Hard fault analysis of Trivium

Authors:
Yu-Pu Hu;Feng-Rong Zhang;Wen-Zheng Zhang
Affiliations:
State Key Laboratory of Integrated Services Networks, Xidian University, Xi'an 710071, PR China;State Key Laboratory of Integrated Services Networks, Xidian University, Xi'an 710071, PR China;Science and Technology on Communication Security Laboratory, The 30th Research Institute of China Electronics Technology Group Corporation, Chengdu 610041, PR China
Venue:
Information Sciences: an International Journal
Year:
2013

Citing 10
Cited 0

Differential Fault Analysis of Secret Key Cryptosystems

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Low Cost Attacks on Tamper Resistant Devices

Proceedings of the 5th International Workshop on Security Protocols
Optical Fault Induction Attacks

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Security enhancement for digital signature schemes with fault tolerance in RSA

Information Sciences: an International Journal
Differential fault analysis on the ARIA algorithm

Information Sciences: an International Journal
Differential Fault Analysis of Trivium

Fast Software Encryption
Slid Pairs in Salsa20 and Trivium

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Floating Fault Analysis of Trivium

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Cube Attacks on Tweakable Black Box Polynomials

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium

Fast Software Encryption

Quantified Score

Hi-index	0.07

Visualization

Abstract

Fault analysis is an attack on stream ciphers with potential power. Up until now, major efforts on fault analysis have been to simplify the cipher by injecting some soft faults, that is, momentarily changing values of some register bits. We call this soft fault analysis. As a hardware-oriented stream cipher, Trivium is weak under soft fault analysis. In this paper we consider another type of fault analysis. It is to simplify the cipher by injecting some hard faults, that is, permanently setting values of some register bits to be zero. We call this hard fault analysis, and use it to analyze Trivium. We classify the faults positions into seven cases, and in five cases the cipher can be broken or be efficiently simplified. We present the following results about such attack on Trivium. In one case with the probability not smaller than 0.2396, the attacker can obtain 69 bits of the 80-bit key. In another case with the probability not smaller than 0.2292, the attacker can recover the full key. In the third case with the probability not smaller than 0.2292, the attacker can partially solve the key. In the fourth case with non-negligible probability, the attacker can obtain a simplified cipher, with smaller number of state bits and slower non-linearization procedure. In the fifth case with non-negligible probability, the attacker can obtain another simplified cipher. The attacker's computations are simple and immediate, and the cipher can be broken or be efficiently simplified with the probability not smaller than 0.698. Besides, these five cases can be distinguished by observing the keystream.