International Association for Cryptologic Research (IACR)
Doi
Abstract
Differential Fault Analysis (DFA) attack is a powerful cryptanalytic
technique that could be used to retrieve the secret key by
exploiting computational errors in the encryption (decryption) procedure. In the present paper, we propose a new DFA attack on SMS4 using a single fault. We show that if a random byte fault is induced into either the second, third, or fourth word register at the input of the 28-th round, the 128-bit master key could be recovered with an exhaustive search of 22.11 bits on average. The proposed attack makes use of the characteristic of the cipher\u27s structure, the speciality of the diffusion layer, and the differential property of the S-box. Furthermore, it can be tailored to any block cipher
employing a similar structure and an SPN-style round function as that of SMS4