{"title":"A Statistical Fault Analysis Methodology for the Ascon Authenticated Cipher","authors":"Keyvan Ramezanpour, P. Ampadu, William Diehl","doi":"10.1109/HST.2019.8741029","DOIUrl":null,"url":null,"abstract":"Authenticated ciphers are trending in secret key cryptography, since they combine confidentiality, integrity, and authentication into one algorithm, and offer potential efficiencies over the use of separate block ciphers and keyed hashes. Current cryptographic contests and standardization efforts are evaluating authenticated ciphers for weaknesses, to include implementation vulnerabilities, such as fault attacks. In this paper, we analyze fault attacks against the Ascon authenticated cipher, which was selected by CAESAR as the first choice for the lightweight use case. We propose a fault attack technique based on statistical ineffective fault analysis (SIFA) using double-fault injection and key dividing. Faults are injected at two selected S-boxes for every encryption during the last round of permutation in the Ascon Finalization stage. The correct tag values, resulting from ineffective fault inductions, are then used to analyze key hypotheses. The complexity of our attack method is a trade-off between the size of key hypothesis search space and the number of double-fault injections. The sufficient number of correct tag values needed to recover a key subset depends on the bias of fault distributions. We perform experiments on a software implementation of Ascon to show that between 12.5 to 2500 correct tag values (i.e., ineffective faults) are enough for key recovery for highly biased to more uniform fault distributions, respectively.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2019.8741029","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 19
Abstract
Authenticated ciphers are trending in secret key cryptography, since they combine confidentiality, integrity, and authentication into one algorithm, and offer potential efficiencies over the use of separate block ciphers and keyed hashes. Current cryptographic contests and standardization efforts are evaluating authenticated ciphers for weaknesses, to include implementation vulnerabilities, such as fault attacks. In this paper, we analyze fault attacks against the Ascon authenticated cipher, which was selected by CAESAR as the first choice for the lightweight use case. We propose a fault attack technique based on statistical ineffective fault analysis (SIFA) using double-fault injection and key dividing. Faults are injected at two selected S-boxes for every encryption during the last round of permutation in the Ascon Finalization stage. The correct tag values, resulting from ineffective fault inductions, are then used to analyze key hypotheses. The complexity of our attack method is a trade-off between the size of key hypothesis search space and the number of double-fault injections. The sufficient number of correct tag values needed to recover a key subset depends on the bias of fault distributions. We perform experiments on a software implementation of Ascon to show that between 12.5 to 2500 correct tag values (i.e., ineffective faults) are enough for key recovery for highly biased to more uniform fault distributions, respectively.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
