Differential Fault Analysis of SHA3-224 and SHA3-256

The security of SHA-3 against different kinds of attacks are of vital importance for crypto systems with SHA-3 as the security engine. In this paper, we look into the differential fault analysis of SHA-3, and this is the first work to conquer SHA3-224 and SHA3-256 using differential fault analysis. Comparing with one existing related work, we relax the fault models and make them realistic for different implementation architectures. We analyze fault propagation in SHA-3 under such single-byte fault models, and propose to use fault signatures at the observed output for analysis and secret retrieval. Results show that the proposed method can effectively identify the injected single-byte faults, and then recover the whole internal state of the input of last round $\chi$ operation ($\chi^{22}_i$) for both SHA3-224 and SHA3-256

Differential Fault Analysis of SHA-3 under Relaxed Fault Models

Keccak-based algorithms such as Secure Hash Algorithm-3 (SHA-3) will be widely used in crypto systems, and evaluating their security against different kinds of attacks is vitally important. This paper presents an efficient differential fault analysis (DFA) method on all four modes of SHA-3 to recover an entire internal state, which leads to message recovery in the regular hashing mode and key retrieval in the message authentication code (MAC) mode. We adopt relaxed fault models in this paper, assuming the attacker can inject random single-byte faults into the penultimate round input of SHA-3. We also propose algorithms to find the lower bound on the number of fault injections needed to recover an entire internal state for the proposed attacks. Results show that on average the attacker needs about 120 random faults to recover an internal state, while he needs 17 faults at best if he has control of the faults injected. The proposed attack method is further extended for systems with input messages longer than the bitrate

Algebraic Fault Analysis of SHA-3

This paper presents an efficient algebraic fault analysis on all four modes of SHA-3 under relaxed fault models. This is the first work to apply algebraic techniques on fault analysis of SHA-3. Results show that algebraic fault analysis on SHA-3 is very efficient and effective due to the clear algebraic properties of Keccak operations. Comparing with previous work on differential fault analysis of SHA-3, algebraic fault analysis can identify the injected faults with much higher rates, and recover an entire internal state of the penultimate round with much fewer fault injections

A Configurable Crystals-Kyber Hardware Implementation with Side-Channel Protection

In this work, we present a configurable and side channel resistant implementation of the post-quantum key-exchange algorithm Crystals-Kyber. The implemented design can be configured for different performance and area requirements leading to different trade-offs for different applications. A low area implementation can be achieved in 5269 LUTs and 2422 FFs, whereas a high performance implementation required 7151 LUTs and 3730 FFs. Due to a deeply pipelined architecture, a high operating speed of more than 250 MHz could be achieved on 28nm Xilinx FPGAs. The side channel resistance is implemented using a carefully chosen set of techniques resulting in a low overhead of less than 5%. To the best of our knowledge, this work presents the first side-channel attack protected configurable accelerator for Crystals-Kyber. Furthermore, one of the configuration choices results in the smallest hardware implementation of Crystals-Kyber known in literature

Lightweight protection of cryptographic hardware accelerators against differential fault analysis

© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Hardware acceleration circuits for cryptographic algorithms are largely deployed in a wide range of products. The HW implementations of such algorithms often suffer from a number of vulnerabilities that expose systems to several attacks, e.g., differential fault analysis (DFA). The challenge for designers is to protect cryptographic accelerators in a cost-effective and power-efficient way. In this paper, we propose a lightweight technique for protecting hardware accelerators implementing AES and SHA-2 (which are two widely used NIST standards) against DFA. The proposed technique exploits partial redundancy to first detect the occurrence of a fault and then to react to the attack by obfuscating the output values. An experimental campaign demonstrated that the overhead introduced is 8.32% for AES and 3.88% for SHA-2 in terms of area, 0.81% for AES and 12.31% for SHA-2 in terms of power with no working frequency reduction. Moreover, a comparative analysis showed that our proposal outperforms the most recent related countermeasures.Peer ReviewedPostprint (author's final draft

Overview of blockchain technology cryptographic security

This thesis work is aimed at developing understanding of the hash functions and algorithms being used in blockchain technologies Bitcoin in comparison to Ethereum and private blockchain hash functions. This study attempts to answer one fundamental research question: “What considerations are important in assessing blockchain cryptographic security, with an emphasis on hash functions”. The study was carried out qualitatively using a desk research approach and combining this approach with using two public blockchains-based cryptocurrencies; Ethereum and Bitcoin as case studies. The research aims to provide a holistic view of blockchain cryptographic security comparing Bitcoin and Ethereum as use cases, and thus providing a consolidated document which students studying cryptography can access to obtain a better understanding of what is involved in blockchain security. From an academic perspective, the research aims at providing a model which can be used in assessing what is important to consider in the cryptographic security of blockchains. Three main categories of factors considered were presented in the proposed model which were strategical factors, complexity attributes and technical drivers. This results in a base crucial metrics such as absence of secret seeds, efficiency of verification, preimage collision resistance, fixed output size, low collision probability, and even distribution of preimages in output

A Single-Trace Message Recovery Attack on a Masked and Shuffled Implementation of CRYSTALS-Kyber

Last year CRYSTALS-Kyber was chosen by NIST as a new, post-quantum secure key encapsulation mechanism to be standardized. This makes it important to assess the resistance of CRYSTALS-Kyber implementations to physical attacks. Pure side-channel attacks on post-quantum cryptographic algorithms have already been well-explored. In this paper, we present an attack on a masked and shuffled software implementation of CRYSTALS-Kyber that combines fault injection with side-channel analysis. First, a voltage fault injection is performed to bypass the shuffling. We found settings that consistently glitch the desired instructions without crashing the device. After the successful fault injection, a deep learning-assisted profiled power analysis based on the Hamming weight leakage model is used to recover the message (shared key). We propose a partial key enumeration method that allows us to significantly increase the success rate of message recovery (from 0.122 without enumeration to 0.887 with 32 enumerated bits)

Journal of Telecommunications and Information Technology, 2019, nr 1

kwartalni