Paper 2012/286

Protecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis

Sk Subidh Ali and Debdeep Mukhopadhyay

Abstract

In this paper we propose a new differential fault analysis (DFA) on CLEFIA of 128-bit key. The proposed attack requires to induce byte faults at the fourteenth round of CLEFIA encryption. The attack uses only two pairs of fault-free and faulty ciphertexts and uniquely determines the 128-bit secret key. The attacker does not need to know the plaintext. The most efficient reported fault attack on CLEFIA, needs fault induction at the fifteenth round of encryption and can be performed with two pairs of fault-free and faulty ciphertexts and brute-force search of around 20 bits. Therefore, the proposed attack can evade the countermeasures against the existing DFAs which only protect the last four rounds of encryption. Extensive simulation results have been presented to validate the proposed attack. The simulation results show that the attack can retrieve the 128-bit secret key in around one minute of execution time. To the best of authors’ knowledge the proposed attack is the most efficient attack in terms of both the input requirements as well as the complexity.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Differential Fault AnalysisDFAFault AttackCLEFIAGeneralized Feistel Structure.
Contact author(s)
subidh @ gmail com
History
2012-05-29: received
Short URL
https://ia.cr/2012/286
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/286,
      author = {Sk Subidh Ali and Debdeep Mukhopadhyay},
      title = {Protecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis},
      howpublished = {Cryptology ePrint Archive, Paper 2012/286},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/286}},
      url = {https://eprint.iacr.org/2012/286}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.