The ongoing CAESAR competition launched in 2013, aimed to design authenticated encryption schemes for different applications and environments, attracted 57 submissions as candidates. Out of the 57 round 1 submissions, only 29 candidates were selected for round 2. Each of these candidates is to be analyzed carefully. Among these 29 candidates, ACORN is a family of Lightweight Authenticated Ciphers with Associated Data (AEAD). In this paper we propose a hard fault attack on both the versions of ACORN in a nonce-respecting scenario whereby a random bit of the fifth LFSR is permanently stuck at the value '1' before the driving procedure of the encryption device. Without the repetition of the same key-IV pair, this is the first work that we are aware of, where the secret key can be recovered fully with a computational complexity well below the limit of brute force search. With hard fault at a certain position the attack complexity reduces to 255.85. © 2016 Elsevier Ltd. All rights reserved.

AVISHEK ADHIKARI

Pure Mathematics

P DEY

R S ROHIT

University of Calcutta (informally known as Calcutta University or CU) is a collegiate public state university located in Kolkata, West Bengal, India.&nbsp;Within India it is recognized as a &quot;Five-Star University&quot; and accredited &quot;A&quot; Grade by National Assessment and Accreditation Council.

&nbsp;

The University of Calcutta has secured the Fifth position among the Universities of India in the prestigious &quot;Indian University Ranking 2019&quot; list, released by the NIRF of the Ministry of Human Resource Development, Government of India.

&nbsp;

It was established on 24 January 1857, and was one of the first institutions in Asia to be established as a multidisciplinary and Western-style university. Its alumni and faculty include several heads of state, heads of government, social reformers, prominent artists, only academy award winner and Dirac medal winner in India, many Fellows of the Royal Society and five Nobel laureates as of 2019 which is highest in South Asia.

University Of Calcutta

Journal of Information Security and Applications

Differential Fault Attack (DFA) is a very well known technique to evaluate security of a stream cipher. This considers that the stream cipher can be weakened by injection of the fault. In this paper we study DFA on three ciphers, namely Grain v1, Lizard and ACORN v3. We show that Grain v1 (an eStream cipher) can be attacked with injection of only 5 faults instead of 10 that has been reported in 2012. For the first time, we have mounted the fault attack on Lizard, a very recent design and show that one requires only 5 faults to obtain the state. ACORN v3 is a third round candidate of CAESAR and there is only one hard fault attack on an earlier version of this cipher. However, the ‘hard fault’ model requires a lot more assumption than the generic DFA. In this paper, we mount a DFA on ACORN v3 that requires 9 faults to obtain the state. In case of Grain v1 and ACORN v3, we can obtain the secret key once the state is known. However, that is not immediate in case of Lizard. While we have used the basic framework of DFA that appears in literature quite frequently, specific tweaks have to be explored to mount the actual attacks that were not used earlier. To the best of our knowledge, these are the best known DFAs on these three ciphers. © Springer International Publishing AG 2017.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Differential fault attack on grain v1, ACORN v3 and lizard

Tiaoxin and AEGIS are two second round candidates of the ongoing CAESAR competition for authenticated encryption. In 2014, Brice Minaud proposed a distinguisher for AEGIS-256 that can be used to recover bits of a partially known message, encrypted 2188 times, regardless of the keys used. Also he reported a correlation between AEGIS-128 ciphertexts at rounds i and i + 2, although the biases would require 2140 data to be detected. Apart from that, to the best of our knowledge, there is no known cryptanalysis of AEGIS or Tiaoxin. In this paper we propose differential fault analyses of Tiaoxin and AEGIS family of ciphers in a nonce reuse setting. Analysis shows that the secret key of Tiaoxin can be recovered with 384 single bit faults and the states of AEGIS-128, AEGIS-256 and AEGIS-128L can be recovered respectively with 384, 512 and 512 single bit faults. Considering multi byte fault, the number of required faults and re-keying reduces 128 times. © Springer Nature Singapore Pte Ltd. 2016.

Communications in Computer and Information Science

Differential fault analysis on Tiaoxin and AEGIS family of ciphers

Very few differential fault attacks (DFA) were reported on Trivium so far. In 2012, Yupu Hu et al. [4] relaxed adversarial power and allowed faults in random area within eight neighbouring bits at random time but with the major limitation that after each fault injection, the fault positions must not be from different registers. In this paper we present a generic attack strategy that allows the adversary to challenge the cipher under different multi-bit fault models with faults at any unknown random keystream generation round even if bit arrangement of the actual cipher device is unknown and thereby removing the limitation of Yupu Hu et al. To the best of our knowledge, this paper assumes the weakest adversarial power ever considered in the open literature for DFA on Trivium. In particular, if faults are allowed in random area within nine neighbouring bits at random time anywhere in the three registers and the fault injection (at keystream generation) rounds are uniformly distributed over {t,..., t+49}, for any unknown t ≥ 1, then 4 faults always break the cipher, which is a significant improvement over Yupu Hu et al. © Springer International Publishing Switzerland 2014.

Improved multi-bit differential fault analysis of trivium

Differential Fault Attack (DFA) considers injection of faults and the most general set-up should take care of faults at random location and random time. Then one should be able to identify the exact location as well as the exact timing of the fault (including the multi bit ones) with the help of fault signatures. In this paper we solve the problem of DFA under a general frame-work, introducing the idea of probabilistic signatures. The method considers the Maximum Likelihood approach related to probability distributions. Our techniques subsume all the existing DFAs against the Grain family, MICKEY 2.0 and Trivium. In the process we provide improved fault attacks for all the versions of Grain family and also for MICKEY 2.0. Our generalized method successfully takes care of the cases where certain parts of the keystream bits are missing (this situation may arise for authentication purpose). In particular, we show that the unsolved problem of identifying the faults in random time for Grain 128a can be solved in this manner. Moreover, for MICKEY 2.0, our method not only provides improvement in fault identification probability but also reduces the required faults by 60 %, compared to the best known result. © 2016, Springer Science+Business Media New York.

Cryptography and Communications

Probabilistic signature based generalized framework for differential fault analysis of stream ciphers

IFAC-PapersOnLine

Controllability study on fractional order impulsive stochastic differential equation∗∗The work was supported by National Board for Higher Mathematics, Mumbai, India under the grant No: 2/48(5)/2013/NBHM (R.P.)/RD-II/688 dt 16.01.2014.

Journal	Data powered by TypesetJournal of Information Security and Applications
Publisher	Data powered by TypesetElsevier Ltd
ISSN	2214-2134