Paper 2013/029

Improved Differential Fault Attack on MICKEY 2.0

Subhadeep Banik, Subhamoy Maitra, and Santanu Sarkar

Abstract

In this paper we describe several ideas related to Differential Fault Attack (DFA) on MICKEY 2.0, a stream cipher from eStream hardware profile. Using the standard assumptions for fault attacks, we first show that if the adversary can induce random single bit faults in the internal state of the cipher, then by injecting around $2^{16.7}$ faults and performing $2^{32.5}$ computations on an average, it is possible to recover the entire internal state of MICKEY at the beginning of the key-stream generation phase. We further consider the scenario where the fault may affect more than one (at most three) neighbouring bits and in that case we require around $2^{18.4}$ faults on an average to mount the DFA. We further show that if the attacker can solve multivariate equations (say, using SAT solvers) then the attack can be carried out using around $2^{14.7}$ faults in the single-bit fault model and $2^{16.06}$ faults for the multiple-bit scenario.

Metadata
Available format(s)
PDF
Publication info
A major revision of an IACR publication in CHES 2013
DOI
10.1007/978-3-642-40349-1_13
Keywords
eStreamFault attacksMICKEY 2.0Stream Cipher
Contact author(s)
subho @ isical ac in
History
2014-01-29: revised
2013-01-24: received
See all versions
Short URL
https://ia.cr/2013/029
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/029,
      author = {Subhadeep Banik and Subhamoy Maitra and Santanu Sarkar},
      title = {Improved Differential Fault Attack on {MICKEY} 2.0},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/029},
      year = {2013},
      doi = {10.1007/978-3-642-40349-1_13},
      url = {https://eprint.iacr.org/2013/029}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.