Key Recovery from State Information of Sprout: Application to Cryptanalysis and Fault Attack.
作者: Subhamoy Maitra , Santanu Sarkar , Anubhab Baksi , Pramit Dey
DOI:
关键词: Computer science 、 Key (cryptography) 、 Cipher 、 Cryptanalysis 、 Stream cipher 、 Computer security 、 Boolean satisfiability problem 、 Brute-force attack
摘要: Design of secure light-weight stream ciphers is an important area in cryptographic hardware & embedded systems and a very recent design by Armknecht Mikhalev (FSE 2015) has received serious attention that uses shorter internal state still claims to resist the time-memory-data-tradeoff (TMDTO) attacks. An instantiation this paradigm cipher named Sprout with 80-bit secret key. In paper we cryptanalyze refute various claims. The designers claim key can not be recovered efficiently from complete information using guess determine attack. However, paper, show it possible few hundred bits practical time. More importantly, around 850 key-stream bits, knowledge NFSR (40 bits) partial LFSR (around one third, i.e., 14 bits); obtain all bits. This cryptanalyzes 2 attempts (considering constant time complexity required SAT solver each attempt, which 1 minute laptop). less than exhaustive search. Further, how related ideas employed mount fault attack against requires 120 faults random locations (20 faults, if are known), whereas such may possible. Our cryptanalytic results raise quite questions about general should revisited greater care.
参考文章(20)
Subhadeep Banik, Subhamoy Maitra, Santanu Sarkar, A differential fault attack on the grain family of stream ciphers cryptographic hardware and embedded systems. pp. 122- 139 ,(2012) , 10.1007/978-3-642-33027-8_8
Susan Hohenberger, Amit Sahai, Brent Waters, Full Domain Hash from (Leveled) Multilinear Maps and Identity-Based Aggregate Signatures international cryptology conference. ,vol. 2013, pp. 494- 512 ,(2013) , 10.1007/978-3-642-40041-4_27
Subhadeep Banik, Subhamoy Maitra, A Differential Fault Attack on MICKEY 2.0 Cryptographic Hardware and Embedded Systems - CHES 2013. ,vol. 2013, pp. 215- 232 ,(2013) , 10.1007/978-3-642-40349-1_13
Michal Hojsík, Bohuslav Rudolf, Floating Fault Analysis of Trivium international conference on cryptology in india. pp. 239- 250 ,(2008) , 10.1007/978-3-540-89754-5_19
Sergei Skorobogatov, Optically enhanced position-locked power analysis cryptographic hardware and embedded systems. pp. 61- 75 ,(2006) , 10.1007/11894063_6
Martin Hell, Willi Meier, Martin Ågren, Thomas Johansson, A New Version of Grain-128 with Authentication Symmetric Key Encryption Workshop 2011. ,(2011)
Dan Boneh, Richard A. DeMillo, Richard J. Lipton, On the importance of checking cryptographic protocols for faults theory and application of cryptographic techniques. pp. 37- 51 ,(1997) , 10.1007/3-540-69053-0_4
Yupu Hu, Juntao Gao, Qing Liu, Yiwei Zhang, Fault analysis of Trivium Designs, Codes and Cryptography. ,vol. 62, pp. 289- 311 ,(2012) , 10.1007/S10623-011-9518-9
Subhadeep Banik, Subhamoy Maitra, Santanu Sarkar, Improved differential fault attack on MICKEY 2.0 Journal of Cryptographic Engineering. ,vol. 5, pp. 13- 29 ,(2015) , 10.1007/S13389-014-0083-9
Martin Hell, Thomas Johansson, Willi Meier, Grain: a stream cipher for constrained environments International Journal of Wireless and Mobile Computing. ,vol. 2, pp. 86- 93 ,(2007) , 10.1504/IJWMC.2007.013798