You are looking at a specific version 20100522:135941 of this paper. See the latest version.

Paper 2010/026

Further Improved Differential Fault Analysis on Camellia by Exploring Fault Width and Depth

Xin-jie Zhao and Tao Wang

Abstract

In this paper, we present two further improved differential fault analysis methods on Camellia by exploring fault width and depth. Our first method broadens the fault width of previous Camellia attacks, injects multiple byte faults into the rth round left register to recover multiple bytes of the rth round equivalent key, and obtains Camellia-128,192/256 key with at least 8 and 12 faulty ciphertexts respectively; our second method extends fault depth of previous Camellia attacks, injects one byte fault into the r-2th round left register to recover full 8 bytes of the rth round equivalent key, 5-6 bytes of the r-1th round equivalent key, 1 byte of the r-2th round equivalent key, and obtains Camellia-128,192/256 key with 4 and 6 faulty ciphertexts respectively. Simulation experiments demonstrate: due to its reversible permutation function, Camellia is vulnerable to multiple bytes fault attack, the attack efficiency is increased with fault width, this feature greatly improves fault attack’s practicalities; and due to its Feistel structure, Camellia is also vulnerable to deep single byte fault attack, 4 and 6 faulty ciphertexts are enough to reduce Camellia-128 and Camellia-192/256 key hypotheses to 222.2 and 231.8 respectively.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
Differential fault analysisFeistel structureSPN structureCamelliaBlock cipherFault width and depth
Contact author(s)
zhaoxinjieem @ 163 com
History
2010-05-22: last of 5 revisions
2010-01-19: received
See all versions
Short URL
https://ia.cr/2010/026
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.