Paper 2015/347

Fault Analysis of Kuznyechik

Riham AlTawy, Onur Duman, and Amr M. Youssef

Abstract

Kuznyechik is an SPN block cipher that has been chosen recently to be standardized by the Russian federation as a new GOST cipher. In this paper, we present two fault analysis attacks on two different settings of the cipher. The first attack is a differential fault attack which employs the random byte fault model, where the attacker is assumed to be able to fault a random byte in rounds seven and eight. Using this fault model enables the attacker to recover the master key using an average of four faults. The second attack considers the cipher with a secret sbox. By utilizing an ineffective fault analysis in the byte stuck-at-zero fault model, we present a four stage attack to recover both the master key and the secret sbox parameters. Our second attack is motivated by the fact that, similar to GOST 28147-89, Kuznyechik is expected to include the option of using secret sbox based on the user supplied key to increase its security margin. Both the presented attacks have practical complexities and aim to demonstrate the importance of protecting the hardware and software implementations of the new standard even if its sbox is kept secret.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. CTCrypt 2015
Keywords
KuznyechikDifferential fault analysisIneffective fault analysisGOSTGrasshopper
Contact author(s)
r altawy @ gmail com
History
2015-04-23: received
Short URL
https://ia.cr/2015/347
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/347,
      author = {Riham AlTawy and Onur Duman and Amr M.  Youssef},
      title = {Fault Analysis of Kuznyechik},
      howpublished = {Cryptology ePrint Archive, Paper 2015/347},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/347}},
      url = {https://eprint.iacr.org/2015/347}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.