Meet-in-the-middle differential fault analysis on Midori

Abstract

<abstract><p>Midori is a lightweight block cipher designed by Banik et al. and presented at the ASIACRYPT 2015 conference. According to the block size, it consists of two algorithms, denoted as Midori-64 and Midori-128. Midori generates 8-bit S-Boxes from 4-bit S-Boxes and applies almost MDS matrices instead of MDS matrices. In this paper, we introduce the meet-in-the-middle fault attack model in the 4-round cell-oriented fault propagation trail and reduce the key space in the last round by $ 2^{45.71} $ and $ 2^{39.86} $ for Midori-64 and Midori-128, respectively. For Midori-64, we reduce the time complexity from $ 2^{80} $ to $ 2^{28} $, $ 2^{32} $ and $ 2^{56} $ for the different single fault injection approaches. For Midori-128, we provide a 4-round fault attack method, which slightly increases the complexity compared to previous attacks. Our results indicate that the first and last four rounds of Midori must be protected to achieve its security.</p></abstract>