Conference paper
Cryptanalysis of Two Fault Countermeasure Schemes
In this paper, we look at two fault countermeasure schemes proposed very recently in literature. The first proposed in ACISP 2015 constructs a transformation function using a cellular automata based linear diffusion, and a non-linear layer using a series of bent functions. This countermeasure is meant for the protection of block ciphers like AES.
The second countermeasure was proposed in IEEE-HOST 2015 and protects the Grain-128 stream cipher. The design divides the output function used in Grain-128 into two components. The first called the masking function, masks the input bits to the output function with some additional randomness and computes the value of the function.
The second called the unmasking function, is computed securely using a different register and undoes the effect of the masking with random bits. We will show that there exists a weakness in the way in which both these schemes use the internally generated random bits which make these designs vulnerable.
We will outline attacks that cryptanalyze the above schemes using 66 and 512 faults respectively.
Language: | English |
---|---|
Year: | 2015 |
Pages: | 241-252 |
Proceedings: | 16th International Conference on Cryptology in IndiaInternational Conference in Cryptology in India |
Series: | Lecture Notes in Computer Science |
Journal subtitle: | Proceedings of the 16th International Conference on Cryptology in India |
ISBN: | 3319266160 , 3319266179 , 9783319266169 and 9783319266176 |
ISSN: | 03029743 |
Types: | Conference paper |
DOI: | 10.1007/978-3-319-26617-6_13 |
ORCIDs: | Banik, Subhadeep and Bogdanov, Andrey |