Paper 2017/678

Differential Fault Attack on Grain v1, ACORN v3 and Lizard

Akhilesh Anilkumar Siddhanti, Santanu Sarkar, Subhamoy Maitra, and Anupam Chattopadhyay


Differential Fault Attack (DFA) is presently a very well known technique to evaluate security of a stream cipher. This considers that the stream cipher can be weakened by injection of the fault. In this paper we study DFA on three ciphers, namely Grain v1, Lizard and ACORN v3. We show that Grain v1 (an eStream cipher) can be attacked with injection of only 5 faults instead of 10 that has been reported in 2012. For the first time, we have mounted the fault attack on Lizard, a very recent design and show that one requires only 5 faults to obtain the state. ACORN v3 is a third round candidate of CAESAR and there is only one hard fault attack on an earlier version of this cipher. However, the `hard fault' model requires a lot more assumption than the generic DFA. In this paper, we mount a DFA on ACORN v3 that requires 9 faults to obtain the state. In case of Grain v1 and ACORN v3, we can obtain the secret key once the state is known. However, that is not immediate in case of Lizard. While we have used the basic framework of DFA that appears in literature quite frequently, specific tweaks have to be explored to mount the actual attacks that were not used earlier. To the best of our knowledge, these are the best known DFA on these three ciphers.

Available format(s)
Publication info
Preprint. MINOR revision.
Differential Fault AttackStream CipherGrain v1ACORN v3Lizard
Contact author(s)
subho @ isial ac in
2017-07-12: received
Short URL
Creative Commons Attribution


      author = {Akhilesh Anilkumar Siddhanti and Santanu Sarkar and Subhamoy Maitra and Anupam Chattopadhyay},
      title = {Differential Fault Attack on Grain v1, ACORN v3 and Lizard},
      howpublished = {Cryptology ePrint Archive, Paper 2017/678},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.