Efficient Persistent Fault Analysis with Small Number of Chosen Plaintexts
In 2018, Zhang et al. introduced the Persistent Fault Analysis (PFA) for the first time, which uses statistical features of ciphertexts caused by faulty Sbox to recover the key of block ciphers. However, for most of the variants of PFA, the prior knowledge of the fault (location and value) is requi...
Main Authors: | , , , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Ruhr-Universität Bochum
2023-03-01
|
Series: | Transactions on Cryptographic Hardware and Embedded Systems |
Subjects: | |
Online Access: | https://tches.iacr.org/index.php/TCHES/article/view/10292 |
_version_ | 1811158053306761216 |
---|---|
author | Fan Zhang Run Huang Tianxiang Feng Xue Gong Yulong Tao Kui Ren Xinjie Zhao Shize Guo |
author_facet | Fan Zhang Run Huang Tianxiang Feng Xue Gong Yulong Tao Kui Ren Xinjie Zhao Shize Guo |
author_sort | Fan Zhang |
collection | DOAJ |
description |
In 2018, Zhang et al. introduced the Persistent Fault Analysis (PFA) for the first time, which uses statistical features of ciphertexts caused by faulty Sbox to recover the key of block ciphers. However, for most of the variants of PFA, the prior knowledge of the fault (location and value) is required, where the corresponding analysis will get more difficult under the scenario of multiple faults. To bypass such perquisite and improve the analysis efficiency for multiple faults, we propose Chosen-Plaintext based Persistent Fault Analysis (CPPFA). CPPFA introduces chosen-plaintext to facilitate PFA and can reduce the key search space of AES-128 to extremely small. Our proposal requires 256 ciphertexts, while previous state-of-the-art work still requires 1509 and 1448 ciphertexts under 8 and 16 faults, respectively, at the only cost of requiring 256 chosen plaintexts. In particular, CPPFA can be applied to the multiple faults scenarios where all fault locations, values and quantity are unknown, and the worst time complexity of CPPFA is O(28+nf ) for AES-128, where nf represents the number of faults. The experimental results show that when nf > 4, 256 pairs of plaintext-ciphertext can recover the master key of AES-128. As for LED-64, only 16 pairs of plaintext-ciphertext reduce the remaining key search space to 210.
|
first_indexed | 2024-04-10T05:17:48Z |
format | Article |
id | doaj.art-18a46bc7e24a4cd0a388b4efb046fa70 |
institution | Directory Open Access Journal |
issn | 2569-2925 |
language | English |
last_indexed | 2024-04-10T05:17:48Z |
publishDate | 2023-03-01 |
publisher | Ruhr-Universität Bochum |
record_format | Article |
series | Transactions on Cryptographic Hardware and Embedded Systems |
spelling | doaj.art-18a46bc7e24a4cd0a388b4efb046fa702023-03-08T15:37:30ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252023-03-012023210.46586/tches.v2023.i2.519-542Efficient Persistent Fault Analysis with Small Number of Chosen PlaintextsFan Zhang0Run Huang1Tianxiang Feng2Xue Gong3Yulong Tao4Kui Ren5Xinjie Zhao6Shize Guo7School of Cyber Science and Technology, College of Computer Science and Technology, Zhejiang University, Hangzhou, China, 310027; Alibaba-Zhejiang University Joint Research Institute of Frontier Technologies, Hangzhou, China, 310027School of Cyber Science and Technology, College of Computer Science and Technology, Zhejiang University, Hangzhou, China, 310027; Key Laboratory of Blockchain and Cyberspace Governance of Zhejiang Province, Hangzhou, China, 310027School of Cyber Science and Technology, College of Computer Science and Technology, Zhejiang University, Hangzhou, China, 310027; Alibaba-Zhejiang University Joint Research Institute of Frontier Technologies, Hangzhou, China, 310027School of Cyber Science and Technology, College of Computer Science and Technology, Zhejiang University, Hangzhou, China, 310027Shanghai Institute of Satellite Engineering, Shanghai, China, 201109School of Cyber Science and Technology, College of Computer Science and Technology, Zhejiang University, Hangzhou, China, 310027Henan Province Key Laboratory of Cyberspace Situation Awareness, Zhengzhou, China, 450001; School of Cyber Science and Technology, College of Computer Science and Technology, Zhejiang University, Hangzhou, China, 310027School of Cyber Science and Technology, College of Computer Science and Technology, Zhejiang University, Hangzhou, China, 310027 In 2018, Zhang et al. introduced the Persistent Fault Analysis (PFA) for the first time, which uses statistical features of ciphertexts caused by faulty Sbox to recover the key of block ciphers. However, for most of the variants of PFA, the prior knowledge of the fault (location and value) is required, where the corresponding analysis will get more difficult under the scenario of multiple faults. To bypass such perquisite and improve the analysis efficiency for multiple faults, we propose Chosen-Plaintext based Persistent Fault Analysis (CPPFA). CPPFA introduces chosen-plaintext to facilitate PFA and can reduce the key search space of AES-128 to extremely small. Our proposal requires 256 ciphertexts, while previous state-of-the-art work still requires 1509 and 1448 ciphertexts under 8 and 16 faults, respectively, at the only cost of requiring 256 chosen plaintexts. In particular, CPPFA can be applied to the multiple faults scenarios where all fault locations, values and quantity are unknown, and the worst time complexity of CPPFA is O(28+nf ) for AES-128, where nf represents the number of faults. The experimental results show that when nf > 4, 256 pairs of plaintext-ciphertext can recover the master key of AES-128. As for LED-64, only 16 pairs of plaintext-ciphertext reduce the remaining key search space to 210. https://tches.iacr.org/index.php/TCHES/article/view/10292Fault AttackPersistent Fault AnalysisMultiple FaultsAESLED |
spellingShingle | Fan Zhang Run Huang Tianxiang Feng Xue Gong Yulong Tao Kui Ren Xinjie Zhao Shize Guo Efficient Persistent Fault Analysis with Small Number of Chosen Plaintexts Transactions on Cryptographic Hardware and Embedded Systems Fault Attack Persistent Fault Analysis Multiple Faults AES LED |
title | Efficient Persistent Fault Analysis with Small Number of Chosen Plaintexts |
title_full | Efficient Persistent Fault Analysis with Small Number of Chosen Plaintexts |
title_fullStr | Efficient Persistent Fault Analysis with Small Number of Chosen Plaintexts |
title_full_unstemmed | Efficient Persistent Fault Analysis with Small Number of Chosen Plaintexts |
title_short | Efficient Persistent Fault Analysis with Small Number of Chosen Plaintexts |
title_sort | efficient persistent fault analysis with small number of chosen plaintexts |
topic | Fault Attack Persistent Fault Analysis Multiple Faults AES LED |
url | https://tches.iacr.org/index.php/TCHES/article/view/10292 |
work_keys_str_mv | AT fanzhang efficientpersistentfaultanalysiswithsmallnumberofchosenplaintexts AT runhuang efficientpersistentfaultanalysiswithsmallnumberofchosenplaintexts AT tianxiangfeng efficientpersistentfaultanalysiswithsmallnumberofchosenplaintexts AT xuegong efficientpersistentfaultanalysiswithsmallnumberofchosenplaintexts AT yulongtao efficientpersistentfaultanalysiswithsmallnumberofchosenplaintexts AT kuiren efficientpersistentfaultanalysiswithsmallnumberofchosenplaintexts AT xinjiezhao efficientpersistentfaultanalysiswithsmallnumberofchosenplaintexts AT shizeguo efficientpersistentfaultanalysiswithsmallnumberofchosenplaintexts |