Differential Fault Attack on Kreyvium FLIP

Article Type

Research Article

Publication Title

IEEE Transactions on Computers


In this article, we propose key recovery attack on two stream ciphers: Kreyvium and FLIP$_{530}(42,128,360)$530(42,128,360) using Differential Fault Attack (DFA) technique. These two ciphers are being used in Fully Homomorphic Encryption (FHE) due to their low error growth during keystream generation. Kreyvium is an NFSR-based stream cipher and FLIP is a permutation-based stream cipher. We first show that the complete state of the Kreyvium can be recovered by injecting 3 faults and considering 450 many keystream bits. In case of FLIP, we show that if there is a 1-bit fault in the state of the cipher then from 9000 normal and faulty keystream bits the state (i.e., the secret key) of the cipher can be recovered. For single bit fault, one will require to solve a system of equations for each 530 possible fault locations to recover the correct key of FLIP. To the best of our knowledge, this is the first article which analyzes the security of these two FHE supported stream ciphers under DFA and it has been observed that DFA completely reveals the secret keys of these two ciphers with very minimal faults.

First Page


Last Page




Publication Date


This document is currently not available here.