Improved Algebraic and Differential Fault Attacks on the KATAN Block Cipher

Abstract

Improved algebraic attack and differential fault attack on the KATAN block cipher are presented. In the SAT-based algebraic analysis, we improve the ANF-to-CNF conversion to make good use of short equations in the algebraic representation of the cipher. An optimal number of plaintext/ciphertext pairs with a certain structure are used, and 84, 70, and 65 rounds of KATAN32, KATAN48, and KATAN64 are broken, respectively, which are 5 more rounds of the cipher than previous works under the same attack scenario. In the differential fault attack, a new method of recovering secret key bits from faulty and fault-free ciphertexts is developed under one-bit and two-bit fault models, and its iteration application can retrieve the whole 80-bit secret key of the full-round KATAN32, KATAN48, and KATAN64 with 132, 44, and 52 fault injections under the one-bit fault model and with 140, 60, and 60 fault injections under the two-bit fault model, respectively. The time complexity of the attack is negligible, which is a great improvement on previous differential fault attacks on KATAN of time complexity 259,255, and 255 and with 115, 211, and 278 fault injections, respectively, under the one-bit fault model.