Practical fault attacks on minalpher: How to recover key with minimum faults?
Document Type
Conference Article
Publication Title
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Abstract
This work presents two differential fault attacks (or DFA) on Minalpher, a second round CAESAR candidate under practical fault model with as few faults as possible. Minalpher uses a new primitive called tweakable Even-Mansour, based on a permutation-based block-cipher proposed by Even and Mansour and to the best of our knowledge, no practical DFA has yet been reported on it. In the first DFA, only two random faults have been injected on two consecutive 4-bit nibbles (i.e. within total 8 bits) of a specific internal state. We show that (i) if both the faults are injected at the same nibble the key-space for the intermediate key can be reduced significantly from 2 256 to 2 32 and (ii) if the faults are injected at different positions, the key-space for the intermediate key can be reduced further to only 2 16. In the second DFA, we first consider two faults into a single nibble, which reduces the keyspace from 2 256 to 2 48. Moreover, we show that one additional fault (i.e. total three faults) helps to reduce the key-space significantly to 2 8. We can compute the correct intermediate key by observing a few more plain-text, cipher-text pairs, which helps in computing valid cipher-text, tag pairs for any message and associated data under a fixed nonce.
First Page
111
Last Page
132
DOI
10.1007/978-3-319-71501-8_7
Publication Date
1-1-2017
Recommended Citation
Chakraborti, Avik; Datta, Nilanjan; and Nandi, Mridul, "Practical fault attacks on minalpher: How to recover key with minimum faults?" (2017). Conference Articles. 298.
https://digitalcommons.isical.ac.in/conf-articles/298