In this paper we propose Differential Fault Attack (DFA) on two Fully Homomorphic Encryption (FHE) friendly stream ciphers Rasta and . Design criteria of Rasta rely on affine layers and nonlinear layers, whereas  relies on permutations and a nonlinear fil- ter function. Here we show that the secret key of these two ciphers can be recovered by injecting only 1 bit fault in the initial state. Our DFA on full round (# rounds = 6) Rasta with 219 block size requires only one block (i.e., 219 bits) of normal and faulty keystream bits. In the case of our DFA on FiLIP-430 (one instance of ), we need 30000 normal and faulty keystream bits

Kansal, Meenakshi

Meaux, Pierrick

Radheshwar, R.

Roy, Dibyendu

peer reviewedIn this paper we propose Differential Fault Attack (DFA) on two Fully Homomorphic Encryption (FHE) friendly stream ciphers Rasta and . Design criteria of Rasta rely on affine layers and nonlinear layers, whereas  relies on permutations and a nonlinear fil- ter function. Here we show that the secret key of these two ciphers can be recovered by injecting only 1 bit fault in the initial state. Our DFA on full round (# rounds = 6) Rasta with 219 block size requires only one block (i.e., 219 bits) of normal and faulty keystream bits. In the case of our DFA on FiLIP-430 (one instance of ), we need 30000 normal and faulty keystream bits

Open Repository and Bibliography - Luxembourg

Differential Fault Attack on Rasta and FiLIP-DSM

https://orbilu.uni.lu/bitstream/10993/55680/1/2023-322.pdf

Differential Fault Attack on Rasta and FiLIP-DSM

Abstract

Similar works

Full text

Available Versions

Open Repository and Bibliography - Luxembourg