Internal differential fault analysis of parallelizable ciphers in the counter-mode

摘要

In Saha and Chowdhury (Cryptographic hardware and embedded systems-CHES 2016-18th international conference, Santa Barbara, CA, USA, August 17-19, 2016, Proceedings, 2016) the concept of fault analysis using internal differentials within a cipher was introduced and used to overcome the nonce barrier of conventional differential fault analysis with a demonstration on authenticated cipher PAEQ. However, the attack had a limitation with regard to the fault model which restricted one of the faults to be injected in the last byte of the counter. This in turn also required the message size to be fixed at 255 complete blocks. In this work, we overcome these limitations by extending the concept in a more general setting. In particular, we look at the concept of Fault-Quartets which is central to these kind of fault-based attacks. We theorize the relation of the fault model with the message size which forms an important aspect as regards the complexity of internal differential fault analysis (IDFA). Our findings reveal that the fault model undertaken while targeting the counter can be relaxed at the expense of an exponentially larger message size. Interestingly, the algorithm for finding a Fault-Quartet still remains linear. This in turns implies that in case of PAEQ the time complexities of the IDFA attack reported remain unaffected. The internal differential fault attack is able to uniquely retrieve the key of three versions of full-round PAEQ of key sizes 64, 80 and 128 bits with complexities of about 2~(16), 2~(16) and 2~(50), respectively.