Differential Fault Attack on Kreyvium FLIP

Article Type

Research Article

Publication Title

IEEE Transactions on Computers

Abstract

In this article, we propose key recovery attack on two stream ciphers: Kreyvium and FLIP$_{530}(42,128,360)$530(42,128,360) using Differential Fault Attack (DFA) technique. These two ciphers are being used in Fully Homomorphic Encryption (FHE) due to their low error growth during keystream generation. Kreyvium is an NFSR-based stream cipher and FLIP is a permutation-based stream cipher. We first show that the complete state of the Kreyvium can be recovered by injecting 3 faults and considering 450 many keystream bits. In case of FLIP, we show that if there is a 1-bit fault in the state of the cipher then from 9000 normal and faulty keystream bits the state (i.e., the secret key) of the cipher can be recovered. For single bit fault, one will require to solve a system of equations for each 530 possible fault locations to recover the correct key of FLIP. To the best of our knowledge, this is the first article which analyzes the security of these two FHE supported stream ciphers under DFA and it has been observed that DFA completely reveals the secret keys of these two ciphers with very minimal faults.

First Page

2161

Last Page

2167

DOI

10.1109/TC.2020.3038236

Publication Date

12-1-2021

This document is currently not available here.

Share

COinS