Algebraic fault analysis of SHA-3
Abstract
This paper presents an efficient algebraic fault analysis on all four modes of SHA-3 under relaxed fault models. This is the first work to apply algebraic techniques on fault analysis of SHA-3. Results show that algebraic fault analysis on SHA-3 is very efficient and effective due to the clear algebraic properties of Keccak operations. Comparing with previous work on differential fault analysis of SHA-3, algebraic fault analysis can identify the injected faults with much higher rates, and recover an entire internal state of the penultimate round with much fewer fault injections.
References
[1]
N. F. Pub, "FIPS PUB 202. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions," Federal Information Processing Standards Publication, 2015.
[2]
G. Bertoni, J. Daemen, M. Peeters, and G. Assche, "The Keccak reference," Submission to NIST (Round 3), January, 2011.
[3]
W. Cai and F. Shi, "2.4 GHz heterodyne receiver for healthcare application," International Journal of Pharmacy and Pharmaceutical Sciences, vol. 8, no. 6, pp. 162--165, 2016.
[4]
E. Biham and A. Shamir, "Differential fault analysis of secret key cryptosystems," in Advances in Cryptology - CRYPTO'97.
[5]
G. Piret and J.-J. Quisquater, "A differential fault attack technique against SPN structures, with application to the AES and KHAZAD," in Cryptographic Hardware & Embedded Systems, 2003.
[6]
H. Chen, W. Wu, and D. Feng, "Differential fault analysis on CLEFIA," in Information and Communications Security, 2007.
[7]
S. Karmakar and D. R. Chowdhury, "Differential fault analysis of MICKEY-128 2.0," in WkShp on Fault Diagnosis & Tolerance in Cryptography, 2013.
[8]
P. Dey, A. Chakraborty, A. Adhikari, and D. Mukhopadhyay, "Improved practical differential fault analysis of Grain-128," in Proc. Design, Automation & Test in Europe, 2015.
[9]
L. Hemme and L. Hoffmann, "Differential fault analysis on the SHA1 compression function," in WkShp on Fault Diagnosis & Tolerance in Cryptography, Sept. 2011.
[10]
R. Altawy and A. M. Youssef, "Differential fault analysis of Streebog," in Int. Conf. on Information Security Practice & Experience, 2015.
[11]
W. Li, Z. Tao, D. Gu, Y. Wang, Z. Liu, and Y. Liu, "Differential fault analysis on the MD5 compression function," Journal of Computers, no. 11, 2013.
[12]
W. Fischer and C. A. Reuter, "Differential fault analysis on Grøstl," in FDTC'2012.
[13]
N. T. Courtois and J. Pieprzyk, "Cryptanalysis of block ciphers with overdefined systems of equations," in Advances in Cryptology - ASI-ACRYPT 2002.
[14]
P. Jovanovic, M. Kreuzer, and I. Polian, "An algebraic fault attack on the LED block cipher." IACR Cryptology ePrint Archive, 2012.
[15]
F. Zhang, X. Zhao, S. Guo, T. Wang, and Z. Shi, "Improved algebraic fault analysis: A case study on Piccolo and applications to other lightweight block ciphers," in Constructive Side - Channel Analysis and Secure Design, 2013.
[16]
X. Zhao, F. Zhang, S. Guo, T. Wang, Z. Shi, H. Liu, and K. Ji, "MDASCA: an enhanced algebraic side-channel attack for error tolerance and new leakage model exploitation," in Constructive Side-Channel Analysis and Secure Design, 2012.
[17]
X. Zhao, S. Guo, F. Zhang, Z. Shi, C. Ma, and T. Wang, "Improving and evaluating differential fault analysis on LED with algebraic techniques," in FDTC'2013.
[18]
N. Bagheri, N. Ghaedi, and S. Sanadhya, "Differential fault analysis of SHA-3," in Progress in Cryptology - INDOCRYPT 2015.
[19]
P. Luo, Y. Fei, L. Zhang, and A. Ding, "Differential fault analysis of SHA3-224 and SHA3-256," in FDTC 2016.
[20]
M. Soos, K. Nohl, and C. Castelluccia, "Extending SAT solvers to cryptographic problems," in Theory and Applications of Satisfiability Testing-SAT 2009.
[21]
P. Luo, C. Li, and Y. Fei, "Concurrent error detection for reliable SHA-3 design," in Proceedings of the 26th Edition on Great Lakes Symposium on VLSI, ser. GLSVLSI 2016.
[22]
K. A. Bowman, C. Tokunaga, J. W. Tschanz, A. Raychowdhury, M. M. Khellah, B. M. Geuskens, S.-L. L. Lu, P. A. Aseron, T. Karnik, and V. K. De, "All-digital circuit-level dynamic variation monitor for silicon debug and adaptive clock control," IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 58, 2011.
Recommendations
Analysis of SHA-512/224 and SHA-512/256
Proceedings, Part II, of the 21st International Conference on Advances in Cryptology --- ASIACRYPT 2015 - Volume 9453In 2012, NIST standardized SHA-512/224 and SHA-512/256, two truncated variants of SHA-512, in FIPS 180-4. These two hash functions are faster than SHA-224 and SHA-256 on 64-bit platforms, while maintaining the same hash size and claimed security level. ...
Differential Fault Analysis of SHA-3
Proceedings of the 16th International Conference on Progress in Cryptology -- INDOCRYPT 2015 - Volume 9462In this paper we present the first differential fault analysis DFA of SHA-3. This attack can recover the internal state of two versions of SHA-3 namely, SHA3-512 and SHA3-384 and can be used to forge MAC's which are using these versions of SHA-3. ...
Practical Collision Attacks against Round-Reduced SHA-3
AbstractThe Keccak hash function is the winner of the SHA-3 competition (2008–2012) and became the SHA-3 standard of NIST in 2015. In this paper, we focus on practical collision attacks against round-reduced SHA-3 and some Keccak variants. Following the ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
March 2017
1814 pages
Publisher
European Design and Automation Association
Leuven, Belgium
Publication History
Published: 27 March 2017
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 68Total Downloads
- Downloads (Last 12 months)37
- Downloads (Last 6 weeks)2
Reflects downloads up to 18 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in