Differential Fault Analysis on the Key Schedule of the LBlock Algorithm

In 2011, Wu and Zhang proposed a lightweight block cipher named LBlock, whose plaintext size and key size are 64 bits and 80 bits, respectively. As they said, LBlock can be efficiently implemented in constrained hardware environments, such as wireless sensor network. In this paper, we study the security of LBlock against the differential fault analysis (DFA) on its key scheduling. As far as we know, this is the first time the DFA on key schedule is used to analyze LBlock. More concretely, our DFA attack adopts the random nibble fault model. When the fault is injected in the subkeys in round 30 and 31, most bits of the subkeys in round 31 and 32 can be recovered, which leads to the leakage of the bits of master secret key according to the key scheduling. A quantitative analysis of the input-output differentials of the S-boxes in LBlock shows that our attack reduces the searching space of master key from 2(80) to 2(23). Then the exhaustive search of all 2(23) possible keys can uniquely determine the true master key. Finally, we also implement LBlock and simulate the DFA on its key scheduling. The experiment results show that our attack is effective.