Sarkar, S.
(2013),
Differential Fault Attack Against Grain Family -- Pushing Towards Very Few Faults using SAT Solver, Workshop on Cryptographic Hardware and Embedded Systems 2013 (CHES 2013)
, Santa Barbara, CA
(Accessed April 20, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Differential Fault Attack Against Grain Family -- Pushing Towards Very Few Faults using SAT Solver
Published
Author(s)
Abstract
There are now a series of published works related to Differential Fault Attack (DFA) on the Grain family, but most of them require quite a large number (hundreds) of faults (around $n \ln n$, where $n = 80$ for Grain v1 and $n = 128$ for Grain-128, Grain-128a). In this paper we construct equations based on the algebraic description of the cipher by introducing new variables so that the degree of the equations do not increase. As it is done in algebraic cryptanalysis, we accumulate such equations based on the fault-free and faulty keystream bits and solve them using the SAT Solver cryptominisat-2.9.5 installed with SAGE 5.7. In a few minutes we can recover the state of Grain v1, Grain-128 and Grain-128a with as little as 10, 4 and 10 faults respectively (and may be improved further with more computational efforts). While the existing differential fault attacks consider injection of faults either in the LFSR or in the NFSR, our approach can take care of the situation when the faults are injected in any or both of them.Proceedings Title
Workshop on Cryptographic Hardware and Embedded Systems 2013 (CHES 2013)
Conference Dates
August 18-22, 2013
Conference Location
Santa Barbara, CA
Pub Type
Conferences
Keywords
Differential Fault Attacks, Grain v1, Grain-128, Grain-128a, LFSR, NFSR, SAT Solver, Stream Cipher
Citation
Created August 22, 2013, Updated June 2, 2021