[en] In this paper we propose Differential Fault Attack (DFA) on two Fully Homomorphic Encryption (FHE) friendly stream ciphers Rasta and . Design criteria of Rasta rely on affine layers and nonlinear layers, whereas relies on permutations and a nonlinear fil- ter function. Here we show that the secret key of these two ciphers can be recovered by injecting only 1 bit fault in the initial state. Our DFA on full round (# rounds = 6) Rasta with 219 block size requires only one block (i.e., 219 bits) of normal and faulty keystream bits. In the case of our DFA on FiLIP-430 (one instance of ), we need 30000 normal and faulty keystream bits.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
Radheshwar, R.
Kansal, Meenakshi
MEAUX, Pierrick ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > PI Coron
Roy, Dibyendu
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Differential Fault Attack on Rasta and FiLIP-DSM
Date de publication/diffusion :
2023
Titre du périodique :
IEEE Transactions on Computers
ISSN :
0018-9340
eISSN :
1557-9956
Maison d'édition :
Institute of Electrical and Electronics Engineers, Etats-Unis - New York
M. Albrecht, C. Rechberger, T. Schneider, T. Tiessen, and M. Zohner, M, "Ciphers for MPC and FHE, " in Proc. Adv. Cryptology, LNCS, vol. 9056, Berlin, Germany: Springer, 2015, pp. 430-454.
B. Bathe, S. Tiwari, R. Anand, D. Roy, and S. Maitra, "Differential fault attack on espresso, " in Proc. Int. Conf. Cryptol. India 2020, LNSC, vol. 13143, Berlin, Germany: Springer, pp. 271-286, 2020.
E. Biham and O. Dunkelman, "Differential cryptanalysis in stream ciphers, " Cryptology ePrint Archive, Paper 2007/218. [Online]. Available: https://eprint.iacr.org/2007/218.pdf
A. Canteaut et al., "Stream ciphers: A practical solution for efficient homomorphic-ciphertext compression, " J. Cryptology, vol. 31, no. 3, pp. 885-916, 2018.
C. Carlet and P. Méaux, "A complete study of two classes of boolean functions: Direct sums of monomials and threshold functions, " IEEE Trans. Inf. Theory, vol. 68, no. 5, pp. 3404-3425, May 2022.
C. Carlet, P. Méaux, and Y. Rotella, "Boolean functions with restricted input and their robustness; application to the FLIP cipher, " IACR Trans. Symmetric Cryptol., vol. 3, pp. 192-227, 2017.
B.Cogliati and T.Tanguy, "Multi-user security bound for filter permutators in the random oracle model, " Designs, Codes Cryptogr., vol. 87, pp. 1621-1638, 2019.
O. Cosseron, C. Hoffmann, P. Méaux, and F. Standaert, "Towards caseoptimized hybrid homomorphic encryption: Featuring the elisabeth stream cipher, " in Proc. Int. Conf. Theory Appl. Cryptol. Inf Secur.-Asiacrypt, 2022, vol. 13793, pp. 32-67.
C. Dobraunig et al., "Rasta: A cipher with low ANDdepth and few ANDs per bit, " in Proc. Annu. Int. Cryptol. Conf., LNCS, vol. 10991, Springer, 2018, pp. 662-692.
S. Duval, V. Lallemand, and Y. Rotella, "Cryptanalysis of the FLIP family of stream ciphers, " in Proc. Annu. Int. Cryptol. Conf., vol. 9814, Springer, 2016, pp. 457-475.
J. J. Hoch and A. Shamir, "Fault analysis of stream ciphers, " in Proc. Int. Workshop Cryptographic Hardware Embedded Syst., LNCS, vol. 3156, Springer, 2004, pp. 240-253.
C. Hoffmann, P. Méaux, and T. Ricosset, "Transciphering using FiLIP and TFHE for an efficient delegation of computation, " in Proc. Int. Conf. Cryptol. India, LNSC, vol. 12578, Springer, 2020, pp. 39-61.
F. Liu, S. Sarkar, W. Meier, and T. Isobe, "Algebraic attacks on rasta and dasta using low-degree equations, " in Proc. Int. Conf. Theory Appl. Cryptol. Inf. Secur., LNSC, vol. 13090, Springer, 2021, pp. 214-240.
S. Maitra, B. Mandal, T. Martinsen, D. Roy, and P. St?anic?a, "Tools in analyzing linear approximation for boolean functions related to FLIP, " in Proc. Int. Conf. Cryptol. India, LNSC, vol. 11356, Springer, 2018, pp. 282-303.
S. Maitra, B. Mandal, T. Martinsen, D. Roy, and P. St?anic?a, "Analysis on boolean function in a restricted (Biased) domain, " IEEE Trans. Inf. Theory, vol. 66, no. 2, pp. 1219-1231, Feb. 2020.
S. Maitra, A. Siddhanti, and S. Sarkar, "A differential fault attack on plantlet, " IEEE Trans. Comput., vol. 66, no. 10, pp. 1804-1808, Oct. 2017.
P. Méaux, "Symmetric encryption scheme adapted to fully homomorphic encryption scheme, " in Journées Codage et Cryptographie -JC2 2015-12éme édition des Journées Codage et Cryptographie du GT C2, 5 au 9 octobre 2015, La Londeles-Maures, France, 2015. [Online]. Available: http://imath.univ-Tln.fr/C2
P. Méaux, C. Carlet, A. Journault, and F. Standaert, "Improved filter permutators for efficient FHE: Better instances and implementations, " in Proc. Int. Conf. Cryptol. India, LNSC, vol. 11898, Springer, 2019, pp. 68-91.
P. Méaux, A. Journault, F.-X. Standaert, and C. Carlet, "Towards stream ciphers for efficient FHE with low-noise ciphertexts, " in Proc. Adv. Crypto., LNSC, vol. 9665, Springer, 2016, pp. 311-343.
D. Randall, "Efficient generation of random nonsingular matrices, " Random Structures Algorithms, vol. 4, no. 1, pp. 111-118, 1993.
D. Roy, B. Bathe, and S. Maitra, "Differential fault attack on kreyvium & FLIP, " IEEE Trans. Comput., vol. 70, no. 12, pp. 2161-2167, Dec. 2021.
S. Sarkar, P.Dey, A.Adhikari, and S. Maitra, "Probabilistic signature based generalized framework for differential fault analysis of stream ciphers, " Cryptogr. Commun., vol. 9, no. 4, pp. 523-543, 2017.
A. Siddhanti, S. Sarkar, S. Maitra, and A. Chattopadhyay, "Differential fault attack on grain v1, ACORN v3 and lizard, " in Proc. Int. Conf. Secur., Privacy, Appl. Cryptogr. Eng., LNSC, vol. 10662, Springer, 2017, pp. 247-263.
