[PDF] Top 20 Multi-Stage Fault Attacks on Block Ciphers

... Small mobile and embedded devices, like RFID chips and nodes of sensor networks, increasingly find their way into our everyday life. In many cases they are utilised to process sensitive (personal) data, for example in ... See full document

... SPN block ciphers. Standard fault detection mechanisms such as spatial and temporal redun- dancy could potentially increase the number of fault injec- tions required; but they can be bypassed ... See full document

... Timing attacks such as [6, 8, 10, 30, 39, 40], on the other hand just require knowledge of the overall execution time of the ...trace attacks, timing measurements can easily be ...access attacks that ... See full document

... Error detection schemes based on time redundancy often suffer from the inability to detect permanent faults. RERO (Recomputing with Rotated Operands) is a technique for concurrent error detection introduced for ... See full document

... determine the number of rounds that need to be protected against DFA for a cryptographic implementation, we have designed an addition to TADA that implements Algorithm 4. Here we utilize the attacks found in ... See full document

... possible fault for a cryptosystem is maliciously exploitable, and evaluation of the exploitability of a fault is ...the fault space of a cryptosystem. Unfortunately, the fault space is ... See full document

... of block ciphers against differential fault ...64-bit block sizes, called KATAN32, KATAN48 and KATAN64, ...single-bit fault injection model where the adversary is supposed to be able to ... See full document

... Abstract—Classical fault attacks such as Differential Fault Analysis (DFA) as well as biased fault attacks such as the Differential Fault Intensity Analysis (DFIA) have been a ... See full document

... template-based fault injection analysis of FPGA-based block cipher ...template attacks have been a popular form of side-channel analysis in the cryptographic literature, the use of templates in the ... See full document

... (SCA) attacks such as the Differential Power Analysis (DPA) and the Correlation Power Analysis (CPA), as well as active fault anal- ysis (FA) attacks such as Differential Fault Analysis (DFA) ... See full document

... any block cipher (including already proposed ones) at the expense of under utilization of ...tweakable block ciphers, no synchronization is required between the sender (Alice) and the recipient ... See full document

... The output of the cipher text is produced by the plaintext and the temporal key. The CBC-MAC is used to produce the message authentication code by discarding the cipher text except the last one. CBC-MAC is vulnerable for ... See full document

... lightweight block cipher which has 40 bits key size, 40 bits block size and used Feistel ...Lightweight block ciphers rely more on basic operations such as bit wise XOR, bit wise AND, 4 * 4 ... See full document

... on multi-stage blockchain by introducing a malicious user called the spy, inside an honest ...the stage completion in the honest ...the Multi-Stage Blockchain [3] irrespective of the ... See full document

... tweakable block ciphers, which shares similarities to ...a block-cipher-based PRF which yields the block-cipher key for the current message; the counter is hashed with a uni- versal hash ... See full document

... Recently, in [6] a variant of Matsui’s algorithm is proposed which is applicable to the class of ARX ciphers. What is special about the latter is that they do not have S-boxes. Instead they rely on basic ... See full document

... tradeoff attacks using a large number of distributed ...stream ciphers, which incorporates data into the tradeoff, can be effectively distributed to reduce both time and memory, while other approaches are ... See full document

... of block ciphers for encipherment of messages or files of block ciphers for encipherment of messages or files in large units and small units, sometimes pure stream in large units and small ... See full document

... key-alternating ciphers? Secondly, we believe that better nibble positions permutation h 0 might exist for the STK construction, compared the one we used in Deoxys-BC and ...AES-like ciphers remains an open ... See full document

... describe block ciphers that utilize 2 operations: X) bitwise modulo 2 ad- dition of binary words and S) substitution of words using key-dependent S-boxes with possibly complicated internal ...linear ... See full document