## Cryptology ePrint Archive: Report 2016/709

Differential Fault Analysis of SHA3-224 and SHA3-256

Pei Luo and Yunsi Fei and Liwei Zhang and A. Adam Ding

Abstract: The security of SHA-3 against different kinds of attacks are of vital importance for crypto systems with SHA-3 as the security engine. In this paper, we look into the differential fault analysis of SHA-3, and this is the first work to conquer SHA3-224 and SHA3-256 using differential fault analysis. Comparing with one existing related work, we relax the fault models and make them realistic for different implementation architectures. We analyze fault propagation in SHA-3 under such single-byte fault models, and propose to use fault signatures at the observed output for analysis and secret retrieval. Results show that the proposed method can effectively identify the injected single-byte faults, and then recover the whole internal state of the input of last round $\chi$ operation ($\chi^{22}_i$) for both SHA3-224 and SHA3-256.

Category / Keywords: cryptographic protocols / SHA-3, Keccak, Fault attacks

Original Publication (with minor differences): The Fault Diagnosis and Tolerance in Cryptography (FDTC) workshop, 2016