Differential Fault Attack on Kreyvium FLIP
Article Type
Research Article
Publication Title
IEEE Transactions on Computers
Abstract
In this article, we propose key recovery attack on two stream ciphers: Kreyvium and FLIP$_{530}(42,128,360)$530(42,128,360) using Differential Fault Attack (DFA) technique. These two ciphers are being used in Fully Homomorphic Encryption (FHE) due to their low error growth during keystream generation. Kreyvium is an NFSR-based stream cipher and FLIP is a permutation-based stream cipher. We first show that the complete state of the Kreyvium can be recovered by injecting 3 faults and considering 450 many keystream bits. In case of FLIP, we show that if there is a 1-bit fault in the state of the cipher then from 9000 normal and faulty keystream bits the state (i.e., the secret key) of the cipher can be recovered. For single bit fault, one will require to solve a system of equations for each 530 possible fault locations to recover the correct key of FLIP. To the best of our knowledge, this is the first article which analyzes the security of these two FHE supported stream ciphers under DFA and it has been observed that DFA completely reveals the secret keys of these two ciphers with very minimal faults.
First Page
2161
Last Page
2167
DOI
10.1109/TC.2020.3038236
Publication Date
12-1-2021
Recommended Citation
Roy, Dibyendu; Bathe, Bhagwan; and Maitra, Subhamoy, "Differential Fault Attack on Kreyvium FLIP" (2021). Journal Articles. 1708.
https://digitalcommons.isical.ac.in/journal-articles/1708