Citation: | XIE Min, TIAN Feng, LI Jiaqi, “Differential Fault Attack on GIFT,” Chinese Journal of Electronics, vol. 30, no. 4, pp. 669-675, 2021, doi: 10.1049/cje.2021.05.008 |
GIFT, a lightweight block cipher proposed at CHES2017, has been widely cryptanalyzed this years. This paper studies the differential diffusion characteristics of round function of GIFT at first, and proposes a random nibble-based differential fault attack. The key recovery scheme is developed on the statistical properties we found for the differential distribution table of the S-box. A lot of experiments had been done and experimental results show that one round key can be retrieved with an average of 20.24 and 44.96 fault injections for GIFT-64 and GIFT-128 respectively. Further analysis shows that a certain number of fault injections recover most key bits. So we demonstrate an improved fault attack combined with the method of exhaustive search, which shows that the master key can be recovered by performing 216 and 217 computations and injecting 31 and 32 faults on an average for GIFT-64 and GIFT-128 respectively.
A. Bogdanov, L.R. Knudsen, G. Leander, et al., "PRESENT:An ultra-lightweight block cipher", Proc. of International Workshop on Cryptographic Hardware and Embedded Systems, LNCS, Vol.4727, pp.450-466, 2007.
|
S. Banik, S.K. Pandey, T. Peyrin, et al., "GIFT:A small present", Proc. of Cryptographic Hardware and Embedded Systems, LNCS, Vol.10529, pp.321-345, 2017.
|
N. Gupta, A. Jati, A. Chattopadhyay, et al., "Threshold Implementations of GIFT:A trade-off analysis", IACR Cryptology ePrint Archive, 2017/1040, 2017.
|
Y. Sasaki, "Integer linear programming for three-subset meet-in-the-middle attacks:Application to GIFT", Proc. of International Workshop on Security, LNCS, Vol.11049, pp.227-243, 2018.
|
L. Dalmasso, F. Bruguier, P. Benoit, et al., "Evaluation of SPN-based lightweight crypto-ciphers", IEEE Access, Vol.7, pp.10559-10567, 2019.
|
G. Han, H. Zhao and C. Zhao, "Unbalanced biclique cryptanalysis of full-round GIFT", IEEE Access, Vol.7, pp.144425-144432, 2019.
|
B. Zhu, X. Dong and H. Yu, "MILP-based differential attack on round-reduced GIFT", Proc. of Cryptographers' Track at the RSA Conference, San Francisco, CA, USA, pp.372-390, 2019.
|
S. Saha, D. Mukhopadhyay and P. Dasgupta, "ExpFault:An automated framework for exploitable fault characterization in block ciphers", IACR Trans. Cryptographic Hardware and Embedded Systems, Vol.2, pp.242-276, 2018.
|
T.Y. Feng, Y.Z. WEI, et al., "Differential Fault Analysis on Lightweight Block Cipher GIFT", Journal of Cryptologic Research, Vol.6, No.3, pp.324-335, 2019.
|
D. Boneh, R. DeMillo and R. Lipton, "On the importance of checking cryptographic protocols for faults", Advances in Cryptology -EUROCRYPT97, LNCS, Vol.1233, pp.37-51, 1997.
|
E. Biham and A. Shamir, "Differential fault analysis of secret key cryptosystems", Advances in Cryptology -CRYPTO 97, LNCS, Vol.1294, pp.513-525, 1997.
|
Y.B. Zhou, W.L. Wu, N.N. Xu, et al. "Differential fault attack on Camellia", Chinese Journal of Electronics, Vol.18, No.1, pp.13-19, 2009.
|
C.H. Kim, "Differential fault analysis against AES-192 and AES-256 with minimal faults", Proc. of 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography, Santa Barbara, CA, USA, pp.3-9, 2010.
|
P. Jovanovic, M. Kreuzer, and I. Polian, "A fault attack on the LED block cipher", Proc. of Constructive Side-Channel Analysis and Secure Design, LNCS, Vol.7275, pp.120-134, 2012.
|
S Gao, H Chen, L Fan, et al., "Improved fault attack on LBlock:Earlier injection with no extra faults", Chinese Journal of Electronics, Vol.26, No.4, pp.754-759, 2017.
|
J.Y Feng, H Chen, S Gao, et al., "Fault analysis on a new block cipher DBlock with at most two fault injections", Chinese Journal of Electronics, Vol.27, No.6, pp.1277-1282, 2018.
|