Improved Differential Fault Analysis on LED with Constraint Equations: Towards Reaching Its Limit

Abstract

The block cipher LED is well suited for resource-constrained scenarios. However, it is vulnerable to the recent fault attacks and different results have been achieved even under the same fault model. In this paper, a comprehensive investigation is conducted on the fault analysis on LED. A novel differential fault analysis is proposed, which is based on the so-called constraint equations. The proposed attack can combine constraint equations at different levels, pushing the differential fault analysis on LED towards its limit in terms of the time complexity, the data complexity and the remained key search space. Under random nibble fault model, SINGLE fault injection can reduce the key search space of LED-64 to 27.90within 1.89s, compared to 217.65within 7 minutes in prior finest contributions. As to DFA on LED-128, TWO fault injections can reduce the key search space to 215.82 within 247.88s, compared to 221.96within 16 minutes in previous work. To the best of our knowledge, the scheme that we proposed is the most efficient fault attack on LED cryptosystems.