and Shamir A., “ Fault analysis of stream ciphers,” in Proc. Duval S., Lallemand V., and Rotella Y., “ Cryptanalysis of the FLIP family of stream ciphers,” in Proc.Carlet C., Méaux P., and Rotella Y., “ Boolean functions with restricted input and their robustness application to the FLIP cipher,” IACR Trans.Canteaut A., et al., “ Stream ciphers: A practical solution for efficient homomorphic-ciphertext compression,” J.and Preneel B., “ Trivium specification,” eSTREAM, ECRYPT Stream Cipher Project, 2005. and Dunkelman O., “ Differential cryptanalysis in stream ciphers.” 2007. Barenghi A., Breveglieri L., Koren I., and Naccache D., “ Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures,” Proc.and Maitra S., “ A differential fault attack on MICKEY 2.0,” in Proc.
TABLEFLIP INFORMATUON TECHNOLOGY SOFTWARE
For single bit fault, one will require to solve a system of equations for each 530 possible fault locations to recover the correct key of FLIP. In case of FLIP, we show that if there is a 1-bit fault in the state of the cipher then from 9000 normal and faulty keystream bits the state (i.e., the secret key) of the cipher can be recovered. We first show that the complete state of the Kreyvium can be recovered by injecting 3 faults and considering 450 many keystream bits. Kreyvium is an NFSR-based stream cipher and FLIP is a permutation-based stream cipher. These two ciphers are being used in Fully Homomorphic Encryption (FHE) due to their low error growth during keystream generation. In this article, we propose key recovery attack on two stream ciphers: Kreyvium and FLIP$_(42,128,360)$530(42,128,360) using Differential Fault Attack (DFA) technique.
0 kommentar(er)
