Paper 2021/712

DEFAULT: Cipher Level Resistance Against Differential Fault Attack

Anubhab Baksi, Shivam Bhasin, Jakub Breier, Mustafa Khairallah, Thomas Peyrin, Sumanta Sarkar, and Siang Meng Sim

Abstract

Differential Fault Analysis (DFA) is a well known cryptanalytic technique that exploits faulty outputs of an encryption device. Despite its popularity and similarity with the classical Differential Analysis (DA), a thorough analysis explaining DFA from a designer's point of view is missing in the literature. To the best of our knowledge, no DFA immune cipher at an algorithmic level has been proposed so far. Furthermore, all known DFA countermeasures somehow depend on the device/protocol or on the implementation such as duplication/comparison. As all of these are outside the scope of the cipher designer, we focus on designing a primitive which can protect from DFA on its own. We present the first concept of cipher level DFA resistance which does not rely on any device/protocol related assumption, nor does it depend on any form of duplication. Our construction is simple, software/hardware friendly and DFA security scales up with the state size. It can be plugged before and/or after (almost) any symmetric key cipher and will ensure a non-trivial search complexity against DFA. One key component in our DFA protection layer is an SBox with linear structures. Such SBoxes have never been used in cipher design as they generally perform poorly against differential attacks. We argue that they in fact represent an interesting trade-off between good cryptographic properties and DFA resistance. As a proof of concept, we construct a DFA protecting layer, named DEFAULT-LAYER, as well as a full-fledged block cipher DEFAULT. Our solutions compare favourably to the state-of-the-art, offering advantages over the sophisticated duplication based solutions like impeccable circuits/CRAFT or infective countermeasures.

Note: Updated version of DEFAULT cipher (stronger key schedule) to avoid information combining attacks

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in Asiacrypt 2021
Keywords
differential fault attackprotectionSBoxdifferential attackDEFAULT
Contact author(s)
crypto s m sim @ gmail com
History
2021-09-20: revised
2021-05-28: received
See all versions
Short URL
https://ia.cr/2021/712
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/712,
      author = {Anubhab Baksi and Shivam Bhasin and Jakub Breier and Mustafa Khairallah and Thomas Peyrin and Sumanta Sarkar and Siang Meng Sim},
      title = {DEFAULT: Cipher Level Resistance Against Differential Fault Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2021/712},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/712}},
      url = {https://eprint.iacr.org/2021/712}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.