Differential Fault Attack on Grain v1, ACORN v3 and Lizard

@article{Siddhanti2017DifferentialFA,
  title={Differential Fault Attack on Grain v1, ACORN v3 and Lizard},
  author={Akhilesh Anilkumar Siddhanti and Santanu Sarkar and Subhamoy Maitra and Anupam Chattopadhyay},
  journal={IACR Cryptol. ePrint Arch.},
  year={2017},
  volume={2017},
  pages={678}
}
Differential Fault Attack (DFA) is a very well known technique to evaluate security of a stream cipher. This considers that the stream cipher can be weakened by injection of the fault. In this paper we study DFA on three ciphers, namely Grain v1, Lizard and ACORN v3. We show that Grain v1 (an eStream cipher) can be attacked with injection of only 5 faults instead of 10 that has been reported in 2012. For the first time, we have mounted the fault attack on Lizard, a very recent design and show… 
Fault Attack on the Authenticated Cipher ACORN v2
TLDR
This work introduces a fault attack on the CAESAR candidate ACORN v2 and provides some insights into the diffusion ability of such compact stream ciphers.
A new chosen IV statistical distinguishing framework to attack symmetric ciphers, and its application to ACORN-v3 and Grain-128a
TLDR
A new attack framework based upon cube testers and d-monomial test that is applicable to all symmetric ciphers and hash functions and can reveal weaknesses that are not possible to find by other statistical tests is proposed.
SAT Solvers and their Limits with NFSR-based Stream Ciphers: an Example with Grain v1
TLDR
This paper examines the initialization phase of Grain v1 for SAT-based cryptanalysis, a stream cipher family that combines linear and nonlinear operations with a certain amount of initial clock steps without producing keystream bits for encryption.
A Survey On Fault Attacks On Symmetric Key Cryptosystems
TLDR
This work, which covers a wide spectrum in the present day research on fault attacks that fall under the purview of the symmetric key cryptography, aims at fulfilling the absence of an up-to-date survey.
Fault Attacks In Symmetric Key Cryptosystems Systemization of Knowledge
TLDR
This work, which covers a wide spectrum in the present day research on fault attacks that fall under the purview of the symmetric key cryptography, aims at fulfilling the absence of an up-to-date survey.
Practical Algebraic Side-Channel Attacks Against ACORN
TLDR
This paper details the results obtained when putting the attack into practice against a software implementation running on a 32-bit micro-controller and proposes two optimizations of the reference attack: one that requires less knowledge of initial vectors and another one that is less prone to errors and requires fewer acquisitions.
Breaking ACORN at Bitstream Level
  • M. Moraitis, E. Dubrova, Kalle Ngo
  • Computer Science, Mathematics
    2020 IFIP/IEEE 28th International Conference on Very Large Scale Integration (VLSI-SOC)
  • 2020
TLDR
This paper attacks an SRAM-based FPGA implementation of ACORN v3 stream cipher, a finalist of CAESAR cryptographic competition for authenticated encryption, and shows that even the most recently designed algorithms are also vulnerable to physical attacks.
On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks
TLDR
The Lizard-construction is proposed and analyzed, a new way to build stream ciphers that has an inner state length of only 121 bits and surpasses Grain v1, the most hardware efficient member of the eSTREAM portfolio, in important metrics for lightweight cipher such as chip area and power consumption.
RS-Mask: Random Space Masking as an Integrated Countermeasure against Power and Fault Analysis
TLDR
This paper proposes random space masking (RS-Mask) as a countermeasure against both power analysis and statistical fault analysis (SFA) techniques, and implements RS-Mask on AES, and shows that a SIFA attack is not able to identify the correct key.
Fault Location Identification By Machine Learning
TLDR
It is shown that a machine learning method is more powerful than the existing correlation coefficient, aside from being simpler to implement, and can be considered as a replacement for the correlation in the future research works.
...
...

References

SHOWING 1-10 OF 18 REFERENCES
Differential Fault Attack against Grain Family with Very Few Faults and Minimal Assumptions
TLDR
This paper presents a significantly improved scenario from the adversarial point of view for DFA against the Grain family of stream ciphers, and considers that the cipher has to be re-keyed only a few times and faults can be injected at any random location and at anyrandom point of time.
A Differential Fault Attack on the Grain Family of Stream Ciphers
TLDR
It is shown that the differential fault attack can indeed be efficiently mounted for the Boolean function used in Grain v1 and the exact design criteria for Boolean functions to be used in grain like structure is provided.
A Differential Fault Attack on MICKEY 2.0
TLDR
A differential fault attack on the stream cipher MICKEY 2.0, which is in eStream's hardware portfolio, is presented and it is shown that if the adversary can induce random single bit faults in the internal state of the cipher, it is possible to recover the entireinternal state of MICKEY at the beginning of the key-stream generation phase.
A Differential Fault Attack on Plantlet
TLDR
This investigation shows that Plantlet is even weaker than Sprout in terms of Differential Fault Attack (DFA), and it requires only around 4 faults to break Plantlet by DFA in a few hours time.
Improved differential fault attack on MICKEY 2.0
TLDR
This paper describes several ideas related to differential fault attack (DFA) on MICKEY 2.0, a stream cipher from eStream hardware profile, and shows that if the attacker can solve multivariate equations (say, using SAT solvers) then the attack can be carried out using around around $2^{14.7}$$214.7 faults.
Fault analysis of Trivium
TLDR
This paper presents a checking method such that, by observing original key-stream segment and fault injected key- Stream segment, the injecting time and fault positions can be determined, and shows that the attacker can break Trivium by a small number of repeated fault injections.
Differential Fault Analysis of Trivium
TLDR
Differential fault analysis of Trivium is presented and for the first time differential fault analysis is applied to a stream cipher based on shift register with non-linear feedback and two attacks are proposed using fault injection.
Floating Fault Analysis of Trivium
TLDR
An improvement of the differential fault analysis of Trivium, which requires only 3.2 one-bit fault injections in average to recover theTrivium inner state and shows how a change of the cipher representation may result in much better attack.
Full key recovery of ACORN with a single fault
Key Recovery from State Information of Sprout: Application to Cryptanalysis and Fault Attack
TLDR
The designers claim that the secret key of Sprout can not be recovered efficiently from the complete state information using a guess and determine attack, but it is shown that it is possible with a few hundred bits in practical time.
...
...