Proceedings ArticleDOI
Differential Fault Analysis on Grøstl
Wieland Fischer,Christian A. Reuter +1 more
- pp 44-54
TLDR
A DFA on Grøstl-256, a hash algorithm that imitates the main structures of AES, is presented, able to completely recover the whole input message using a one-bit and a random-byte fault model.Abstract:
This paper presents a DFA on Gr{\o}stl-256, a hash algorithm that imitates the main structures of AES. Although our attack is inspired by the classical fault attacks on AES these could not be adapted directly. The attack is able to completely recover the whole input message using a one-bit and a random-byte fault model. It needs 16 errors to invert the output transformation $\Omega_n$ and on average 280 errors for each compression step. When Gr{\o}stl is used in a keyed hash function like HMAC, this attack is able to retrieve the secret key from about 300 faulty outputs in less than three minutes.read more
Citations
More filters
Posted Content
Recomputing with Permuted Operands: A Concurrent Error Detection Approach.
Xiaofei Guo,Ramesh Karri +1 more
TL;DR: In this article, a concurrent error detection (CED) technique called Recomputing with Permuted Operands (REPO) is proposed to detect single-bit and singlebyte faults.
Book ChapterDOI
Differential Fault Analysis of SHA-3
TL;DR: This attack can recover the internal state of two versions of SHA-3 namely, SHA3-512 andSHA3-384 and can be used to forge MAC's which are using these versions ofSHA-3.
Proceedings ArticleDOI
Differential Fault Analysis of SHA3-224 and SHA3-256
TL;DR: This is the first work to conquer SHA3-224 andSHA3-256 using differential fault analysis, and it is proposed to use fault signatures at the observed output for analysis and secret retrieval.
Book ChapterDOI
Differential Fault Analysis of Streebog
Riham AlTawy,Amr M. Youssef +1 more
TL;DR: This paper presents a fault analysis attack on the Streebog hash function and shows that the attack can be extended to the iterated hash function using a feasible pre-computation stage and can be used to recover the secret key of HMAC/NMAC-GOST.
Journal ArticleDOI
Impossible Differential Fault Analysis on the LED Lightweight Cryptosystem in the Vehicular Ad-Hoc Networks
TL;DR: In this paper, a half-byte impossible differential fault analysis of the last three rounds of the LED key-set was presented, showing that the attack could recover the 64-bit and 128-bit secret keys by introducing 48 faults and 96 faults in average, respectively.
References
More filters
Book ChapterDOI
Differential Fault Analysis of Secret Key Cryptosystems
Eli Biham,Adi Shamir +1 more
TL;DR: This work states that this attack is applicable only to public key cryptosystems such as RSA, and not to secret key algorithms such as the Data Encryption Standard (DES).
Book
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
TL;DR: In this paper, the authors present a comprehensive treatment of power analysis attacks and countermeasures, based on the principle that the only way to defend against such attacks is to understand them.
Proceedings Article
On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract).
TL;DR: A sound pressure level meter adapted for use in monitoring noise levels, particularly for use by law enforcement agencies wherein the device includes means for providing a logarithmic indication of the root mean square value of ambient sound pressure levels.
Book ChapterDOI
On the importance of checking cryptographic protocols for faults
TL;DR: In this article, the authors present a theoretical model for breaking various cryptographic schemes by taking advantage of random hardware faults, including RSA and Rabin signatures, and also show how various authentication protocols, such as Fiat-Shamir and Schnorr, can be broken using hardware faults.
Book
Power Analysis Attacks: Revealing the Secrets of Smart Cards
TL;DR: This volume explains how power analysis attacks work and provides an extensive discussion of countermeasures like shuffling, masking, and DPA-resistant logic styles to decide how to protect smart cards.