Cryptology ePrint Archive: Report 2019/210

CRAFT: Lightweight Tweakable Block Cipher with Efficient Protection Against DFA Attacks

Christof Beierle and Gregor Leander and Amir Moradi and Shahram Rasoolzadeh

Abstract: Traditionally, countermeasures against physical attacks are integrated into the implementation of cryptographic primitives after the algorithms have been designed for achieving a certain level of cryptanalytic security. This picture has been changed by the introduction of PICARO, ZORRO, and FIDES, where efficient protection against Side-Channel Analysis (SCA) attacks has been considered in their design. In this work we present the tweakable block cipher CRAFT: the efficient protection of its implementations against Differential Fault Analysis (DFA) attacks has been one of the main design criteria, while we provide strong bounds for its security in the related-tweak model. Considering the area footprint of round-based hardware implementations, CRAFT outperforms the other lightweight ciphers with the same state and key size. This holds not only for unprotected implementations but also when fault-detection facilities, side-channel protection, and their combination are integrated into the implementation. In addition to supporting a 64-bit tweak, CRAFT has the additional property that the circuit realizing the encryption can support the decryption functionality as well with very little area overhead.

Category / Keywords: CRAFT, block cipher, tweakable, lightweight, fault detection, involutory

Original Publication (with minor differences): IACR-TOSC-2019

Date: received 23 Feb 2019, last revised 10 Feb 2020

Contact author: christof beierle at rub de, gregor leander at rub de, amir moradi at rub de, shahram rasoolzadeh at rub de

Available format(s): PDF | BibTeX Citation

Note: In the last version we fixed some typos in the related-tweak differentials reported in Section 5.4, together with an update of the differentials and linear hulls which cover a maximum number of rounds.

Version: 20200210:132018 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]