Meet-in-the-middle differential fault analysis on Midori

Chunyan An; Wei Bai; Donglei Zhang; Chunyan An; Wei Bai; Donglei Zhang

doi:10.3934/era.2023344

Electronic Research Archive

2023, Volume 31, Issue 11: 6820-6832. doi: 10.3934/era.2023344

Previous Article Next Article

Research article Special Issues

Meet-in-the-middle differential fault analysis on Midori

1.
State Grid Smart Grid Research Institute Co., Ltd., Beijing 102209, China
2.
Electric Power Intelligent Sensing Technology Laboratory of State Grid Corporation, Beijing 102209, China

Received: 25 June 2023 Revised: 16 October 2023 Accepted: 17 October 2023 Published: 20 October 2023

Midori is a lightweight block cipher designed by Banik et al. and presented at the ASIACRYPT 2015 conference. According to the block size, it consists of two algorithms, denoted as Midori-64 and Midori-128. Midori generates 8-bit S-Boxes from 4-bit S-Boxes and applies almost MDS matrices instead of MDS matrices. In this paper, we introduce the meet-in-the-middle fault attack model in the 4-round cell-oriented fault propagation trail and reduce the key space in the last round by $ 2^{45.71} $ and $ 2^{39.86} $ for Midori-64 and Midori-128, respectively. For Midori-64, we reduce the time complexity from $ 2^{80} $ to $ 2^{28} $, $ 2^{32} $ and $ 2^{56} $ for the different single fault injection approaches. For Midori-128, we provide a 4-round fault attack method, which slightly increases the complexity compared to previous attacks. Our results indicate that the first and last four rounds of Midori must be protected to achieve its security.
- meet-in-the-middle attack,
- differential fault analysis,
- Midori,
- fault attack
Citation: Chunyan An, Wei Bai, Donglei Zhang. Meet-in-the-middle differential fault analysis on Midori[J]. Electronic Research Archive, 2023, 31(11): 6820-6832. doi: 10.3934/era.2023344

Related Papers:

Abstract

Midori is a lightweight block cipher designed by Banik et al. and presented at the ASIACRYPT 2015 conference. According to the block size, it consists of two algorithms, denoted as Midori-64 and Midori-128. Midori generates 8-bit S-Boxes from 4-bit S-Boxes and applies almost MDS matrices instead of MDS matrices. In this paper, we introduce the meet-in-the-middle fault attack model in the 4-round cell-oriented fault propagation trail and reduce the key space in the last round by $ 2^{45.71} $ and $ 2^{39.86} $ for Midori-64 and Midori-128, respectively. For Midori-64, we reduce the time complexity from $ 2^{80} $ to $ 2^{28} $, $ 2^{32} $ and $ 2^{56} $ for the different single fault injection approaches. For Midori-128, we provide a 4-round fault attack method, which slightly increases the complexity compared to previous attacks. Our results indicate that the first and last four rounds of Midori must be protected to achieve its security.

References

[1]	C. Dobraunig, M. Eichlseder, F. Mendel, M. Schläffer, Ascon v1.2: lightweight authenticated encryption and hashing, J. Cryptology, 34 (2021), 1–42. https://doi.org/10.1007/s00145-021-09398-9 doi: 10.1007/s00145-021-09398-9
[2]	T. Shirai, K. Shibutani, T. Akishita, S. Moriai, T. Iwata, The 128-bit blockcipher CLEFIA (extended abstract), in Fast Software Encryption (eds. A. Biryukov), Springer, (2007), 181–195. https://doi.org/10.1007/978-3-540-74619-5_12
[3]	D. Hong, J. Sung, S. Hong, J. Lim, S. Lee, B. Koo, et al., HIGHT: a new block cipher suitable for low-resource device, in Cryptographic Hardware and Embedded Systems (eds. L. Goubin, M. Matsui), Springer, (2006), 46–59. https://doi.org/10.1007/11894063_4
[4]	C. Cannière, O. Dunkelman, M. Knežević, KATAN and KTANTAN - a family of small and efficient hardware-oriented block ciphers, in Cryptographic Hardware and Embedded Systems (eds. C. Clavier, K. Gaj), Springer, (2009), 272–288. https://doi.org/10.1007/978-3-642-04138-9_20
[5]	J. Guo, T. Peyrin, A. Poschmann, M. Robshaw, The LED block cipher, in Cryptographic Hardware and Embedded Systems (eds. B. Preneel, T. Takagi), Springer, (2011), 326–341. https://doi.org/10.1007/978-3-642-23951-9_22
[6]	S. Banik, A. Bogdanov, T. Isobe, K. Shibutani, H. Hiwatari, T. Akishita, et al., Midori: a block cipher for low energy, in International Conference on the Theory and Application of Cryptology and Information Security (eds. T. Iwata, J. H. Cheon), Springer, (2015), 411–436. https://doi.org/10.1007/978-3-662-48800-3_17
[7]	K. Shibutani, T. Isobe, H. Hiwatari, A. Mitsuda, T. Akishita, T. Shirai, Piccolo: an ultra-lightweight blockcipher, in Cryptographic Hardware and Embedded Systems (eds. B. Preneel, T. Takagi), Springer, (2011), 342–357. https://doi.org/10.1007/978-3-642-23951-9_23
[8]	A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, et al., PRESENT: an ultra-lightweight block cipher, in Cryptographic Hardware and Embedded Systems (eds. P. Paillier, I. Verbauwhede), Springer, (2007), 450–466. https://doi.org/10.1007/978-3-540-74735-2_31
[9]	J. Borghoff, A. Canteaut, T. Güneysu, E. B. Kavun, M. Knezevic, L. R. Knudsen, et al., PRINCE - a low-latency block cipher for pervasive computing applications, in International Conference on the Theory and Application of Cryptology and Information Security (eds. X. Wang, K. Sako), Springer, (2012), 208–225. https://doi.org/10.1007/978-3-642-34961-4_14
[10]	X. Dong, Y. Shen, Cryptanalysis of reduced-round Midori64 block cipher, preprint. Available from: https://eprint.iacr.org/2016/676.
[11]	L. Lin, W. Wu, Meet-in-the-middle attacks on reduced-round Midori-64, IACR Trans. Symmetric Cryptology, 2017 (2017), 215–239. https://doi.org/10.13154/tosc.v2017.i1.215-239 doi: 10.13154/tosc.v2017.i1.215-239
[12]	Z. Chen, H. Chen, X. Wang, Cryptanalysis of Midori128 using impossible differential techniques, in Information Security Practice and Experience (eds. F. Bao, L. Chen, R. Deng, G. Wang), Springer, (2016), 1–12. https://doi.org/10.1007/978-3-319-49151-6_1
[13]	M. Tolba, A. Abdelkhalek, A. M. Youssef, Improved multiple impossible differential cryptanalysis of Midori128, in IEICE Transactions on Fundamentals of Electronics, Communications and Computer, E100-A (2017), 1733–1737. https://doi.org/10.1587/transfun.E100.A.1733
[14]	A. R. Shahmirzadi, S. A. Azimi, M. Salmasizadeh, J. Mohajeri, M. R. Aref, Impossible differential cryptanalysis of reduced-round Midori64 block cipher, ISC Int. J. Inf. Secur., 10 (2018), 3–13. https://doi.org/10.22042/isecure.2018.110672.399 doi: 10.22042/isecure.2018.110672.399
[15]	W. Cheng, Y. Zhou, L. Sauvage, Differential fault analysis on Midori, in Information and Communications Security (eds. K. Y. Lam, C. H. Chi, S. Qing), Springer, (2016), 307–317. https://doi.org/10.1007/978-3-319-50011-9_24
[16]	Y. Wang, X. Zhao, F. Zhang, S. Guo, L. Wu, W. Li, et al., Security evaluation for fault attacks on lightweight block cipher Midori, J. Cryptologic Res., 4 (2017), 58–78. https://doi.org/10.13868/j.cnki.jcr.000163 doi: 10.13868/j.cnki.jcr.000163
[17]	Y. Nozaki, Y. Ikezaki, M. Yoshikawa, Two stages statistical fault analysis method for Midori and its evaluation, Electron. Commun. Jpn., 101 (2018), 3–11. https://doi.org/ 10.1002/ecj.12057 doi: 10.1002/ecj.12057
[18]	W. Li, L. Liao, D. Gu, S. Cao, Y. Wu, J. Li, et al., Ciphertext-only fault analysis on the Midori lightweight cryptosystem, Sci. China Inf. Sci., 63 (2020), 139112. https://doi.org/10.1007/s11432-018-9522-6 doi: 10.1007/s11432-018-9522-6
[19]	E. Biham, A. Shamir, Differential cryptanalysis of DES-like cryptosystems, in Conference on the Theory and Application of Cryptography (eds. A. J. Menezes, S. A. Vanstone), Springer, (1990), 2–21. https://doi.org/10.1007/3-540-38424-3_1
[20]	C. Giraud, DFA on AES, in International Conference on Advanced Encryption Standard (eds. H. Dobbertin, V. Rijmen, A. Sowa), Springer, (2004), 27–41. https://doi.org/10.1007/11506447_4
[21]	M. Tunstall, D. Mukhopadhyay, S. Ali, Differential fault analysis of the advanced encryption standard using a single fault, in Information Security Theory and Practice (eds. C. A. Ardagna, J. Zhou), Springer, (2011), 224–233. https://doi.org/10.1007/978-3-642-21040-2_15
[22]	L. Hemme, A differential fault attack against early rounds of (triple-)DES, in Cryptographic Hardware and Embedded Systems (eds. M. Joye, J. J. Quisquater), Springer, (2004), 254–267. https://doi.org/10.1007/978-3-540-28632-5_19
[23]	R. Li, B. Sun, C. Li, J. You, Differential Fault Analysis on SMS4 using a single fault, Inf. Process. Lett., 111 (2011), 156–163. https://doi.org/10.1016/j.ipl.2010.11.011 doi: 10.1016/j.ipl.2010.11.011
[24]	C. Clavier, B. Feix, G. Gagnerot, M. Roussellet, Passive and active combined attacks on AES combining fault attacks and side channel analysis, in 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography, (2010), 10–19. https://doi.org/10.1109/FDTC.2010.17
[25]	M. Rivain, Differential fault analysis on DES middle rounds, in Cryptographic Hardware and Embedded Systems (eds. C. Clavier, K. Gaj), Springer, (2009), 457–469. https://doi.org/10.1007/978-3-642-04138-9_32
[26]	P. Derbez, P. A. Fouque, D. Leresteux, Meet-in-the-middle and impossible differential fault analysis on AES, in Cryptographic Hardware and Embedded Systems (eds. B. Preneel, T. Takagi), Springer, (2011), 274–291. https://doi.org/10.1007/978-3-642-23951-9_19

Reader Comments

Your name:*

Email:*
© 2023 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)