Paper 2018/295

ExpFault: An Automated Framework for Exploitable Fault Characterization in Block Ciphers (Revised Version)

Sayandeep Saha, Debdeep Mukhopadhyay, and Pallab Dasgupta


Malicious exploitation of faults for extracting secrets is one of the most practical and potent threats to modern cryptographic primitives. Interestingly, not every possible fault for a cryptosystem is maliciously exploitable, and evaluation of the exploitability of a fault is nontrivial. In order to devise precise defense mechanisms against such rogue faults, a comprehensive knowledge is required about the exploitable part of the fault space of a cryptosystem. Unfortunately, the fault space is diversified and of formidable size even while a single crypto-primitive is considered and traditional manual fault analysis techniques may often fall short to practically cover such a fault space within reasonable time. An automation for analyzing individual fault instances for their exploitability is thus inevitable. Such an automation is supposed to work as the core engine for analyzing the fault spaces of cryptographic primitives. In this paper, we propose an automation for evaluating the exploitability status of fault instances from block ciphers, mainly in the context of Differential Fault Analysis (DFA) attacks. The proposed framework is generic and scalable, which are perhaps the two most important features for covering diversified fault spaces of formidable size originating from different ciphers. As a proof-of-concept, we reconstruct some known attack examples on AES and PRESENT using the framework and finally analyze a recently proposed cipher GIFT [BPP + 17] for the first time. It is found that the secret key of GIFT can be determined with 2 nibble fault instances injected consecutively at the beginning of the 25th and 23rd round with remaining key space complexity of 2^7.06 .

Note: One attack described in this work was not well-explained in the CHES 2018 version, which may lead to misconceptions. So, we have revised that part (3-4 paragraphs in the paper).

Available format(s)
Publication info
A minor revision of an IACR publication in TCHES 2018
Fault attack and Block cipher and Automation
Contact author(s)
sayandeep iitkgp @ gmail com
2018-09-20: last of 2 revisions
2018-03-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sayandeep Saha and Debdeep Mukhopadhyay and Pallab Dasgupta},
      title = {ExpFault: An Automated Framework for Exploitable Fault Characterization in Block Ciphers (Revised Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2018/295},
      year = {2018},
      doi = {10.13154/tches.v2018.i2.242-276},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.