Paper Info
Title
Fault attacks on combiners with memory
Abstract
Fault attacks are powerful cryptanalytic tools that are applicable to many types of cryptosystems. Recently, general techniques have been developed which can be used to attack many standard constructions of stream ciphers based on LFSR's. Some more elaborated methods have been invented to attack RC4. These fault attacks are not applicable in general to combiners with memory. In this paper, techniques are developed that specifically allow to attack this class of stream ciphers. These methods are expected to work against any LFSR-based construction that uses only a small memory and few input bits in its output function. In particular, efficient attacks are described against the stream cipher E0 used in Bluetooth, either by inducing faults in the memory or in one of its LFSR's. In both cases, the outputs derived from the faulty runs finally allow to describe the secret key by a system of linear equations. Computer simulations showed that inducing 12 faults sufficed in most cases if about 2500 output bits were available. Another specific fault attack is developed against the stream cipher SNOW 2.0, whose output function has a 64-bit memory. Similar to E0, the secret key is finally the solution of a system of linear equations. We expect that one fault is enough if about 212 output words are known.
Year
DOI
Venue
2005
10.1007/11693383_3
Selected Areas in Cryptography
Keywords
Field
DocType
64-bit memory,output function,specific fault attack,linear equation,output word,secret key,output bit,fault attack,small memory,efficient attack,computer simulation,stream cipher,linear equations,lfsr
System of linear equations,Computer science,Algorithm,Cryptosystem,Stream cipher,Correlation attack,RC4,Fault attack,Stream cipher attack,Computer engineering,Bluetooth
Conference
Volume
ISSN
ISBN
3897
0302-9743
3-540-33108-5
Citations 
PageRank 
References 
6
0.57
16
Authors
2
Name
Order
Citations
PageRank
Frederik Armknecht1100068.65
Willi Meier267534.67