Differential Random Fault Attacks on certain CAESAR Stream Ciphers (Supplementary Material)

This document contains supplementary material to the paper with the same title available from the proceedings of the International Conference on Information Security and Cryptology (ICISC) 2019. In this supplementary material, we demonstrate that the random fault attack strategy described in the full paper can be applied to ciphers in the MORUS family, resulting in partial state recovery for these ciphers

Differential random fault attacks on certain CAESAR stream ciphers

We show that a particular class of stream ciphers - namely those in which the output function contains a bitwise AND operation - are susceptible to a differential fault attack using random faults. Several finalists and other candidates from the recent CAESAR competition fall into this category, including the AEGIS variants, Tiaoxin and the MORUS family. Attack outcomes range from key or full state recovery for Tiaoxin, to full state recovery for the AEGIS family and partial state recovery for MORUS. We present attack requirements and success probabilities on these ciphers, along with design considerations to mitigate against this attack