Cryptology ePrint Archive: Report 2015/347

Fault Analysis of Kuznyechik

Riham AlTawy and Onur Duman and Amr M. Youssef

Abstract: Kuznyechik is an SPN block cipher that has been chosen recently to be standardized by the Russian federation as a new GOST cipher. In this paper, we present two fault analysis attacks on two different settings of the cipher. The first attack is a differential fault attack which employs the random byte fault model, where the attacker is assumed to be able to fault a random byte in rounds seven and eight. Using this fault model enables the attacker to recover the master key using an average of four faults. The second attack considers the cipher with a secret sbox. By utilizing an ineffective fault analysis in the byte stuck-at-zero fault model, we present a four stage attack to recover both the master key and the secret sbox parameters. Our second attack is motivated by the fact that, similar to GOST 28147-89, Kuznyechik is expected to include the option of using secret sbox based on the user supplied key to increase its security margin. Both the presented attacks have practical complexities and aim to demonstrate the importance of protecting the hardware and software implementations of the new standard even if its sbox is kept secret.

Category / Keywords: secret-key cryptography / Kuznyechik, Differential fault analysis, Ineffective fault analysis, GOSTGrasshopper

Original Publication (in the same form): CTCrypt 2015

Date: received 17 Apr 2015

Contact author: r altawy at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150423:022827 (All versions of this report)

Short URL: ia.cr/2015/347

Discussion forum: Show discussion | Start new discussion