• Title/Summary/Keyword: Differential attack

Search Result 179, Processing Time 0.021 seconds

Vulnerability of Carry Random Scalar Recoding Method against Differential Power Analysis Attack (차분 전력 분석 공격에 대한 캐리 기반 랜덤 리코딩 방법의 취약성)

  • Ha, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.5
    • /
    • pp.1099-1103
    • /
    • 2016
  • The user's secret key can be retrieved by the leakage informations of power consumption occurred during the execution of scalar multiplication for elliptic curve cryptographic algorithm which can be embedded on a security device. Recently, a carry random recoding method is proposed to prevent simple power and differential power analysis attack by recoding the secret key. In this paper, we show that this recoding method is still vulnerable to the differential power analysis attack due to the limitation of the size of carry bits, which is a different from the original claim.

Security Analysis of the Lightweight Cryptosystem TWINE in the Internet of Things

  • Li, Wei;Zhang, Wenwen;Gu, Dawu;Tao, Zhi;Zhou, Zhihong;Liu, Ya;Liu, Zhiqiang
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.2
    • /
    • pp.793-810
    • /
    • 2015
  • The TWINE is a new Generalized Feistel Structure (GFS) lightweight cryptosystem in the Internet of Things. It has 36 rounds and the key lengths support 80 bits and 128 bits, which are flexible to provide security for the RFID, smart cards and other highly-constrained devices. Due to the strong attacking ability, fast speed, simple implementation and other characteristics, the differential fault analysis has become an important method to evaluate the security of lightweight cryptosystems. On the basis of the 4-bit fault model and the differential analysis, we propose an effective differential fault attack on the TWINE cryptosystem. Mathematical analysis and simulating experiments show that the attack could recover its 80-bit and 128-bit secret keys by introducing 8 faulty ciphertexts and 18 faulty ciphertexts on average, respectively. The result in this study describes that the TWINE is vulnerable to differential fault analysis. It will be beneficial to the analysis of the same type of other iterated lightweight cryptosystems in the Internet of Things.

Differential Fault Analysis on Block Cipher Piccolo-80 (블록 암호 Piccolo-80에 대한 차분 오류 공격)

  • Jeong, Ki-Tae
    • Journal of Advanced Navigation Technology
    • /
    • v.16 no.3
    • /
    • pp.510-517
    • /
    • 2012
  • Piccolo-80 is a 64-bit ultra-light block cipher suitable for the constrained environments such as wireless sensor network environments. In this paper, we propose a differential fault analysis on Piccolo-80. Based on a random byte fault model, our attack can the secret key of Piccolo-80 by using the exhaustive search of $2^{24}$ and six random byte fault injections on average. It can be simulated on a general PC within a few seconds. This result is the first known side-channel attack result on Piccolo-80.

Differential Fault Analysis for Round-Reduced AES by Fault Injection

  • Park, Jea-Hoon;Moon, Sang-Jae;Choi, Doo-Ho;Kang, You-Sung;Ha, Jae-Cheol
    • ETRI Journal
    • /
    • v.33 no.3
    • /
    • pp.434-442
    • /
    • 2011
  • This paper presents a practical differential fault analysis method for the faulty Advanced Encryption Standard (AES) with a reduced round by means of a semi-invasive fault injection. To verify our proposal, we implement the AES software on the ATmega128 microcontroller as recommended in the standard document FIPS 197. We reduce the number of rounds using a laser beam injection in the experiment. To deduce the initial round key, we perform an exhaustive search for possible key bytes associated with faulty ciphertexts. Based on the simulation result, our proposal extracts the AES 128-bit secret key in less than 10 hours with 10 pairs of plaintext and faulty ciphertext.

Security Analysis on the Full-Round SCO-1 (블록 암호 SCO-1에 대한 안전성 분석)

  • Jeong, Ki-Tae;Lee, Chang-Hoon;Kim, Jong-Sung;Hong, Seok-Hie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.4
    • /
    • pp.27-35
    • /
    • 2008
  • In this paper we show that the full-round SCO-1[12] is vulnerable to the related-key differential attack. The attack on the full-round SCO-1 requires $2^{61}$ related-key chosen ciphertexts and $2^{120.59}$ full-round SCO-1 decryptions. This work is the first known attack on SCO-1.

A Secure Masking-based ARIA Countermeasure for Low Memory Environment Resistant to Differential Power Attack (저메모리 환경에 적합한 마스킹기반의 ARIA 구현)

  • Yoo Hyung-So;Kim Chang-Kyun;Park Il-Hwan;Moon Sang-Jae;Ha Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.3
    • /
    • pp.143-155
    • /
    • 2006
  • ARIA is a 128-bit block cipher, which became a Korean Standard in 2004. According to recent research, this cipher is attacked by first order DPA attack. In this paper, we propose a new masking technique as a countermeasure against first order DPA attack and apply it to the ARIA. The proposed method is suitable for low memory environment. By using this countermeasure, we verified that it is secure against first order DPA attack. In addition, our method based on precomputation of inverse table can reduce the computational cost as increasing the number of S-BOX masking.

CKGS: A Way Of Compressed Key Guessing Space to Reduce Ghost Peaks

  • Li, Di;Li, Lang;Ou, Yu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.16 no.3
    • /
    • pp.1047-1062
    • /
    • 2022
  • Differential power analysis (DPA) is disturbed by ghost peaks. There is a phenomenon that the mean absolute difference (MAD) value of the wrong key is higher than the correct key. We propose a compressed key guessing space (CKGS) scheme to solve this problem and analyze the AES algorithm. The DPA based on this scheme is named CKGS-DPA. Unlike traditional DPA, the CKGS-DPA uses two power leakage points for a combined attack. The first power leakage point is used to determine the key candidate interval, and the second is used for the final attack. First, we study the law of MAD values distribution when the attack point is AddRoundKey and explain why this point is not suitable for DPA. According to this law, we modify the selection function to change the distribution of MAD values. Then a key-related value screening algorithm is proposed to obtain key information. Finally, we construct two key candidate intervals of size 16 and reduce the key guessing space of the SubBytes attack from 256 to 32. Simulation experimental results show that CKGS-DPA reduces the power traces demand by 25% compared with DPA. Experiments performed on the ASCAD dataset show that CKGS-DPA reduces the power traces demand by at least 41% compared with DPA.

Novel Differential Fault Attack Using Function-Skipping on AES (함수 생략 오류를 이용하는 AES에 대한 신규 차분 오류 공격)

  • Kim, Ju-Hwan;Lee, JongHyeok;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1263-1270
    • /
    • 2020
  • The differential fault attacks (DFA) are cryptoanalysis methods that reveal the secret key utilizing differences between the normal and faulty ciphertexts, which occurred when artificial faults are injected into an encryption device. The conventional DFA methods use faults to falsify intermediate values. Meanwhile, we propose the novel DFA method that uses a fault to skip a function. The proposed method has a very low attack complexity that reveals the secret key using one fault injected ciphertext within seconds. Also, we proposed a method that filters out ciphertexts where the injected faults did not occur the function-skipping. It makes our method realistic. To demonstrate the proposed method, we performed fault injection on the Riscure's Piñata board. As a result, the proposed method can filter out and reveal the secret key within seconds on a real device.

Differential Cryptanalysis of a 20-Round Reduced SMS4 Block Cipher (축소된 20-라운드 SMS4에 대한 차분 공격)

  • Kim, Tae-Hyun;Kim, Jong-Sung;Sung, Jae-Chul;Hong, Seok-Hie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.4
    • /
    • pp.37-44
    • /
    • 2008
  • The 128-bit block cipher SMS4 which is used in WAPI, the Chinese WALN national standard, uses a 128-bit user key with the number of 32 rounds. In this paper, we present a differential attack on the 20-round SMS4 using 16-round differential characteristic. This attack requires $2^{126}$ chosen plaintexts with $2^{105.85}$ 20-round SMS4 decryptions. This result is better than any previously known cryptanalytic results on SMS4 in terms of the numbers of attacked rounds.

Differential Fault Analysis on AES by Recovering of Intermediate Ciphertext (중간 암호문 복구 방법을 이용한 AES 차분오류공격)

  • Baek, Yi-Roo;Gil, Kwang-Eun;Park, Jea-Hoon;Moon, Sang-Jae;Ha, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.5
    • /
    • pp.167-174
    • /
    • 2009
  • Recently, Li et al. proposed a new differential fault analysis(DFA) attack on the block cipher ARIA using about 45 ciphertexts. In this paper, we apply their DFA skill on AES and improve attack method and its analysis. The basic idea of our DFA method is that we recover intermediate ciphertexts in last round using final faulty ciphertexts and find out last round secret key. In addition, we present detail DFA procedure on AES and analysis of complexity. Furthermore computer simulation result shows that we can recover its 128-bit secret key by introducing a correct ciphertext and 2 faulty ciphertexts.