Hao Chen,Tao Wang,Shize Guo,Xinjie Zhao,Fan Zhang,Jian Liu

DOI: https://doi.org/10.1587/transfun.E100.A.811

2017-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:The differential fault analysis of SOSEMNAUK was presented in Africacrypt in 2011. In this paper, we improve previous work with algebraic techniques which can result in a considerable reduction not only in the number of fault injections but also in time complexity. First, we propose an enhanced method to determine the fault position with a success rate up to 990'o based on the single-word fault model. Then, instead of following the design of SOSEMANUK at word levels, we view SOSEMANUK at bit levels during the fault analysis and calculate most components of SOSEMANUK as bit-oriented. We show how to build algebraic equations for SOSEMANUK and how to represent the injected faults in bit-level. Finally, an SAT solver is exploited to solve the combined equations to recover the secret inner state. The results of simulations on a PC show that the full 384 bits initial inner state of SOSEMANUK can be recovered with only 15 fault injections in 3.97h.

Prasanna Ravi,Bolin Yang,Shivam Bhasin,Fan Zhang,Anupam Chattopadhyay

DOI: https://doi.org/10.46586/tches.v2023.i2.447-481

2023-01-01

Abstract:In this work, we present the first fault injection analysis of the Number Theoretic Transform (NTT). The NTT is an integral computation unit, widely used for polynomial multiplication in several structured lattice-based key encapsulation mechanisms (KEMs) and digital signature schemes. We identify a critical single fault vulnerability in the NTT, which severely reduces the entropy of its output. This in turn enables us to perform a wide-range of attacks applicable to lattice-based KEMs as well as signature schemes. In particular, we demonstrate novel key recovery and message recovery attacks targeting the key generation and encryption procedure of Kyber KEM. We also propose novel existential forgery attacks targeting deterministic and probabilistic signing procedure of Dilithium, followed by a novel verification bypass attack targeting its verification procedure. All proposed exploits are demonstrated with high success rate using electromagnetic fault injection on optimized implementations of Kyber and Dilithium, from the open-source pqm4 library on the ARM Cortex-M4 microcontroller. We also demonstrate that our proposed attacks are capable of bypassing concrete countermeasures against existing fault attacks on lattice-based KEMs and signature schemes. We believe our work motivates the need for more research towards development of countermeasures for the NTT against fault injection attacks.

Fan Zhang,Xiaofei Dong,Xinjie Zhao,Yidi Wang,Samiya Qureshi,Yiran Zhang,Xiaoxuan Lou,Yongkang Tang

DOI: https://doi.org/10.1109/MASS.2018.00056

2018-01-01

Abstract:This paper proposed an advanced round modification fault analysis (RMFA) at the theoretical level on AEGIS-128, which is one of seven finalists in CAESAR competition. First, we clarify our assumptions and simplifications on the attack model, focusing on the encryption security. Then, we emphasize the difficulty of applying vanilla RMFA to AEGIS-128 in the practical case. Finally we demonstrate our advanced fault analysis on AEGIS-128 using machine-solver based algebraic techniques. Our enhancement can be used to conquer the practical scenario which is difficult for vanilla RMFA. Simulation results show that when the fault is injected to the initialization phase and the number of rounds is reduced to one, two samples of injections can extract the whole 128 key bits within less than two hours. This work can also be extended to other versions such as AEGIS-256.

Shivam Bhasin,Jingyu Pan,Fan Zhang

2018-01-01

Abstract:This works gives an overview of persistent fault attacks on block ciphers, a recently introduced fault analysis technique based on persistent faults. The fault typically targets stored constant of cryptographic algorithms over several encryption calls with a single injection. The underlying analysis technique statistically recovers the secret key and is capable of defeating several popular countermeasures by design.

Xiaojuan Zhang,Xiutao Feng,Dongdai Lin

DOI: https://doi.org/10.1155/2017/3834685

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:Fault attack is an efficient cryptanalysis method against cipher implementations and has attracted a lot of attention in recent public cryptographic literatures. In this work we introduce a fault attack on the CAESAR candidate ACORN v2. Our attack is done under the assumption of random fault injection into an initial state of ACORN v2 and contains two main steps: fault locating and equation solving. At the first step, we first present a fundamental fault locating method, which uses 99-bit output keystream to determine the fault injected location with probability 97.08%. And then several improvements are provided, which can further increase the probability of fault locating to almost 1. As for the system of equations retrieved at the first step, we give two solving methods at the second step, that is, linearization and guess-and-determine. The time complexity of our attack is not larger than c·2179.19-1.76N at worst, where N is the number of fault injections such that 31≤N≤88 and c is the time complexity of solving linear equations. Our attack provides some insights into the diffusion ability of such compact stream ciphers.

Xiaojuan Zhang,Xiutao Feng,Dongdai Lin

DOI: https://doi.org/10.1093/comjnl/bxy044

2018-01-01

Abstract:Fault attack is one of the most efficient side channel attacks and has attracted much attention in recent public cryptographic literatures. In this work, we introduce a fault attack on the authenticated cipher ACORN v3. Our attack is done under the assumption that a fault is injected into an initial state of ACORN v3 randomly, and contains two main steps: fault locating and equation solving. At the first step, we introduce concepts of unique set and non-unique set, where differential strings belonging to unique sets can determine the fault location uniquely. For strings belonging to non-unique sets, we use some strategies to increase the probability of determining the fault location uniquely to almost 1. At the second step, we demonstrate several ways of retrieving equations, and then obtain the initial state by solving equations with the guess-and-determine method. With n fault experiments, we can recover the initial state with time complexity c . 2(146.5-3.52.n), where c is the time complexity of solving linear equations and 26 < n < 43. We also apply the attack to ACORN v2, which shows that the changes from ACORN v2 to ACORN v3 have reduced the security margin of this algorithm against the differential fault attack.

Fan Zhang,Xinjie Zhao,Wei He,Shivam Bhasin,Shize Guo

DOI: https://doi.org/10.1007/s11432-016-0233-0

2017-01-01

Science China Information Sciences

Abstract:>Fault analysis is a very powerful technique to break cryptographic implementations.In particular,bitlevel fault analysis(BLFA),where faults are injected by flipping one or a few isolated bits,are among the most efficient of the lot.BLFA requires both precise fault injection capabilities and sophisticated key extraction skills.Algebraic fault analysis(AFA)[1]is a good analysis technique for BLFA.Compared with differential fault analysis(DFA),AFA relies on the automation from machine solvers.Since it fully utilizes the leakages

Fan Zhang,Bolin Yang,Shize Guo,Xinjie Zhao,Tao Wang,Francois-Xavier Standaert,Dawu Gu

DOI: https://doi.org/10.1007/978-3-030-11333-9_5

2019-01-01

Abstract:Algebraic fault analysis (AFA), which combines algebraic cryptanalysis with fault attacks, has represented serious threats to the security of lightweight block ciphers. Inspired by an earlier framework for the analysis of side-channel attacks presented at EUROCRYPT 2009, a new generic framework is proposed to analyze and evaluate algebraic fault attacks on lightweight block ciphers. We interpret AFA at three levels: the target, the adversary, and the evaluator. We describe the capability of an adversary in four parts: the fault injector, the fault model describer, the cipher describer, and the machine solver. A formal fault model is provided to cover most of the current fault attacks. Different strategies of building optimal equation set are also provided to accelerate the solving process. At the evaluator level, we consider the approximate information metric and the actual security metric. These metrics can be used to …

Fan Zhang,Yiran Zhang,Xinjie Zhao,Shize Guo,Ziyuan Liang,Samiya Qureshi

DOI: https://doi.org/10.1109/PADSW.2018.8645010

2018-01-01

Abstract:The block cipher LED is well suited for resource-constrained scenarios. However, it is vulnerable to the recent fault attacks and different results have been achieved even under the same fault model. In this paper, a comprehensive investigation is conducted on the fault analysis on LED. A novel differential fault analysis is proposed, which is based on the so-called constraint equations. The proposed attack can combine constraint equations at different levels, pushing the differential fault analysis on LED towards its limit in terms of the time complexity, the data complexity and the remained key search space. Under random nibble fault model, SINGLE fault injection can reduce the key search space of LED-64 to 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">7.90</sup> within 1.89s, compared to 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">17.65</sup> within 7 minutes in prior finest contributions. As to DFA on LED-128, TWO fault injections can reduce the key search space to 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">15.82</sup> within 247.88s, compared to 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">21.96</sup> within 16 minutes in previous work. To the best of our knowledge, the scheme that we proposed is the most efficient fault attack on LED cryptosystems.

Fan Zhang,Shize Guo,Xinjie Zhao,Tao Wang,Jian Yang,Francois-Xavier Standaert,Dawu Gu

DOI: https://doi.org/10.1109/tifs.2016.2516905

2019-01-01

Abstract:Algebraic fault analysis (AFA), which combines algebraic cryptanalysis with fault attacks, has represented serious threats to the security of lightweight block ciphers. Inspired by an earlier framework for the analysis of side-channel attacks presented at EUROCRYPT 2009, a new generic framework is proposed to analyze and evaluate algebraic fault attacks on lightweight block ciphers. We interpret AFA at three levels: 1) the target; 2) the adversary; and 3) the evaluator. We describe the capability of an adversary in four parts: 1) the fault injector; 2) the fault model describer; 3) the cipher describer; and 4) the machine solver. A formal fault model is provided to cover most of current fault attacks. Different strategies of building optimal equation set are also provided to accelerate the solving process. At the evaluator level, we consider the approximate information metric and the actual security metric. These metrics can be used to guide adversaries, cipher designers, and industrial engineers. To verify the feasibility of the proposed framework, we make a comprehensive study of AFA on an ultra-lightweight block cipher called LBlock. Three scenarios are exploited, which include injecting a fault to encryption, to key scheduling, or modifying the round number or counter. Our best results show that a single fault injection is enough to recover the master key of LBlock within the affordable complexity in each scenario. To verify the generic feature of the proposed framework, we apply AFA to three other block ciphers, i.e., Data Encryption Standard, PRESENT, and Twofish. The results demonstrate that our framework can be used for different ciphers with different structures.

Lifeng Hu,Fan Zhang,Ziyuan Liang,Ruyi Ding,Xingyu Cai,Zonghui Wang,Wenguang Jin

DOI: https://doi.org/10.1016/j.cose.2022.103003

IF: 5.105

2023-01-01

Computers & Security

Abstract:With the rise of the concept of Trusted Execution Environments (TEEs), such as Intel Software Guard Extensions (SGX), researchers are prompted to constantly verify its effectiveness. Controlled-channel attacks are proposed to construct side channels against the shielding systems by intentionally provoking page faults. So far, various powerful and noise-free controlled-channel attacks have been introduced. However, there are some challenges encountered in the actual practice of these attacks, e.g., extensive manual effort is always required to analyze the target binary and identify conditional control-flow patterns. In this paper, we present FaultMorse, an automated controlled-channel attack. We adopt a global perspective to analyze the page fault sequence and find a specific recurring pattern that corresponds to some specific instructions in the program. Most of the secret bits can be automatically deduced by analyzing the locations of the recurring pattern in the page fault sequence. Compared to previous works, FaultMorse can reduce the complexity of analysis. We propose a method to control page fault counts to improve the attack performance. We implement our FaultMorse attack on a physical machine and evaluate its effectiveness, universality, and page-fault rate. The experimental results show that for some known vulnerable algorithms, FaultMorse can automatically deduce more than 99% of the secret bits. (C) 2022 Elsevier Ltd. All rights reserved.

Xue Gong,Ao Shen,Tianxiang Feng,Guorui Xu,Shize Guo,Fan Zhang

DOI: https://doi.org/10.1016/j.vlsi.2024.102174

IF: 1.345

2024-01-01

Integration

Abstract:Cryptographic algorithms have been employed in a variety of fields as the primary method to protect information security. The security of a cryptographic algorithm is closely related to its operating environment and physical devices. Algebraic Persistent Fault Analysis (APFA) is a new fault analysis method for block ciphers proposed in CHES 2022, which utilizes the fault that persists in encryptions and introduces algebraic analysis in the fault analysis step. In the fault injection step, as the transistors of the integrated circuit are getting smaller and tighter, even high-precision devices may cause more than one fault per injection. However, more faults may lead to a more efficient attack in the fault analysis step. In this paper, APFA for double faults is proposed, which can deal with the double faults model and reduce the number of required ciphertexts. The practicality of our fault injection is validated by laser fault injection experiments on the SRAM embedded in an ATmega163L microcontroller. The effectiveness of our fault analysis is proven by successfully recovering the key of PRESENT-128 and AES-128. The number of ciphertexts needed for key recovery is reduced by 46% compared to PFA with a single fault.

Puja Mondal,Supriya Adhikary,Suparna Kundu,Angshuman Karmakar

2024-09-11

Abstract:Computationally hard problems based on coding theory, such as the syndrome decoding problem, have been used for constructing secure cryptographic schemes for a long time. Schemes based on these problems are also assumed to be secure against quantum computers. However, these schemes are often considered impractical for real-world deployment due to large key sizes and inefficient computation time. In the recent call for standardization of additional post-quantum digital signatures by the National Institute of Standards and Technology, several code-based candidates have been proposed, including LESS, CROSS, and MEDS. These schemes are designed on the relatively new zero-knowledge framework. Although several works analyze the hardness of these schemes, there is hardly any work that examines the security of these schemes in the presence of physical attacks. In this work, we analyze these signature schemes from the perspective of fault attacks. All these schemes use a similar tree-based construction to compress the signature size. We attack this component of these schemes. Therefore, our attack is applicable to all of these schemes. In this work, we first analyze the LESS signature scheme and devise our attack. Furthermore, we showed how this attack can be extended to the CROSS signature scheme. Our attacks are built on very simple fault assumptions. Our results show that we can recover the entire secret key of LESS and CROSS using as little as a single fault. Finally, we propose various countermeasures to prevent these kinds of attacks and discuss their efficiency and shortcomings.

Cryptography and Security

Priyanka Joshi,Bodhisatwa Mazumdar

DOI: https://doi.org/10.1145/3662734

IF: 1.447

2024-04-29

ACM Transactions on Design Automation of Electronic Systems

Abstract:Fault attacks pose a potent threat to modern cryptographic implementations, particularly those used in physically approachable embedded devices in IoT environments. Information security in such resource-constrained devices is ensured using lightweight ciphers, where combinational circuit implementations of SBox are preferable over look-up tables (LUT) as they are more efficient regarding area, power, and memory requirements. Most existing fault analysis techniques focus on fault injection in memory cells and registers. Recently, a novel fault model and analysis technique, namely Semi-Permanent Stuck-At (SPSA) fault analysis, has been proposed to evaluate the security of ciphers with combinational circuit implementation of Substitution layer elements, SBox. In this work, we propose optimized techniques to recover the key in a minimum number of ciphertexts in such implementations of lightweight ciphers. Based on the proposed techniques, a key recovery attack on the NIST lightweight cryptography (NIST-LWC) standardization process finalist, Elephant AEAD, has been proposed. The proposed key recovery attack is validated on two versions of Elephant cipher. The proposed fault analysis approach recovered the secret key within 85 − 240 ciphertexts, calculated over 1000 attack instances. To the best of our knowledge, this is the first work on fault analysis attacks on the Elephant scheme. Furthermore, an optimized combinational circuit implementation of Spongent SBox (SBox used in Elephant cipher) is proposed, having a smaller gate count than the optimized implementation reported in the literature. The proposed fault analysis techniques are validated on primary and optimized versions of Spongent SBox through Verilog simulations. Further, we pinpoint SPSA hotspots in the lightweight GIFT cipher SBox architecture. We observe that GIFT SBox exhibits resilience towards the proposed SPSA fault analysis technique under the single fault adversarial model. However, eight SPSA fault patterns reduce the nonlinearity of the SBox to zero, rendering it vulnerable to linear cryptanalysis. Conclusively, SPSA faults may adversely affect the cryptographic properties of an SBox, thereby leading to trivial key recovery. The GIFT cipher is used as an example to focus on two aspects: i) its SBox construction is resilient to the proposed SPSA analysis and therefore characterizing such constructions for SPSA resilience and, ii) an SBox even though resilient to the proposed SPSA analysis, may exhibit vulnerabilities towards other classical analysis techniques when subjected to SPSA faults. Our work reports new vulnerabilities in fault analysis in the combinational circuit implementations of cryptographic protocols.

computer science, software engineering, hardware & architecture

Jing Huang,Xinjie Zhao,Yidi Wang,Shize Guo,Fan Zhang,Tianming Zheng

DOI: https://doi.org/10.1109/IMCCC.2018.00048

2018-01-01

Abstract:In January 2016, Li et al. introduced an impossible differential fault analysis on the LED cryptosystem. If one random nibble fault is injected into the preantepenultimate round of LED, 48 fault injections are required to recover the secret key. In this comment, we provide an improved scheme with theoretical analysis and experimental results. Under the same fault model, our analysis can reduce the key search space of LED to 27:92 on average with only ONE fault. The key extraction takes about 13.84 seconds on average.

Amit Jana,Goutam Paul

DOI: https://doi.org/10.1007/s13389-024-00354-4

2024-05-26

Journal of Cryptographic Engineering

Abstract:This paper presents the first instance of a successful differential fault attack ( DFA ) on the nonce-based authentication scheme PHOTON-BEETLE , which was a finalist but not the winner of the NIST LwC competition. Furthermore, the paper also reveals the first differential fault attacks on several other NIST LwC schemes, including ORANGE , SIV-TEM-PHOTON , and ESTATE , which are based on sponge and SIV techniques. In general, it is a challenging task to perform DFA for any nonce-based sponge/ SIV -based AE because of a unique nonce in the encryption query. However, the decryption procedure (with a fixed nonce) is still susceptible to DFA . We propose different fault attack models, and also give theoretical estimates of the number of faulty queries to get multiple forgeries. Our simulated values corroborate closely the theoretical estimates. Finally, we devise an algorithm to recover the state based on the collected forgeries. Under the random fault attack model, to retrieve the secret key, we need approximately number of faulty queries. Also, the offline time and memory complexities of this attack are respectively and nibbles. Whereas, under the random bit fault attack model, around number of faulty queries are required to retrieve the key for PHOTON -based schemes and for AES -based scheme ESTATE . In the known fault attack model, we need around number of faulty queries to retrieve the secret key for PHOTON -based schemes and for AES -based scheme ESTATE . The time and memory complexities of the state recovery attack (for PHOTON -based schemes) are respectively and nibbles. Further, we have reduced the number of faulty queries to under the precise bit-flip fault model.

computer science, theory & methods

Zhang Fan,Zhao Xinjie,Guo Shize,Shen Jizhong,Huang Jing,Hu Zijie

DOI: https://doi.org/10.1109/cc.2015.7188531

2015-01-01

Abstract:PRINCE is a 64-bit lightweight block cipher with a 128-bit key published at ASIACRYPT 2012. Assuming one nibble fault is injected, previous different fault analysis (DFA) on PRINCE adopted the technique from DFA on AES and current results are different. This paper aims to make a comprehensive study of algebraic fault analysis (AFA) on PRINCE. How to build the equations for PRINCE and faults are explained. Extensive experiments are conducted. Under nibble-based fault model, AFA with three or four fault injections can succeed within 300 seconds with a very high probability. Under other fault models such as byte-based, half word-based, word-based fault models, the faults become overlapped in the last round and previous DFAs are difficult to work. Our results show that AFA can still succeed to recover the full master key. To evaluate security of PRINCE against fault attacks, we utilize AFA to calculate the reduced entropy of the secret key for given amount of fault injections. The results can interpret and compare the efficiency of previous work. Under nibble-based fault model, the master key of PRINCE can be reduced to 2 9.69 and 2 36.10 with 3 and 2 fault injections on average, respectively.

Vincent Giraud,Guillaume Bouffard

DOI: https://doi.org/10.48550/arXiv.2305.02855

2023-05-04

Cryptography and Security

Abstract:Private and public actors increasingly encounter use cases where they need to implement sensitive operations on mass-market peripherals for which they have little or no control. They are sometimes inclined to attempt this without using hardware-assisted equipment, such as secure elements. In this case, the white-box attack model is particularly relevant and includes access to every asset, retro-engineering, and binary instrumentation by attackers. At the same time, quantum attacks are becoming more and more of a threat and challenge traditional asymmetrical ciphers, which are treasured by private and public actors. The McEliece cryptosystem is a code-based public key algorithm introduced in 1978 that is not subject to well-known quantum attacks and that could be implemented in an uncontrolled environment. During the NIST post-quantum cryptography standardization process, a derived candidate commonly refer to as classic McEliece was selected. This algorithm is however vulnerable to some fault injection attacks while a priori, this does not apply to the original McEliece. In this article, we thus focus on the original McEliece cryptosystem and we study its resilience against fault injection attacks on an ARM reference implementation. We disclose the first fault injection based attack and we discuss on how to modify the original McEliece cryptosystem to make it resilient to fault injection attacks.

Fan Zhang,Yiran Zhang,Shengwen Shi,Shize Guo,Ziyuan Liang,Samiya Qureshi,Congyuan Xu

DOI: https://doi.org/10.1109/PADSW.2018.8644906

2018-01-01

Abstract:An optimized lightweight Hardware Trojan (HT)based fault attack is proposed, especially for those resource-constrained environments such as IoT networks. Firstly, Algebraic fault analysis (AFA)is introduced to evaluate different fault models and search for the optimal one. Next, considering the limited resource, a lightweight HT is carefully designed which only flips one bit of the circuit in IoT device. Finally, AFA is applied again to exploit the fault and recover the secret key. An illustrative attack is demonstrated on DES implemented on an FPGA platform, SASEBO-GII. This paper shows that, for single bit fault injection at different rounds or different indexes in the same round, the reduced key search space of DES varies. The proposed technique can search for the optimal fault model, guide the lightweight Hardware Trojan design and automatically recover the secret key. Only one fault is required to recover the secret key of DES, which improves the stealthiness of the designed Hardware Trojan in IoT networks. The entire attack framework can also be applied to other block ciphers such as AES and PRESENT.

Qingyuan Yu,Xiaoyang Dong,Lingyue Qin,Yongze Kang,Keting Jia,Xiaoyun Wang,Guoyan Zhang

DOI: https://doi.org/10.46586/tches.v2023.i4.1-31

2023-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Fault analysis is a powerful technique to retrieve secret keys by exploiting side-channel information. Differential fault analysis (DFA) is one of the most powerful threats utilizing differential information between correct and faulty ciphertexts and can recover keys for symmetric-key cryptosystems efficiently. Since DFA usually targets the first or last few rounds of the block ciphers, some countermeasures against DFA only protect the first and last few rounds for efficiency. Therefore, to explore how many rounds DFA can affect is very important to make sure how many rounds to protect in practice. At CHES 2011, Derbez et al. proposed an improved DFA on AES based on MitM approach, which covers one more round than previous DFAs. To perform good (or optimal) MitM DFA on block ciphers, the good (or optimal) attack configurations should be identified, such as the location where the faults inject, the matching point with differential relationship, and the two independent computation paths where two independent subsets of the key are involved. In this paper, we formulate the essential ideas of the construction of the attack, and translate the problem of searching for the best MitM DFA into optimization problems under constraints in Mixed-Integer-Linear-Programming (MILP) models. With the models, we achieve more powerful and practical DFA attacks on SKINNY, CRAFT, QARMA, PRINCE, PRINCEv2, and MIDORI with faults injected in 1 to 9 earlier rounds than the best previous DFAs.