Differential fault attack on AES-based encryption schemes: application to B5G/6G ciphers—Rocca, Rocca-S and AEGIS

Article Type

Research Article

Publication Title

Journal of Cryptographic Engineering

Abstract

The beyond 5G(B5G)/6G eras promise to revolutionize wireless communication with unprecedented speeds. However, ensuring security across hardware and software is a critical challenge. These technologies bridge physical and digital realms, underscoring the need for data protection. This paper delves into the security of ciphers dedicated for use in B5G/6G. We outline a comprehensive strategy for conducting differential fault attacks on Rocca, Rocca-S, and AEGIS. Initially, we demonstrate a fault attack on one AES round, requiring 16 faults in the known fault model. Additionally, we demonstrate that our attack strategy, based on the coupon collector problem, requires 50 faults in the random fault model. Through experimentation, we confirm that injecting 50 faults reduces the state space to 216. In both known and random fault models, Rocca and Rocca-S, with similar designs, exhibit identical attack complexities. Employing our strategy, we reduce the state space to 221.59 and 237.59 with 48 and 150 faults, respectively. The same strategy is also effective against AEGIS, another AES-based encryption system, for internal state recovery. For AEGIS-128 (subsequently for AEGIS-256), using 64 and 200 faults (80 and 250 faults) in the known and random fault model, the internal state space is reduced to 222 and 238 (222.32 and 238.32), respectively. This assessment exposes potential vulnerabilities in these ciphers under nonce-misuse conditions.

First Page

595

Last Page

607

DOI

10.1007/s13389-024-00360-6

Publication Date

11-1-2024

Link to Full Text

Share

COinS