We show that a particular class of stream ciphers – namely those in which the output function contains a bitwise AND operation – are susceptible to a differential fault attack using random faults. Several finalists and other candidates from the recent CAESAR competition fall into this category, including the AEGIS variants, Tiaoxin and the MORUS family. Attack outcomes range from key or full state recovery for Tiaoxin, to full state recovery for the AEGIS family and partial state recovery for MORUS. We present attack requirements and success probabilities on these ciphers, along with design considerations to mitigate against this attack.
CITATION STYLE
Wong, K. K. H., Bartlett, H., Simpson, L., & Dawson, E. (2020). Differential Random Fault Attacks on Certain CAESAR Stream Ciphers. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11975 LNCS, pp. 297–315). Springer. https://doi.org/10.1007/978-3-030-40921-0_18
Mendeley helps you to discover research relevant for your work.