Paper 2017/088

A Differential Fault Attack on Plantlet

Subhamoy Maitra and Akhilesh Siddhanti


Lightweight stream ciphers have received serious attention in the last few years. The present design paradigm considers very small state (less than twice the key size) and use of the secret key bits during pseudo-random stream generation. One such effort, Sprout, had been proposed two years back and it was broken almost immediately. After carefully studying these attacks, a modified version named Plantlet has been designed very recently. While the designers of Plantlet do not provide any analysis on fault attack, we note that Plantlet is even weaker than Sprout in terms of Differential Fault Attack (DFA). Our investigation, following the similar ideas as in the analysis against Sprout, shows that we require only around 4 faults to break Plantlet by DFA in a few hours time. While fault attack is indeed difficult to implement and our result does not provide any weakness of the cipher in normal mode, we believe that these initial results will be useful for further understanding of Plantlet.

Available format(s)
Publication info
Preprint. MINOR revision.
CryptanalysisFault AttackPlantletStream Cipher
Contact author(s)
subho @ isical ac in
2017-02-10: received
Short URL
Creative Commons Attribution


      author = {Subhamoy Maitra and Akhilesh Siddhanti},
      title = {A Differential Fault Attack on Plantlet},
      howpublished = {Cryptology ePrint Archive, Paper 2017/088},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.