Abstract
Abstract It had always been believed that there was an inherent barrier to Differential Fault Attack (DFA) on the nonce-based authenticated encryption algorithm. At CHES 2016, Saha et al. proposed an Internal Differential Fault Attack on a parallelizable counter-mode algorithm. They induce the attack to classical DFA at the expense of one more fault injection in every encryption process. In this paper, we propose the DFA on HYENA, which is a nonce-based authenticated encryption mode for GIFT-128. Our work is the first pure classical DFA on a nonce-based authenticated encryption algorithm with only one fault injected in every decryption process. Firstly, we give the DFA on GIFT-128 with a fault injected into the 39th-round input. Based on this work, we inject a fault in the underlying GIFT-128 of a HYENA decryption process and make this decryption process still generate the correct tag and output plaintext. This makes the necessary conditions of DFA satisfied. Experiments show that at most 56 key bits of HYENA can be recovered with only a few faulty ciphertexts. In addition, our fault injection is easier to achieve than most other work about fault attack, because the injection location is relatively random and the fault type can be arbitrary. It should be noted that the left 72 key bits cannot be recovered in this way.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
