You are looking at a specific version 20190702:142130 of this paper. See the latest version.

Paper 2019/760

Differential Fault Analysis of NORX

Amit Jana and Dhiman Saha and Goutam Paul

Abstract

In recent literature, there has been a particular interest in studying nonce based AE schemes in the light of fault based attacks as they seem to present an automatic protection against Differential Fault Attacks (DFA). In this work, we present the first DFA on nonce based CAESAR scheme NORX. We demonstrate a scenario when faults introduced in NORX in parallel mode can be used to collide the internal state to produce an \emph{all-zero} state. We later show how this can be used to replay NORX despite being instantiated by different nonces, messages. Once replayed, we show how the key of NORX can be recovered using secondary faults and using the faulty tags. We use different fault models to showcase the versatility of the attack strategy. A detailed theoretical analysis of the expected number of faults required under various models is also furnished. Under the random bit flip model, around 1384 faults are to be induced to reduce the key space from $2^{128}$ to $2^{32}$ while the random byte flip model requires 136 faults to uniquely identify the key. To the best of our knowledge, this is the first fault attack that uses \emph{both internal} and \emph{classical differentials} to mount a DFA on a nonce based authenticated cipher which is otherwise believed to be immune to DFA.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Contact author(s)
janaamit001 @ gmail com
History
2019-07-02: received
Short URL
https://ia.cr/2019/760
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.