Paper 2017/855

Fault Attack on ACORN v3

Xiaojuan Zhang, Xiutao Feng, and Dongdai Lin

Abstract

Fault attack is one of the most efficient side channel attacks and has attracted much attention in recent public cryptographic literatures. In this work we introduce a fault attack on the authenticated cipher ACORN v3. Our attack is done under the assumption that a fault is injected into an initial state of ACORN v3 randomly, and contains two main steps: fault locating and equation solving. At the first step, we introduce concepts of unique set and non-unique set, where differential strings belonging to unique sets can determine the fault location uniquely. For strings belonging to non-unique sets, we use some strategies to increase the probability of determining the fault location uniquely to almost 1. At the second step, we demonstrate several ways of retrieving equations, and then obtain the initial state by solving equations with the guess-and-determine method. With $n$ fault experiments, we can recover the initial state with time complexity $c \cdot2^{146.5-3.52\cdot n}$, where $c$ is the time complexity of solving linear equations and $26<n<43$. We also apply the attack to ACORN v2, which shows that, comparing with ACORN v2, the tweaked version ACORN v3 is more vulnerable against the fault attack.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
CAESARAuthenticated CipherStream CipherACORNFault Attack
Contact author(s)
zhangxiaojuan @ iie ac cn
History
2017-09-09: received
Short URL
https://ia.cr/2017/855
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2017/855,
      author = {Xiaojuan Zhang and Xiutao Feng and Dongdai Lin},
      title = {Fault Attack on {ACORN} v3},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/855},
      year = {2017},
      url = {https://eprint.iacr.org/2017/855}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.