Abstract
Lightweight block cipher PRESENT is an algorithm with SPN structure. Due to its excellent hardware performance and simple round function design, it can be well applied to Internet of things terminals with limited computing resources. As an improved cipher of PRESENT, GIFT is similar in structure to PRESENT and has been widely concerned by academia and industry. This article studies the P permutation law of PRESENT and GIFT, and presents a general differential fault attack(DFA) method with their differential characteristics. For PRESENT, this article chooses to inject a nibble fault before the 30 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">th</sup> and 31 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">st</sup> rounds of S-box operation. A total of 32 nibble fault ciphertexts are needed to recover the original key. The computational complexity and data complexity are 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">10.94</sup> and 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">8</sup> , respectively. For GIFT, this article chooses to inject a nibble fault before the 25 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">th</sup> , 26 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">th</sup> , 27 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">th</sup> and 28 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">th</sup> rounds of S-box operation. A total of 64 nibble fault ciphertexts are needed to recover the original key. The computational complexity and data complexity are 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">11.91</sup> and 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">9</sup> , respectively. Compared with other public cryptoanalysis results of PRESENT and GIFT, this general attack method has great advantages. In this article, the DFA of GIFT is experimentally verified and the effectiveness is proved. These experiments have been done on a personal computer and run in a very reasonable time(around 500ms).
Highlights
DFA [1] is a new cryptanalysis method proposed by E
Hamir based on a combination of mathematical and physical methods in 1997. This method has been applied to many block ciphers, like FOX [2], SMS4 [3], AES [4], LED [5], SIMON [6] etc
As can be seen from the above table, this attack method requires an average of 87 nibble faults to recover all keys of GIFT, which is higher than the theoretical result of 64 nibble faults mentioned above
Summary
DFA [1] is a new cryptanalysis method proposed by E. Wang [11] published a differential attack on PRESENT in 2008 with both computational and data complexity of 264. Reference [14] illustrates the Biclique cryptanalysis results of PRESENT by Zheng Gong et al, and the computational complexity and data complexity are 278.9 and 264, respectively [15] illustrates the impossible differential attack on PRESENT by Tezcan. H. Luo et al.: General DFA on PRESENT and GIFT Cipher With Nibble computational complexity and data complexity of 257.6 and 261, respectively. In order to avoid the design defects of PRESENT mentioned above, on the occasion of the 10th anniversary of PRESENT, Banik et al [22] proposed a new lightweight block cipher named GIFT in CHES 2017. Jati et al [29] analyzed the threshold implementation of GIFT, and Dalmasso et al [30] analyzed the hardware implementation in FPGA
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
