Differential Fault Analysis (DFA) attack is a powerful cryptanalytic
technique that could be used to retrieve the secret key by
exploiting computational errors in the encryption (decryption) procedure. In the present paper, we propose a new DFA attack on SMS4 using a single fault. We show that if a random byte fault is induced into either the second, third, or fourth word register at the input of the $28$-th round, the 128-bit master key could be recovered with an exhaustive search of $22.11$ bits on average. The proposed attack makes use of the characteristic of the cipher\u27s structure, the speciality of the diffusion layer, and the differential property of the S-box. Furthermore, it can be tailored to any block cipher
employing a similar structure and an SPN-style round function as that of SMS4

Bing Sun

Chao Li

Jianxiong You

Ruilin Li

Cryptology ePrint Archive

Differential Fault Analysis on SMS4 Using a Single Fault

Abstract. Differential Fault Analysis (DFA) attack is a powerful cryptanalytic technique that could be used to retrieve the secret key by exploiting computational errors in the encryption (decryption) procedure. In the present paper, we propose a new DFA attack on SMS4 using a single fault. We show that if a random byte fault is induced into either the second, third, or fourth word register at the input of the 28-th round, the 128-bit master key could be recovered with an exhaustive search of 22.11 bits on average. The proposed attack makes use of the characteristic of the cipher’s structure, the speciality of the diffusion layer, and the differential property of the S-box. Furthermore, it can be tailored to any block cipher employing a similar structure and an SPN-style round function as that of SMS4

Differential Fault Analysis on SMS4 Using a Single Fault

Abstract

Similar works

Full text

Available Versions

Cryptology ePrint Archive

CiteSeerX