Title :
Differential Fault Analysis on the SHA1 Compression Function
Author :
Hemme, Ludger ; Hoffmann, Lars
Author_Institution :
Giesecke & Devrient GmbH, Munich, Germany
Abstract :
In FDTC 2009, Li et al. published a DFA attack [20] against the symmetric block cipher SHACAL1 [11]. This block cipher substantially consists of the compression function of the hash function SHA1 [16] except for the final addition operation. When using the SHA1 compression function as a primitive in a keyed hash function like HMAC-SHA1 [17] or in a key derivation function it might be of some interest if the attack of Li et al. also applies to the SHA1 compression function. However, the final addition operation turns out to completely prevent this direct application. In this paper we extend the attack of Li et al. in order to overcome the problem of the final addition and to extract the secret inputs of the SHA1 compression function by analysing faulty outputs. Our implementation of the new attack needs about 1000 faulty outputs and a computation time of three hours on a normal PC to fully extract the secret inputs with high probability.
Keywords :
cryptography; data compression; 2011; DFA attack; SHA1 compression function; SHA1 hash function; SHACAL1 symmetric block cipher; differential fault analysis; Computational modeling; Context; Doped fiber amplifiers; Encryption; Equations; Mathematical model; Registers; DFA; SHA1 compression function; key derivation functions; keyed hash functions;
Conference_Titel :
Fault Diagnosis and Tolerance in Cryptography (FDTC), 2011 Workshop on
Conference_Location :
Nara
Print_ISBN :
978-1-4577-1463-4
DOI :
10.1109/FDTC.2011.16
