Random Differential Fault Attacks on the Lightweight Authenticated Encryption Stream Cipher Grain-128AEAD

Grain-128AEAD is a lightweight authenticated encryption stream cipher and one of the finalists in the National Institute of Standards and Technology (NIST) Lightweight Cryptography (LWC) project. This paper provides an independent third-party analysis of Grain-128AEAD against fault attacks. We inves...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE access 2021, Vol.9, p.72568-72586
Hauptverfasser:	Salam, Iftekhar, Ooi, Thian Hooi, Xue, Luxin, Yau, Wei-Chuen, Pieprzyk, Josef, Phan, Raphael C.-W.
Format:	Artikel
Sprache:	eng
Schlagworte:	Algorithms Authenticated encryption Ciphers Complexity Cryptography differential fault attack Encryption Grain-128AEAD Lightweight lightweight cryptography NIST Probabilistic logic random fault Registers Security Side-channel attacks stream cipher
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	72586
container_issue
container_start_page	72568
container_title	IEEE access
container_volume	9
creator	Salam, Iftekhar Ooi, Thian Hooi Xue, Luxin Yau, Wei-Chuen Pieprzyk, Josef Phan, Raphael C.-W.
description	Grain-128AEAD is a lightweight authenticated encryption stream cipher and one of the finalists in the National Institute of Standards and Technology (NIST) Lightweight Cryptography (LWC) project. This paper provides an independent third-party analysis of Grain-128AEAD against fault attacks. We investigate the application of three differential fault attack models on Grain-128AEAD. All these attacks can recover the initial state of Grain-128AEAD. First, we demonstrate an attack using a bit-flipping fault that requires access to 2 7.80 faulty outputs to recover the initial state. Then, we demonstrate an attack with a more relaxed assumption of a random fault with a probabilistic approach. Our probabilistic random fault attack requires access to 2 11.60 faulty outputs and 2 10.45 fault injections to recover the initial state with a success rate over 99%. Both of the above two attacks are based on precise control on the fault target. Finally, we apply a random fault attack with a deterministic approach (can conclusively determine the random fault value) and using different precision controls. For the precise control, we use existing approaches that have been applied to other ciphers, such as Tiaoxin-346. We also propose a technique for less stringent precision models, such as moderate control and no control, which are more practical than the precise control. Our result indicates that the deterministic random fault attack with a precise control requires an average of 2 7.64 fault injections and a data complexity of 2 8.80 . The deterministic random fault attack with moderate control requires a weak assumption on the fault injection and hence, is the best attack presented in this paper; and is expected to require about 2 9.39 fault injections with a data complexity of about 2 12.98 . All the attacks discussed in this paper are verified experimentally.
doi_str_mv	10.1109/ACCESS.2021.3078845
format	Article
fullrecord	<record><control><sourceid>proquest_doaj_</sourceid><recordid>TN_cdi_proquest_journals_2528945951</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9427122</ieee_id><doaj_id>oai_doaj_org_article_30e6f612281343b784b01b1b1261a7d6</doaj_id><sourcerecordid>2528945951</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-51518b791a68750aef03691cdaf25e2607cfcab22cd21016c5a3cc0c9da53cac3</originalsourceid><addsrcrecordid>eNpNUV1r4zAQNKUHLb3-gr4I7tmpVrJk-dG46QcEDpres1jL60a5xM7JCkf_fZW6lGpBWoaZ0cBk2Q3wBQCvbuumWa7XC8EFLCQvjSnUWXYpQFe5VFKff9svsutp2vJ0TIJUeZn5Zxy6cc_ufN9ToCF63LF7PO4iq2NE93di48DihtjKv27ifzrdrD4mJHEdRurYcnDh7RB9Iq5jINyzxh82FNhDQD_kIEy9rO9-Zj963E10_fleZX_uly_NY776_fDU1KvcFdzEXIEC05YVoDal4kg9l7oC12EvFAnNS9c7bIVwnQAO2imUznFXdaikQyevsqfZtxtxaw_B7zG82RG9_QDG8GoxpOg7spKT7jUIYUAWsi1N0XJo0wgNWHY6ef2avQ5h_HekKdrteAxDim-FEqYqVKUgseTMcmGcpkD916_A7akiO1dkTxXZz4qS6mZWeSL6UlSFKFMg-Q6EEoue</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2528945951</pqid></control><display><type>article</type><title>Random Differential Fault Attacks on the Lightweight Authenticated Encryption Stream Cipher Grain-128AEAD</title><source>DOAJ Directory of Open Access Journals</source><source>EZB-FREE-00999 freely available EZB journals</source><source>IEEE Xplore Open Access Journals</source><creator>Salam, Iftekhar ; Ooi, Thian Hooi ; Xue, Luxin ; Yau, Wei-Chuen ; Pieprzyk, Josef ; Phan, Raphael C.-W.</creator><creatorcontrib>Salam, Iftekhar ; Ooi, Thian Hooi ; Xue, Luxin ; Yau, Wei-Chuen ; Pieprzyk, Josef ; Phan, Raphael C.-W.</creatorcontrib><description>Grain-128AEAD is a lightweight authenticated encryption stream cipher and one of the finalists in the National Institute of Standards and Technology (NIST) Lightweight Cryptography (LWC) project. This paper provides an independent third-party analysis of Grain-128AEAD against fault attacks. We investigate the application of three differential fault attack models on Grain-128AEAD. All these attacks can recover the initial state of Grain-128AEAD. First, we demonstrate an attack using a bit-flipping fault that requires access to 2 7.80 faulty outputs to recover the initial state. Then, we demonstrate an attack with a more relaxed assumption of a random fault with a probabilistic approach. Our probabilistic random fault attack requires access to 2 11.60 faulty outputs and 2 10.45 fault injections to recover the initial state with a success rate over 99%. Both of the above two attacks are based on precise control on the fault target. Finally, we apply a random fault attack with a deterministic approach (can conclusively determine the random fault value) and using different precision controls. For the precise control, we use existing approaches that have been applied to other ciphers, such as Tiaoxin-346. We also propose a technique for less stringent precision models, such as moderate control and no control, which are more practical than the precise control. Our result indicates that the deterministic random fault attack with a precise control requires an average of 2 7.64 fault injections and a data complexity of 2 8.80 . The deterministic random fault attack with moderate control requires a weak assumption on the fault injection and hence, is the best attack presented in this paper; and is expected to require about 2 9.39 fault injections with a data complexity of about 2 12.98 . All the attacks discussed in this paper are verified experimentally.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2021.3078845</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Algorithms ; Authenticated encryption ; Ciphers ; Complexity ; Cryptography ; differential fault attack ; Encryption ; Grain-128AEAD ; Lightweight ; lightweight cryptography ; NIST ; Probabilistic logic ; random fault ; Registers ; Security ; Side-channel attacks ; stream cipher</subject><ispartof>IEEE access, 2021, Vol.9, p.72568-72586</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-51518b791a68750aef03691cdaf25e2607cfcab22cd21016c5a3cc0c9da53cac3</citedby><cites>FETCH-LOGICAL-c408t-51518b791a68750aef03691cdaf25e2607cfcab22cd21016c5a3cc0c9da53cac3</cites><orcidid>0000-0003-4059-6358 ; 0000-0001-7448-4595 ; 0000-0003-1395-4623 ; 0000-0002-1917-6466 ; 0000-0002-0009-1809</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9427122$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,864,2102,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Salam, Iftekhar</creatorcontrib><creatorcontrib>Ooi, Thian Hooi</creatorcontrib><creatorcontrib>Xue, Luxin</creatorcontrib><creatorcontrib>Yau, Wei-Chuen</creatorcontrib><creatorcontrib>Pieprzyk, Josef</creatorcontrib><creatorcontrib>Phan, Raphael C.-W.</creatorcontrib><title>Random Differential Fault Attacks on the Lightweight Authenticated Encryption Stream Cipher Grain-128AEAD</title><title>IEEE access</title><addtitle>Access</addtitle><description>Grain-128AEAD is a lightweight authenticated encryption stream cipher and one of the finalists in the National Institute of Standards and Technology (NIST) Lightweight Cryptography (LWC) project. This paper provides an independent third-party analysis of Grain-128AEAD against fault attacks. We investigate the application of three differential fault attack models on Grain-128AEAD. All these attacks can recover the initial state of Grain-128AEAD. First, we demonstrate an attack using a bit-flipping fault that requires access to 2 7.80 faulty outputs to recover the initial state. Then, we demonstrate an attack with a more relaxed assumption of a random fault with a probabilistic approach. Our probabilistic random fault attack requires access to 2 11.60 faulty outputs and 2 10.45 fault injections to recover the initial state with a success rate over 99%. Both of the above two attacks are based on precise control on the fault target. Finally, we apply a random fault attack with a deterministic approach (can conclusively determine the random fault value) and using different precision controls. For the precise control, we use existing approaches that have been applied to other ciphers, such as Tiaoxin-346. We also propose a technique for less stringent precision models, such as moderate control and no control, which are more practical than the precise control. Our result indicates that the deterministic random fault attack with a precise control requires an average of 2 7.64 fault injections and a data complexity of 2 8.80 . The deterministic random fault attack with moderate control requires a weak assumption on the fault injection and hence, is the best attack presented in this paper; and is expected to require about 2 9.39 fault injections with a data complexity of about 2 12.98 . All the attacks discussed in this paper are verified experimentally.</description><subject>Algorithms</subject><subject>Authenticated encryption</subject><subject>Ciphers</subject><subject>Complexity</subject><subject>Cryptography</subject><subject>differential fault attack</subject><subject>Encryption</subject><subject>Grain-128AEAD</subject><subject>Lightweight</subject><subject>lightweight cryptography</subject><subject>NIST</subject><subject>Probabilistic logic</subject><subject>random fault</subject><subject>Registers</subject><subject>Security</subject><subject>Side-channel attacks</subject><subject>stream cipher</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUV1r4zAQNKUHLb3-gr4I7tmpVrJk-dG46QcEDpres1jL60a5xM7JCkf_fZW6lGpBWoaZ0cBk2Q3wBQCvbuumWa7XC8EFLCQvjSnUWXYpQFe5VFKff9svsutp2vJ0TIJUeZn5Zxy6cc_ufN9ToCF63LF7PO4iq2NE93di48DihtjKv27ifzrdrD4mJHEdRurYcnDh7RB9Iq5jINyzxh82FNhDQD_kIEy9rO9-Zj963E10_fleZX_uly_NY776_fDU1KvcFdzEXIEC05YVoDal4kg9l7oC12EvFAnNS9c7bIVwnQAO2imUznFXdaikQyevsqfZtxtxaw_B7zG82RG9_QDG8GoxpOg7spKT7jUIYUAWsi1N0XJo0wgNWHY6ef2avQ5h_HekKdrteAxDim-FEqYqVKUgseTMcmGcpkD916_A7akiO1dkTxXZz4qS6mZWeSL6UlSFKFMg-Q6EEoue</recordid><startdate>2021</startdate><enddate>2021</enddate><creator>Salam, Iftekhar</creator><creator>Ooi, Thian Hooi</creator><creator>Xue, Luxin</creator><creator>Yau, Wei-Chuen</creator><creator>Pieprzyk, Josef</creator><creator>Phan, Raphael C.-W.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-4059-6358</orcidid><orcidid>https://orcid.org/0000-0001-7448-4595</orcidid><orcidid>https://orcid.org/0000-0003-1395-4623</orcidid><orcidid>https://orcid.org/0000-0002-1917-6466</orcidid><orcidid>https://orcid.org/0000-0002-0009-1809</orcidid></search><sort><creationdate>2021</creationdate><title>Random Differential Fault Attacks on the Lightweight Authenticated Encryption Stream Cipher Grain-128AEAD</title><author>Salam, Iftekhar ; Ooi, Thian Hooi ; Xue, Luxin ; Yau, Wei-Chuen ; Pieprzyk, Josef ; Phan, Raphael C.-W.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-51518b791a68750aef03691cdaf25e2607cfcab22cd21016c5a3cc0c9da53cac3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Algorithms</topic><topic>Authenticated encryption</topic><topic>Ciphers</topic><topic>Complexity</topic><topic>Cryptography</topic><topic>differential fault attack</topic><topic>Encryption</topic><topic>Grain-128AEAD</topic><topic>Lightweight</topic><topic>lightweight cryptography</topic><topic>NIST</topic><topic>Probabilistic logic</topic><topic>random fault</topic><topic>Registers</topic><topic>Security</topic><topic>Side-channel attacks</topic><topic>stream cipher</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Salam, Iftekhar</creatorcontrib><creatorcontrib>Ooi, Thian Hooi</creatorcontrib><creatorcontrib>Xue, Luxin</creatorcontrib><creatorcontrib>Yau, Wei-Chuen</creatorcontrib><creatorcontrib>Pieprzyk, Josef</creatorcontrib><creatorcontrib>Phan, Raphael C.-W.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Xplore Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Salam, Iftekhar</au><au>Ooi, Thian Hooi</au><au>Xue, Luxin</au><au>Yau, Wei-Chuen</au><au>Pieprzyk, Josef</au><au>Phan, Raphael C.-W.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Random Differential Fault Attacks on the Lightweight Authenticated Encryption Stream Cipher Grain-128AEAD</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2021</date><risdate>2021</risdate><volume>9</volume><spage>72568</spage><epage>72586</epage><pages>72568-72586</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Grain-128AEAD is a lightweight authenticated encryption stream cipher and one of the finalists in the National Institute of Standards and Technology (NIST) Lightweight Cryptography (LWC) project. This paper provides an independent third-party analysis of Grain-128AEAD against fault attacks. We investigate the application of three differential fault attack models on Grain-128AEAD. All these attacks can recover the initial state of Grain-128AEAD. First, we demonstrate an attack using a bit-flipping fault that requires access to 2 7.80 faulty outputs to recover the initial state. Then, we demonstrate an attack with a more relaxed assumption of a random fault with a probabilistic approach. Our probabilistic random fault attack requires access to 2 11.60 faulty outputs and 2 10.45 fault injections to recover the initial state with a success rate over 99%. Both of the above two attacks are based on precise control on the fault target. Finally, we apply a random fault attack with a deterministic approach (can conclusively determine the random fault value) and using different precision controls. For the precise control, we use existing approaches that have been applied to other ciphers, such as Tiaoxin-346. We also propose a technique for less stringent precision models, such as moderate control and no control, which are more practical than the precise control. Our result indicates that the deterministic random fault attack with a precise control requires an average of 2 7.64 fault injections and a data complexity of 2 8.80 . The deterministic random fault attack with moderate control requires a weak assumption on the fault injection and hence, is the best attack presented in this paper; and is expected to require about 2 9.39 fault injections with a data complexity of about 2 12.98 . All the attacks discussed in this paper are verified experimentally.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2021.3078845</doi><tpages>19</tpages><orcidid>https://orcid.org/0000-0003-4059-6358</orcidid><orcidid>https://orcid.org/0000-0001-7448-4595</orcidid><orcidid>https://orcid.org/0000-0003-1395-4623</orcidid><orcidid>https://orcid.org/0000-0002-1917-6466</orcidid><orcidid>https://orcid.org/0000-0002-0009-1809</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2021, Vol.9, p.72568-72586
issn	2169-3536 2169-3536
language	eng
recordid	cdi_proquest_journals_2528945951
source	DOAJ Directory of Open Access Journals; EZB-FREE-00999 freely available EZB journals; IEEE Xplore Open Access Journals
subjects	Algorithms Authenticated encryption Ciphers Complexity Cryptography differential fault attack Encryption Grain-128AEAD Lightweight lightweight cryptography NIST Probabilistic logic random fault Registers Security Side-channel attacks stream cipher
title	Random Differential Fault Attacks on the Lightweight Authenticated Encryption Stream Cipher Grain-128AEAD
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-01T16%3A46%3A24IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_doaj_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Random%20Differential%20Fault%20Attacks%20on%20the%20Lightweight%20Authenticated%20Encryption%20Stream%20Cipher%20Grain-128AEAD&rft.jtitle=IEEE%20access&rft.au=Salam,%20Iftekhar&rft.date=2021&rft.volume=9&rft.spage=72568&rft.epage=72586&rft.pages=72568-72586&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2021.3078845&rft_dat=%3Cproquest_doaj_%3E2528945951%3C/proquest_doaj_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2528945951&rft_id=info:pmid/&rft_ieee_id=9427122&rft_doaj_id=oai_doaj_org_article_30e6f612281343b784b01b1b1261a7d6&rfr_iscdi=true