Algebraic fault analysis based on decomposition of higher-order nonlinear S-boxes in lightweight block ciphers

Abstract

Nowadays, with the development of the Internet of Things and information security technologies, lightweight block ciphers are gradually being widely used. As a side-channel attack method, algebraic fault analysis has received attention from experts and scholars since its introduction. The familiar nonlinear operation in lightweight block ciphers is the S-box substitution, and the performance index of the S-box directly determines the security strength of the cipher. To further improve the efficiency of algebraic fault analysis, this paper proposes a method to rewrite the algebraic equations of S-box substitution by decomposing the original cubic S-boxes into two quadratic S-boxes. The results show that this method is significantly effective compared to the original method in GIFT-64 and SKINNY-64, especially in the SKINNY-64 block cipher, where the average solving time is reduced by several hundred times in the best case with the same samples. At the same time, our best results show that s single-bit fault injection is enough to recover the master key of SKINNY-64. In addition, the PRESENT-64 block cipher is also studied in this paper, and the results show that the method can also improve efficiency significantly. When the location of the single-bit fault is unknown, using the S-box decomposition method for SKINNY-64 can also significantly improve the solving success rate, reduce the number of faults, and speed up the solving.