Cryptology ePrint Archive: Report 2012/286
Protecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis
Sk Subidh Ali and Debdeep Mukhopadhyay
Abstract: In this paper we propose a new differential fault analysis (DFA) on CLEFIA of 128-bit key. The proposed attack requires to induce byte faults at the fourteenth round of CLEFIA encryption. The attack uses only two pairs of fault-free and faulty ciphertexts and uniquely
determines the 128-bit secret key. The attacker does not need to know
the plaintext. The most efficient reported fault attack on CLEFIA, needs fault induction at the fifteenth round of encryption and can be performed with two pairs of fault-free and faulty ciphertexts and brute-force search of around 20 bits. Therefore, the proposed attack can evade the countermeasures against the existing DFAs which only protect the last four rounds of encryption. Extensive simulation results have been presented to validate the proposed attack. The simulation results show that the attack can retrieve the 128-bit secret key in around one minute of execution time. To the best of authors’ knowledge the proposed attack is the most efficient attack in terms of both the input requirements as well as the complexity.
Category / Keywords: secret-key cryptography / Differential Fault Analysis, DFA, Fault Attack, CLEFIA, Generalized Feistel Structure.
Date: received 22 May 2012
Contact author: subidh at gmail com
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Version: 20120529:201536 (All versions of this report)
Short URL: ia.cr/2012/286
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]