Differential Fault Analysis on Grøstl

Author

Fischer, Wieland ; Reuter, Christian A.

Author_Institution

Infineon Technol. AG, Neubiberg, Germany

fYear

2012

fDate

9-9 Sept. 2012

Firstpage

Lastpage

Abstract

This paper presents a DFA on Grøstl-256, a hash algorithm that imitates the main structures of AES. Although our attack is inspired by the classical fault attacks on AES these could not be adapted directly. The attack is able to completely recover the whole input message using a one-bit and a random-byte fault model. It needs 16 errors to invert the output transformation Ω_n and on average 280 errors for each compression step. When Grøstl is used in a keyed hash function like HMAC, this attack is able to retrieve the secret key from about 300 faulty outputs in less than three minutes.

Keywords

cryptography; fault diagnosis; AES; Grostl-256; differential fault analysis; hash algorithm; input message; one bit fault model; random byte fault model; Algorithm design and analysis; Computational modeling; Cryptography; Doped fiber amplifiers; Hardware; NIST; DFA; Differential Fault Analysis; Fault Attack; Grøstl; Hash Algorithm; SHA-3; Side Channel Attack;

fLanguage

English

Publisher

ieee

Conference_Titel

Fault Diagnosis and Tolerance in Cryptography (FDTC), 2012 Workshop on

Conference_Location

Leuven

Print_ISBN

978-1-4673-2900-2

Type

conf

DOI

10.1109/FDTC.2012.14

Filename

6305228

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=571470