Open AccessFault Analysis on a New Block Cipher DBlock with at Most Two Fault Injections
Author(s) -
Feng Jingyi,
Chen Hua,
Gao Si,
Cao Weiqiong,
Fan Limin,
Zhu Shaofeng
Publication year - 2018
Publication title -
chinese journal of electronics
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.267
H-Index - 25
eISSN - 2075-5597
pISSN - 1022-4653
DOI - 10.1049/cje.2018.09.003
Subject(s) - block cipher , computer science , key (lock) , bijection , byte , algorithm , block (permutation group theory) , arithmetic , theoretical computer science , cryptography , parallel computing , mathematics , discrete mathematics , combinatorics , computer security , computer hardware
DBlock is a new family of block ciphers proposed by Wu et al. in Science China in 2015, which consists of three variants specified as DBlock‐128/192/256. DBlock‐ n employs a 20‐round Feistel‐type structure with n ‐bit block size and n ‐bit key size. We propose the first fault analysis on DBlock and show that no more than 2 pairs of correct/faulty ciphertexts are needed to retrieve the master key. In the attack, a byte‐oriented fault is injected in round 16, and three properties including diffierential distribution of the Sbox, bijection nature of the linear function and Feistel‐type key scheduling are fully utilized to distinguish between the correct and wrong keys. A fault position guessing strategy based on known intermediates is adopted, which efficiently makes the known‐fault attack apply to the random fault model. The experimental results show that, with a pair of ciphertexts, 11.820‐bit exhaustive search is needed to derive the whole 128‐bit key on average. With 2 pairs of ciphertexts, the unique key can be determined within 6.5 minutes.