Syst., Vol.E96-D, No.9, pp.2031-2035, Sept. 2013.
[6] H. Yoshikawa, M. Kaminaga, A. Shikoda, and T. Suzuki, “Round
Addition DFA on SPN block ciphers,” IEICE Trans. Fundamentals.,
Vol.E97-A, No.12, pp.2671-2674, Dec. 2014.
[7] A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J.
B. Robshaw, Y. Seurin, and C. Vikkelsoe, “PRESENT: An
Ultra-Lightweight Block Cipher,” Proc. CHES 2007, Springer LNCS
4727, pp. 450–466, 2007.
[8] Z. Gong, S. Nikova, and Y. W. Law, “KLEIN: A new family of
lightweight block cipher,” http://doc.utwente.nl/73129/.
[9] J. Guo, T. Peyrin, A. Poschmann, and M. Robshaw, “The LED block
cipher,” Proc. CHES 2011, Springer. LNCS 6917, pp.326-341, 2011.
[10] N. Bagheri, R. Ebrahimpour, and N. Ghaedi, “New differential fault
analysis on PRESENT,” EURASIP J. Advances in Signal Processing
2013, 2013:145.
[11] J-M. Dutertre, A-P. Mirbaha, D. Naccache, A-L. Ribotta, A. Tria, and T.
Vaschalde, “Fault round modification analysis of the advanced
encryption standard,” IEEE Int. Synp. Hardware-Oriented Security and
Trust (HOST), pp.140-145, 2012.
[12] A. Dehbaoui, J-M. Dutertre, B. Robisson, and A. Tria, “Electromagnetic
transient faults injection on a hardware and a software implementations of
AES,” 2012 Workshop on Fault Diagnosis on Tolerance in Cryptography
(FDTC), pp.7-15, 2012.
[13] Wu, and L. Zhang, “LBlock: A lightweight block cipher,” Proc. ACNS
2011, LNCS 6715, pp.327-344, 2011.
[14] K. Jeong, C. Lee, and J. I Lim, “Improved differential fault analysis on
lightweight block cipher LBlock for wireless sensor networks,”
EURASIP Journal on Wireless Communications and Networking 2013,
2013:151.
[15] M. Izadi, B. Sadeghiyan, S. Sadeghian, H. Khanooki, “MIBS: A new
lightweight block cipher,” CANS 2009. LNCS, vol. 5888, pp. 334-348.
Springer, 2009.