Abstract
Abstract In this paper, we present two differential fault analyses on PRESENT-80 which is a lightweight block cipher. The first attack is a basic attack which induces a fault on only one bit of intermediate states, and we can obtain the last subkey of the block cipher, given 48 faulty cipher texts on average. The second attack can retrieve the master key of the block cipher, given 18 faulty cipher texts on average. In the latter attack, we assume that we can induce faults on a single nibble of intermediate states. Given those faulty cipher texts, the computational complexity of attacks is negligible.
Highlights
IntroductionA fault may be induced with these external impacts; we know neither the location nor the value of the fault
Boneh et al introduced the fault attack in September 1996[1]
In October 1996, Biham and Shamir published an attack on secret key cryptosystems called differential fault analysis (DFA) which combined the ideas of fault attack and differential attack [2]
Summary
A fault may be induced with these external impacts; we know neither the location nor the value of the fault. This attack is commonly used to analyze the security of cryptosystems. The block length is 64 bits, and two key lengths of 80 and 128 bits are supported [19], denoted by PRESENT80 and PRESENT-128, respectively. Several basic attacks such as differential cryptanalysis, linear cryptanalysis, and their variants have been applied on PRESENT already [20,21,22,23]. We concentrate on the security of PRESENT-80 against DFA attack
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
