Abstract
In this paper we present a differential fault attack (DFA) on the stream cipher Scream which is designed by the IBM researchers Coppersmith, Halevi, and Jutla in 2002. The known linear distinguishing attack on Scream takes 2 120 output words and there is no key recovery attack on it, since the S-box used by Scream is key-dependent and complex. Under the assumption that we can inject random byte faults in the same location multiple number of times, the 128-bit key can be recovered with 2 94 computations and 2 72 bytes memory by injecting around 2000 faults. Then combined with the assumption of related key attacks, we can retrieve the key with 2 44 computations and 2 40 bytes memory. The result is verified by experiments. To the best of the our knowledge this is the first DFA and key recovery attack on Scream.
Author supplied keywords
Cite
CITATION STYLE
Du, S., Zhang, B., Li, Z., & Lin, D. (2015). Fault attacks on stream cipher scream. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9065, pp. 50–64). Springer Verlag. https://doi.org/10.1007/978-3-319-17533-1_4
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
