Paper 2012/349

A Differential Fault Attack on Grain-128a using MACs

Subhadeep Banik, Subhamoy Maitra, and Santanu Sarkar

Abstract

The $32$-bit MAC of Grain-128a is a linear combination of the first 64 and then the alternative keystream bits. In this paper we describe a successful differential fault attack on Grain-128a, in which we recover the secret key by observing the correct and faulty MACs of certain chosen messages. The attack works due to certain properties of the Boolean functions and corresponding choices of the taps from the LFSR. We present methods to identify the fault locations and then construct set of linear equations to obtain the contents of the LFSR and the NFSR. Our attack requires less than $2^{11}$ fault injections and invocations of less than $2^{12}$ MAC generation routines.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
Grain v1Grain-128Grain-128aLFSRMACNFSRStream Cipher.
Contact author(s)
subho @ isical ac in
History
2012-06-22: received
Short URL
https://ia.cr/2012/349
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/349,
      author = {Subhadeep Banik and Subhamoy Maitra and Santanu Sarkar},
      title = {A Differential Fault Attack on Grain-128a using MACs},
      howpublished = {Cryptology ePrint Archive, Paper 2012/349},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/349}},
      url = {https://eprint.iacr.org/2012/349}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.