Research article Special Issues

Meet-in-the-middle differential fault analysis on Midori

  • Received: 25 June 2023 Revised: 16 October 2023 Accepted: 17 October 2023 Published: 20 October 2023
  • Midori is a lightweight block cipher designed by Banik et al. and presented at the ASIACRYPT 2015 conference. According to the block size, it consists of two algorithms, denoted as Midori-64 and Midori-128. Midori generates 8-bit S-Boxes from 4-bit S-Boxes and applies almost MDS matrices instead of MDS matrices. In this paper, we introduce the meet-in-the-middle fault attack model in the 4-round cell-oriented fault propagation trail and reduce the key space in the last round by $ 2^{45.71} $ and $ 2^{39.86} $ for Midori-64 and Midori-128, respectively. For Midori-64, we reduce the time complexity from $ 2^{80} $ to $ 2^{28} $, $ 2^{32} $ and $ 2^{56} $ for the different single fault injection approaches. For Midori-128, we provide a 4-round fault attack method, which slightly increases the complexity compared to previous attacks. Our results indicate that the first and last four rounds of Midori must be protected to achieve its security.

    Citation: Chunyan An, Wei Bai, Donglei Zhang. Meet-in-the-middle differential fault analysis on Midori[J]. Electronic Research Archive, 2023, 31(11): 6820-6832. doi: 10.3934/era.2023344

    Related Papers:

  • Midori is a lightweight block cipher designed by Banik et al. and presented at the ASIACRYPT 2015 conference. According to the block size, it consists of two algorithms, denoted as Midori-64 and Midori-128. Midori generates 8-bit S-Boxes from 4-bit S-Boxes and applies almost MDS matrices instead of MDS matrices. In this paper, we introduce the meet-in-the-middle fault attack model in the 4-round cell-oriented fault propagation trail and reduce the key space in the last round by $ 2^{45.71} $ and $ 2^{39.86} $ for Midori-64 and Midori-128, respectively. For Midori-64, we reduce the time complexity from $ 2^{80} $ to $ 2^{28} $, $ 2^{32} $ and $ 2^{56} $ for the different single fault injection approaches. For Midori-128, we provide a 4-round fault attack method, which slightly increases the complexity compared to previous attacks. Our results indicate that the first and last four rounds of Midori must be protected to achieve its security.



    加载中


    [1] C. Dobraunig, M. Eichlseder, F. Mendel, M. Schläffer, Ascon v1.2: lightweight authenticated encryption and hashing, J. Cryptology, 34 (2021), 1–42. https://doi.org/10.1007/s00145-021-09398-9 doi: 10.1007/s00145-021-09398-9
    [2] T. Shirai, K. Shibutani, T. Akishita, S. Moriai, T. Iwata, The 128-bit blockcipher CLEFIA (extended abstract), in Fast Software Encryption (eds. A. Biryukov), Springer, (2007), 181–195. https://doi.org/10.1007/978-3-540-74619-5_12
    [3] D. Hong, J. Sung, S. Hong, J. Lim, S. Lee, B. Koo, et al., HIGHT: a new block cipher suitable for low-resource device, in Cryptographic Hardware and Embedded Systems (eds. L. Goubin, M. Matsui), Springer, (2006), 46–59. https://doi.org/10.1007/11894063_4
    [4] C. Cannière, O. Dunkelman, M. Knežević, KATAN and KTANTAN - a family of small and efficient hardware-oriented block ciphers, in Cryptographic Hardware and Embedded Systems (eds. C. Clavier, K. Gaj), Springer, (2009), 272–288. https://doi.org/10.1007/978-3-642-04138-9_20
    [5] J. Guo, T. Peyrin, A. Poschmann, M. Robshaw, The LED block cipher, in Cryptographic Hardware and Embedded Systems (eds. B. Preneel, T. Takagi), Springer, (2011), 326–341. https://doi.org/10.1007/978-3-642-23951-9_22
    [6] S. Banik, A. Bogdanov, T. Isobe, K. Shibutani, H. Hiwatari, T. Akishita, et al., Midori: a block cipher for low energy, in International Conference on the Theory and Application of Cryptology and Information Security (eds. T. Iwata, J. H. Cheon), Springer, (2015), 411–436. https://doi.org/10.1007/978-3-662-48800-3_17
    [7] K. Shibutani, T. Isobe, H. Hiwatari, A. Mitsuda, T. Akishita, T. Shirai, Piccolo: an ultra-lightweight blockcipher, in Cryptographic Hardware and Embedded Systems (eds. B. Preneel, T. Takagi), Springer, (2011), 342–357. https://doi.org/10.1007/978-3-642-23951-9_23
    [8] A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, et al., PRESENT: an ultra-lightweight block cipher, in Cryptographic Hardware and Embedded Systems (eds. P. Paillier, I. Verbauwhede), Springer, (2007), 450–466. https://doi.org/10.1007/978-3-540-74735-2_31
    [9] J. Borghoff, A. Canteaut, T. Güneysu, E. B. Kavun, M. Knezevic, L. R. Knudsen, et al., PRINCE - a low-latency block cipher for pervasive computing applications, in International Conference on the Theory and Application of Cryptology and Information Security (eds. X. Wang, K. Sako), Springer, (2012), 208–225. https://doi.org/10.1007/978-3-642-34961-4_14
    [10] X. Dong, Y. Shen, Cryptanalysis of reduced-round Midori64 block cipher, preprint. Available from: https://eprint.iacr.org/2016/676.
    [11] L. Lin, W. Wu, Meet-in-the-middle attacks on reduced-round Midori-64, IACR Trans. Symmetric Cryptology, 2017 (2017), 215–239. https://doi.org/10.13154/tosc.v2017.i1.215-239 doi: 10.13154/tosc.v2017.i1.215-239
    [12] Z. Chen, H. Chen, X. Wang, Cryptanalysis of Midori128 using impossible differential techniques, in Information Security Practice and Experience (eds. F. Bao, L. Chen, R. Deng, G. Wang), Springer, (2016), 1–12. https://doi.org/10.1007/978-3-319-49151-6_1
    [13] M. Tolba, A. Abdelkhalek, A. M. Youssef, Improved multiple impossible differential cryptanalysis of Midori128, in IEICE Transactions on Fundamentals of Electronics, Communications and Computer, E100-A (2017), 1733–1737. https://doi.org/10.1587/transfun.E100.A.1733
    [14] A. R. Shahmirzadi, S. A. Azimi, M. Salmasizadeh, J. Mohajeri, M. R. Aref, Impossible differential cryptanalysis of reduced-round Midori64 block cipher, ISC Int. J. Inf. Secur., 10 (2018), 3–13. https://doi.org/10.22042/isecure.2018.110672.399 doi: 10.22042/isecure.2018.110672.399
    [15] W. Cheng, Y. Zhou, L. Sauvage, Differential fault analysis on Midori, in Information and Communications Security (eds. K. Y. Lam, C. H. Chi, S. Qing), Springer, (2016), 307–317. https://doi.org/10.1007/978-3-319-50011-9_24
    [16] Y. Wang, X. Zhao, F. Zhang, S. Guo, L. Wu, W. Li, et al., Security evaluation for fault attacks on lightweight block cipher Midori, J. Cryptologic Res., 4 (2017), 58–78. https://doi.org/10.13868/j.cnki.jcr.000163 doi: 10.13868/j.cnki.jcr.000163
    [17] Y. Nozaki, Y. Ikezaki, M. Yoshikawa, Two stages statistical fault analysis method for Midori and its evaluation, Electron. Commun. Jpn., 101 (2018), 3–11. https://doi.org/ 10.1002/ecj.12057 doi: 10.1002/ecj.12057
    [18] W. Li, L. Liao, D. Gu, S. Cao, Y. Wu, J. Li, et al., Ciphertext-only fault analysis on the Midori lightweight cryptosystem, Sci. China Inf. Sci., 63 (2020), 139112. https://doi.org/10.1007/s11432-018-9522-6 doi: 10.1007/s11432-018-9522-6
    [19] E. Biham, A. Shamir, Differential cryptanalysis of DES-like cryptosystems, in Conference on the Theory and Application of Cryptography (eds. A. J. Menezes, S. A. Vanstone), Springer, (1990), 2–21. https://doi.org/10.1007/3-540-38424-3_1
    [20] C. Giraud, DFA on AES, in International Conference on Advanced Encryption Standard (eds. H. Dobbertin, V. Rijmen, A. Sowa), Springer, (2004), 27–41. https://doi.org/10.1007/11506447_4
    [21] M. Tunstall, D. Mukhopadhyay, S. Ali, Differential fault analysis of the advanced encryption standard using a single fault, in Information Security Theory and Practice (eds. C. A. Ardagna, J. Zhou), Springer, (2011), 224–233. https://doi.org/10.1007/978-3-642-21040-2_15
    [22] L. Hemme, A differential fault attack against early rounds of (triple-)DES, in Cryptographic Hardware and Embedded Systems (eds. M. Joye, J. J. Quisquater), Springer, (2004), 254–267. https://doi.org/10.1007/978-3-540-28632-5_19
    [23] R. Li, B. Sun, C. Li, J. You, Differential Fault Analysis on SMS4 using a single fault, Inf. Process. Lett., 111 (2011), 156–163. https://doi.org/10.1016/j.ipl.2010.11.011 doi: 10.1016/j.ipl.2010.11.011
    [24] C. Clavier, B. Feix, G. Gagnerot, M. Roussellet, Passive and active combined attacks on AES combining fault attacks and side channel analysis, in 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography, (2010), 10–19. https://doi.org/10.1109/FDTC.2010.17
    [25] M. Rivain, Differential fault analysis on DES middle rounds, in Cryptographic Hardware and Embedded Systems (eds. C. Clavier, K. Gaj), Springer, (2009), 457–469. https://doi.org/10.1007/978-3-642-04138-9_32
    [26] P. Derbez, P. A. Fouque, D. Leresteux, Meet-in-the-middle and impossible differential fault analysis on AES, in Cryptographic Hardware and Embedded Systems (eds. B. Preneel, T. Takagi), Springer, (2011), 274–291. https://doi.org/10.1007/978-3-642-23951-9_19
  • Reader Comments
  • © 2023 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

Metrics

Article views(1016) PDF downloads(43) Cited by(2)

Article outline

Figures and Tables

Figures(2)  /  Tables(3)

Other Articles By Authors

/

DownLoad:  Full-Size Img  PowerPoint
Return
Return

Catalog