Practical Fault Attacks On Minalpher: How To Recover Key With Minimum Faults?

SECURITY, PRIVACY, AND APPLIED CRYPTOGRAPHY ENGINEERING, SPACE 2017(2017)

引用 2|浏览25
暂无评分
摘要
This work presents two differential fault attacks (or DFA) on Minalpher, a second round CAESAR candidate under practical fault model with as few faults as possible. Minalpher uses a new primitive called tweakable Even-Mansour, based on a permutation-based block-cipher proposed by Even and Mansour and to the best of our knowledge, no practical DFA has yet been reported on it. In the first DFA, only two random faults have been injected on two consecutive 4-bit nibbles (i.e. within total 8 bits) of a specific internal state. We show that (i) if both the faults are injected at the same nibble the key-space for the intermediate key can be reduced significantly from 2(256) to 2(32) and (ii) if the faults are injected at different positions, the key-space for the intermediate key can be reduced further to only 2(16). In the second DFA, we first consider two faults into a single nibble, which reduces the keyspace from 2(256) to 2(48). Moreover, we show that one additional fault (i.e. total three faults) helps to reduce the key -space significantly to 2(8). We can compute the correct intermediate key by observing a few more plain-text, cipher-text pairs, which helps in computing valid cipher-text, tag pairs for any message and associated data under a fixed nonce.
更多
查看译文
关键词
Minalpher,Fault,DFA,Tweakable Even Mansour,Nibble
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要