Abstract
In this paper, we present two differential fault analyses on PRESENT-80 which is a lightweight block cipher. The first attack is a basic attack which induces a fault on only one bit of intermediate states, and we can obtain the last subkey of the block cipher, given 48 faulty cipher texts on average. The second attack can retrieve the master key of the block cipher, given 18 faulty cipher texts on average. In the latter attack, we assume that we can induce faults on a single nibble of intermediate states. Given those faulty cipher texts, the computational complexity of attacks is negligible.
Similar content being viewed by others
1 Introduction
Boneh et al. introduced the fault attack in September 1996[1]. Later, in October 1996, Biham and Shamir published an attack on secret key cryptosystems called differential fault analysis (DFA) which combined the ideas of fault attack and differential attack[2]. Given a plaintext, the DFA attack derived information about the secret key by examining the differences between a related cipher text resulting from a correct encryption and a cipher text of the same plaintext resulting from a faulty encryption. Normally, a faulty cipher text is taken by giving external impact on a device with voltage variation, glitch, laser, etc. A fault may be induced with these external impacts; however, we know neither the location nor the value of the fault. This attack is commonly used to analyze the security of cryptosystems. DFA have been employed to attack several block ciphers where DES[3, 4], AES[5–11], PRINTCIPHER[12], Camellia[13], CALEFIA[14, 15], RC4[16], SMS4[17], and ARIA[18] are examples. In general, there are two techniques to apply a DFA attack on a block cipher. The first one assumes that the intermediate states were corrupted by the fault injection and tries to recover the key, while the second form assumes that the key schedule algorithm was corrupted by the fault injection and tries to recover the key.
PRESENT is an ultra-lightweight block cipher proposed at CHES 2007 by Bogdanov et al. This block cipher is an SP network-based cipher and consists of 31 rounds. The block length is 64 bits, and two key lengths of 80 and 128 bits are supported[19], denoted by PRESENT-80 and PRESENT-128, respectively. Several basic attacks such as differential cryptanalysis, linear cryptanalysis, and their variants have been applied on PRESENT already[20–23]. In this paper, we concentrate on the security of PRESENT-80 against DFA attack.
1.1 Previous works
A DFA on PRESENT-80 key schedule has been proposed by Wang et al.[24]. They assumed that the key schedule was corrupted by the fault injection and tried to recover the key. They have reduced the master key search space of PRESENT-80 to 229 with 64 pairs of correct and faulty cipher texts on average. In addition, Zhao et al.[25] proposed a fault propagation pattern-based DFA on PRESENT-80/128. They reduce the master key search space of PRESENT-80/128 to 214.7 and 221.1, respectively, with 8 and 16 pairs of correct and faulty cipher texts on average.
1.2 Paper contributions
In this paper, we present two differential fault analyses on PRESENT-80. For the first attack, we assume that the fault occurs on only one bit of the intermediate states. In the second attack, we induce a fault on a single nibble of the intermediate states and we employ our first attack to retrieve the master key. Our attack can recover the master key, given 18 faulty cipher texts on average.
2 Paper organization
The notations used in the paper are presented in Section 3. PRESENT is briefly described in Section 3.2. In Section 4, we describe our basic attack. We present another DFA attack based on the basic attack in Section 5. Finally, we conclude the paper in Section 6.
3 Notations and preliminaries
3.1 Notations
Throughout the paper, we use the following notations:
-
P : denotes the plaintext.
-
K : denotes the master key.
-
S i: denotes the correct state before i th round’s S-box layer and denotes the j th bit of S i.
-
S i∗: denotes the faulty state before i th round’s S-box layer.
-
S i N j: denotes the j th nibble of state before i th round’s S-box layer and denotes its n th bit of the nibble.
-
B i: denotes the state after i th round’s S-box layer and B i N j denotes the j th nibble of B i.
-
B i∗: denotes the faulty state after i th round’s S-box layer and B i∗ N j denotes the j th nibble of B i∗.
-
K i: denotes i th subround key and denotes the j th bit of K i.
-
C : denotes the correct cipher text.
-
D : denotes the faulty cipher text.
3.2 Description of PRESENT
The PRESENT block cipher, depicted in Figure1, is an ultra-lightweight substitution-permutation network and consists of 31 rounds. The block length is 64 bits. The cipher supports 80 and 128-bit secret keys. Each round of PRESENT consists of three stages: key addition, non-linear substitution layer, and bit-wise permutation layer.
3.2.1 Key addition
As the first step of i th round, for 1 ≤ i ≤ 32, the current state is combined using bit-wise XOR with the i th round subkey.
where K 32 is used for postwhitening.
3.2.2 Substitution layer (S-box)
The output of the key addition stage goes through the S-box layer (Table1) which is the non-linear operation of the round. The S-box used in PRESENT is a single 4-bit to 4-bit S-box which is applied 16 times in parallel. The action of the S-box is shown by the following table.
3.2.3 Permutation layer P
Finally, the output of the S-box layer is rearranged to the permutation layer (Table2). Following this operation, bit i of the current state is moved to the bit position P(i).
The key schedule algorithm supports two key lengths of 80 and 128 bits. However, we do not explain the key schedule algorithm here because it is not directly relevant to our attack. For more information about the key schedule, the interested reader can refer to[19].
4 The basic DFA attack
In this section, we introduce a basic DFA attack against PRESENT-80 which is based on the injection of a fault on only one bit of intermediate states at the beginning of the last round’s S-box layer. The given attack requires a single-bit fault in the last round of the cipher which may sound difficult in practice. However, the recent results[26] show the feasibility of this type of DFA attacks.
The main idea of the given attack is to obtain S 31 by searching in the differences distribution table of the S-box (see Appendix 1), then we can obtain K 32. Injection of a single-bit fault on the j th nibble of S 31, S 31 N j, can be on,,, or. We denote the difference between the j th nibble of the correct state S 31 N j and the j th nibble of the faulty state S 31∗ N j by a, i.e., a = S 31 N j ⊕ S 31∗ N j. Hence, there are four possible fault differences for this nibble, a ∈ {1,2,4,8}. In Figure2, an example of the fault required for the basic attack is given where the first bit of the first nibble of S 31 is corrupted.
Through the attack, we assume that the master key and the input plaintext remain fixed. Moreover, for each faulty cipher text, exactly one bit of S 31 is randomly modified. To recover the last round key, following this attack, the adversary processes each nibble of intermediate state independently. To implement this attack, the adversary should obtain each nibble of S 31, S 31 N j for 1 ≤ j ≤ 16. Obtaining each nibble would be possible if we are given, on average, three distinct faulty cipher texts, assuming that the faults are injected on different bits of the nibble. To find out the nibble of S 31 which is involved in the faults, the adversary may reverse the difference output of P layer (P layer−1(C ⊕ D)) following the approaches presented in Algorithms 1 and 2 to obtain one nibble of S 31. Algorithm 1 arranges the faulty cipher texts and correct the cipher text in 16 groups of difference outputs of last round’s S-box layer, i.e., ΔB 31 N j for 1 ≤ j ≤ 16. In each specific group, the bits of faults occurred on the bits of the same nibble and the related nibble of S 31, S 31 N j, can be obtained following Algorithm 2. On the other hand, Algorithm 1 determines for each faulty cipher text, which the nibble has been corrupted. Hence, at the end of Algorithm 1, we expect to receive three difference outputs of last round’s S-box layer for each nibble. It is possible to repeat Algorithm 2 and retrieve whole nibbles of S 31. Given S 31 and the correct cipher text C, K 32 can be extracted as follows:
Hence, following the given attack, it is possible to retrieve K 32 given on average 48 faulty cipher texts and related correct cipher text for the fixed value of input message P (Additional details of the basic attack are given in Appendix 2).
If we can induce a fault on one bit of several nibbles of S 31 for each fault experiment, we can reduce the required number of faulty cipher texts to obtain S 31 and K 32. In this case, we can still use Algorithms 1 and 2 for obtaining S 31 and K 32. Obviously, the injection of a single bit fault for a nibble of S 31 generates a faulty nibble at the output of last round’s S-box layer, and single bit faults injection on several nibbles of S 31 generates several faulty nibbles at the output of last round’s S-box layer.
Algorithm 1 Determining the faulty output of last round’s S-box layer
Algorithm 2 Obtain one nibble of S 31
In Figure3, the flowchart of this attack is depicted.
Given K 32, a similar attack can be used to retrieve S 30 and K 31 and finally recover the master key. However, the number of required faulty cipher texts would be increased (96 faulty cipher texts on average), but in the next section, we show an approach to obtain the master key given 18 faulty cipher texts on average.
Remarks 1
It must be noted that sometimes faulty cipher texts will be repeated (if we inject a fault on the same bit of S 31 ), and we exclude this faulty cipher text. We collect three unique faulty cipher texts on average for obtaining each nibble of S 31.
5 The second DFA attack
In the previous section, we described a basic attack that, on each experiment, induces a fault on a single bit of intermediate state of the last round. In this section, to retrieve the whole master key, we extend the previous attack such that the adversary can inject a fault on one nibble rather than a bit.
In the design criteria of PRESENT, it has been stated that:
-
1.
The four input bits to an S-box come from four distinct S-boxes of the same group.
-
2.
The input bits to a group of 4 S-boxes come from 16 different S-boxes.
-
3.
The four output bits from a particular S-box enter four distinct S-boxes, each of which belongs to a distinct group of S-boxes in the subsequent round.
-
4.
The output bits of S-boxes in distinct groups go to distinct S-boxes.
Following the above criteria, we state that:
-
Inducing a fault on only one nibble of intermediate states at the beginning of the i th round’s S-box layer, S i, leads to fault occurrence on one bit of some S-boxes of the next round, where on average, the inputs of two S-boxes would be corrupted at the beginning of S i+1.
-
Inducing a fault on only one nibble of intermediate states at the beginning of the i th round’s S-box layer, S i, leads to fault occurrences on one bit of some S-boxes of the next round, S i+1, where on average the inputs of two S-boxes would be corrupted at the beginning of S i+1. These differences are propagated to extra S-boxes in (i + 2)th round. However, following the designing criteria, for any corrupted input of S-boxes at (i + 1)th and (i + 2)th round, we have difference on one bit. Therefore, the injection of a fault on a nibble of intermediate states at the beginning of the 29th round’s S-box layer, on average, provides the adversary with faults on single bits of four nibbles of S 31.
Now, following the above argument, we assume that a fault on only one nibble of intermediate states at the beginning of the 29th round’s S-box layer has occurred. We can use this approach to reduce the number of required faulty cipher texts in the basic attack (same as when we can induce the single bit faults on several nibbles of S 31 in the basic attack). An example of fault injection at the beginning of the 29th round’s S-box layer and its propagation toward 31st round has been depicted in Figure4. In this picture, for the sake of simplicity, we have assumed that the first nibble of S 29 is corrupted. It can be seen that eight nibbles of S 31 have been corrupted, and also, only one bit of inputs of each faulty S-boxes at 31st round is corrupted. Therefore, we can apply the basic attack on the received data. However, in the new fault model, we receive on average four faulty nibbles at the output 31st round in each fault injection (four nibbles of the output of the last round’s S-box layer were corrupted). Hence, the required number of faulty cipher texts to obtain the S 31 is reduced to 12.
Whenever we obtained S 31 and K 32, we can also retrieve K 31. To retrieve K 31, from the first phase of attack which retrieves K 32, we have 24 nibbles of the faulty output of the 30th round’s S-box layer (B 30∗ N j) on average, and we require extra 24 nibbles of the faulty output of the 30th round’s S-box layer to obtain S 30 and K 31. We can obtain those faulty states by inducing six extra faults on nibbles of intermediate state at the beginning of the 28th round’s S-box layer on average.
Therefore, we can obtain K 32 given 12 faulty cipher texts on average, where we have injected faults on the nibbles of S 29. To retrieve K 31, we require also to induce faults on the nibbles of intermediate state at the beginning of the 28th round’s S-box layer. Following the basic attack (with some change in notation and extent formula, see Appendix 1), to retrieve K 31, we require additional six faulty cipher texts on average. Given the round keys K 31 and K 32, it is possible to determine the master key uniquely. Hence, in total, it is possible to recover the master key of PRESENT-80 given 18 faulty cipher texts on average (An toy example of attacks are given in Appendix 3).
To compare our approach with[25], it must be noted that they have injected fault on the 29th round and tried to find the difference input of S-box 31st round where they have got some candidates for S-box inputs of 31st round and then recovered K 32 and K 31. On the other hand, the given attack in this paper does not require to find the difference input of S-box 31st round, and it recovers the S-box input of 31st round by searching in the differences distribution table of S-box and then obtains K 32.
Any secure cryptosystems should be protected against DFA attacks. So, any implementation of PRESENT also requires to protect the last round of encryption against the basic DFA attack and protect the 29th and 30th rounds of encryption against the second DFA attack. Therefore, an implementation of PRESENT requires to protect the three last rounds against our DFA attacks.
Remarks 2
Sometimes, we may receive useless faulty nibbles of cipher texts through the experiments which increase the attack complexity, i.e., number of required faulty cipher texts. Based on the random nature of the faults, and also the faults propagation property, it is possible to receive same errors on the same nibbles of the 31st round in different experiments. It should be noted that the errors that we induce in different experiments could be in different nibbles or even in the same nibble. These errors are propagated through the remaining rounds. However, if we receive several errors in a same bit of a nibble at the beginning of the 31st round, then only one of them is useful and the rest do not include new information. For example, following Figure 4 which is drawn for a fault on the first nibble of the internal state of 29th round, if we induce another fault on the same nibble in the next experiment and assume that the output difference of the related S-box at round 29 is 3, it has overlapped with the previous fault and it does not provide us with new information. It must be noted that we collect the unique nibble of faulty cipher texts and unique nibbles of faulty cipher texts on average to obtain one nibble of S 31.
6 Conclusions
In this paper, we introduced two new DFAs on PRESENT-80. Our attacks are based on the injection of the faults on the intermediate state of the cipher and can retrieve the last round key and the master key efficiently. The basic attack which requires to induce a fault on a single bit of nibbles at the input of the last round requires 48 faulty cipher texts on average, and the extended attack which retrieves the master key induces a fault on a nibble of the intermediate states and requires 18 faulty cipher texts on average.
Appendix 1
The difference distribution table of the S-box and the categorization algorithm for the faulty cipher texts
The difference distribution table of the S-box is shown in Table3. The categorization algorithm for the faulty cipher texts is shown in Algorithm 3.
Algorithm 3 Categorize the faulty cipher texts and cipher text in 16 groups based on the difference output of the 30th round’s S-box layer
Algorithm 4 Obtain one nibble of S 30 , given that K 31 = P - Layer( S -Layer( S 30 )) ⊕ S 31
Appendix 2
Additional details of the basic attack
For each faulty cipher text, we have got a difference output of the last round’s S-box layer, and we can determine possible inputs of the last round’s S-box layer by searching in the differences distribution table of the S-box. In Table4, all possible inputs of the last round’s S-box layer for each difference output of the last round’s S-box layer are shown (remember that difference input can be a ∈ {1,2,4,8}).
In Table4, it can be seen that given a faulty cipher text, eight candidates for S-box input with probability have been determined or four candidates for S-box input with probability have been determined.
In Table5, all S-box difference outputs for each S-box input, with one bit difference in S-box input, are depicted.
Given in Table5, we see that the sets of S-box difference outputs for each specific input are different. Hence, we can obtain the exact value of the S-box input with four faulty cipher texts. In the following, we explain the states that two and three faulty cipher texts are given.
-
When two faulty cipher texts are given, these states can occur:
-
Two faulty cipher texts determine eight candidates for S-box input. In this state, when we apply Algorithm 2, we obtain two, three, four, or five candidates for S-box input.
-
The first faulty cipher text determined eight candidates for S-box input, and the second faulty cipher text determined four candidates for S-box input. If we denote by A the sets of the candidates obtained with the first faulty cipher text except the correct value of S-box input and by B the sets of the candidates obtained with the second faulty cipher text except the correct value of S-box input, we can identify the correct value with probability:
-
The first faulty cipher text determined four candidates for S-box input, and the second faulty cipher text determined four candidates for S-box input.
In this state, we can identify the correct value with probability:
-
-
When three faulty cipher texts are given, these states can occur:
-
All faulty cipher texts determined eight candidates for S-box input.
If we denote by C the sets of the candidates obtained with the third faulty cipher text except the correct value of S-box input, we can identify the correct value with probability:
The first and second faulty cipher texts determine eight candidates for S-box input, and the third faulty cipher text determine four candidates for S-box input.
In this state, we can identify the correct value with probability:
-
The first faulty cipher texts determine eight candidates for S-box input, and the second and third faulty cipher texts determine four candidates for S-box input.
In this state, we can identify the correct value with probability:
Appendix 3
A toy example of attacks
Assume that a message M is encrypted by PRESENT-80, the basic attack works as follows. For the sake of simplicity, we assume that the first nibble of S 31, S 31 N 0, is A in hexadecimal ((1010)2 in binary). So, if we inject a single-bit fault on S 31 N 0, we obtain a faulty cipher text D. If we do this fault injection to other bits of S 31 N 0, we have four faulty cipher texts that is shown in the following table (Table6, note that throughout the attack, we do not know the fault location, and we put this value in this table only for the reader):
So we show each step of Algorithm 2 in the following table (Table7):
After we obtain S 31 N 0, we obtain 4 bits of K 32.
For verifying the second attack, we present an example that the message, key, and some details are shown in Table8. We injected 16 faults on S 31 in random and have got 16 faulty cipher texts. In Table9, the value and location of faults were given (this table was given just for the reader); then, in Table10, the results of Algorithms 1 and 2 were given.
In Table10, two candidates existed for nibbles 4, 6, and 11 of S 31, so for obtaining the exact value of these nibbles, we have to inject at least three faults on S 29. In total, we obtain 13 nibbles of K 32, 9 nibbles of K 31, and two candidates for some nibbles of K 32 and K 31 with 16 faulty cipher texts (in this example). For recovering whole of K 31, we have to inject some faults as mentioned in Section 5.
References
Boneh D, DeMillo RA, Lipton RJ: On the importance of checking cryptographic protocols for faults (extended abstract). In EUROCRYPT. Edited by: Fumy W. Heidelberg: Springer; 1997:37-51.
Biham E, Shamir A: Differential fault analysis of secret key cryptosystems. In CRYPTO. Edited by: Kaliski Jr. BS. Heidelberg: Springer; 1997:513-525.
Hemme L: A differential fault attack against early rounds of (Triple-)DES. In CHES. Edited by: Joye M, Quisquater JJ. Heidelberg: Springer; 2004:254-267.
Rivain M: Differential fault analysis on DES middle rounds. In CHES. Edited by: Clavier C, Gaj K. Heidelberg: Springer; 2009:457-469.
Dusart P, Letourneux G, Vivolo O: Differential fault analysis on A.E.S. In ACNS. Edited by: Zhou J, Yung M, Han Y. Heidelberg: Springer; 2003:293-306.
Giraud C: DFA on AES. In AES Conference. Edited by: Dobbertin H, Rijmen V, Sowa A. Heidelberg: Springer; 2004:27-41.
Giraud C, Thillard A: Piret and quisquater’s DFA on AES revisited. IACR Cryptology ePrint Arch 2010, 2010: 440.
Kim CH: Differential fault analysis of AES: Toward reducing number of faults. IACR Cryptology ePrint Arch 2011, 2011: 178.
Kim CH, Quisquater J-J: New differential fault analysis on AES key schedule: two faults are enough. In CARDIS. Edited by: Grimaud G, Standaert FX. Heidelberg: Springer; 2008:48-60.
Piret G, Quisquater J-J: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In CHES. Edited by: Walter CD, Koc CK, Paar C. Heidelberg: Springer; 2003:77-88.
Tunstall M, Mukhopadhyay D, Ali S: Differential fault analysis of the advanced encryption standard using a single fault. In WISTP. Edited by: Ardagna CA, Zhou J. Heidelberg: Springer; 2011:224-233.
Bagheri N, Ebrahimpour R, Ghaedi N: Differential fault analysis on PRINTcipher. IET Netw 2013., 2(1):
jie Zhao X, Wang T: An improved differential fault attack on camellia. IACR Cryptology ePrint Arch 2009, 2009: 585.
jie Zhao X, Wang T, zhe Gao J: Multiple bytes differential fault analysis on CLEFIA. IACR Cryptology ePrint Arch 2010, 2010: 78.
Takahashi J, Fukunaga T: Differential fault analysis on CLEFIA with 128, 192, and 256-bit keys. IEICE Trans 2010, 93-A(1):136-143.
Biham E, Granboulan L, Nguyen PQ: Impossible fault analysis of RC4 and differential fault analysis of RC4. In Lecture Notes in Computer Science, vol. 3557. Edited by: Gilbert H, Handschuh. FSE H. Heidelberg: Springer; 2005:359-367.
Li R, Sun B, Li C, You J: Differential fault analysis on SMS4 using a single fault. Inf. Process. Lett 2011, 111(4):156-163. 10.1016/j.ipl.2010.11.011
Li W, Gu D, Li J: Differential fault analysis on the ARIA algorithm. Inf. Sci 2008, 178(19):3727-3737. 10.1016/j.ins.2008.05.031
Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C: PRESENT: an ultra-lightweight block cipher. In CHES. Edited by: Paillier P, Verbauwhede I. Heidelberg: Springer; 2007:450-466.
Cho JY: Linear cryptanalysis of reduced-round PRESENT. In CT-RSA. Edited by: Piepryzk J. Heidelberg: Springer; 2010:302-317.
Özen O, Varici K, Tezcan C, Kocair Çelebi: Lightweight block ciphers revisited: cryptanalysis of reduced round PRESENT and HIGHT. In ACISP. Edited by: Boyd C, Nieto JG. Heidelberg: Springer; 2009:90-107.
Wang M: Differential cryptanalysis of PRESENT. IACR Cryptology ePrint Arch 2007, 2007: 408.
Wang M: Differential cryptanalysis of reduced-round PRESENT. In AFRICACRYPT. Edited by: Wang MM. Heidelberg: Springer; 2008:40-49.
Wang G, Wang S: Differential fault analysis on PRESENT key schedule. In CIS. Edited by: Schindler W, Huss SA. Heidelberg: Springer; 2010:362-366.
jie Zhao X, Wang T, Guo S: Fault-propagation pattern based DFA on SPN structure block ciphers using bitwise permutation, with application to PRESENT and PRINTcipher. IACR Cryptology ePrint Arch 2011, 2011: 86.
Mirbaha AP, Dutertre J-M, Ribotta A-L, Agoyan M, Tria A, Naccache D: Single-bit DFA using multiple-byte laser fault injection. IEEE International Conference on Technologies for Homeland Security, Waltham, 8–10 Nov 2010
Author information
Authors and Affiliations
Corresponding author
Additional information
Competing interests
The authors declare that they have no competing interests.
Authors’ original submitted files for images
Below are the links to the authors’ original submitted files for images.
Rights and permissions
Open Access This article is distributed under the terms of the Creative Commons Attribution 2.0 International License ( https://creativecommons.org/licenses/by/2.0 ), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
About this article
Cite this article
Bagheri, N., Ebrahimpour, R. & Ghaedi, N. New differential fault analysis on PRESENT. EURASIP J. Adv. Signal Process. 2013, 145 (2013). https://doi.org/10.1186/1687-6180-2013-145
Received:
Accepted:
Published:
DOI: https://doi.org/10.1186/1687-6180-2013-145