Improved Multi-Bit Differential Fault Analysis of Trivium

Abstract

Very few differential fault attacks (DFA) were reported on Trivium so far. In 2012, Yupu Hu et al. [4] relaxed adversarial power and allowed faults in random area within eight neighbouring bits at random time but with the major limitation that after each fault injection, the fault positions must not be from different registers. In this paper we present a generic attack strategy that allows the adversary to challenge the cipher under different multi-bit fault models with faults at any unknown random keystream generation round even if bit arrangement of the actual cipher device is unknown and thereby removing the limitation of Yupu Hu et al. To the best of our knowledge, this paper assumes the weakest adversarial power ever considered in the open literature for DFA on Trivium. In particular, if faults are allowed in random area within nine neighbouring bits at random time anywhere in the three registers and the fault injection (at keystream generation) rounds are uniformly distributed over $$\{t,\ldots ,t+49\}$$ , for any unknown $$t\ge 1$$ , then 4 faults always break the cipher, which is a significant improvement over Yupu Hu et al.