An Automated Framework for Analysis and Evaluation of Algebraic Fault Attacks on Lightweight Block Ciphers

  • Fan ZhangEmail author
  • Bolin Yang
  • Shize Guo
  • Xinjie Zhao
  • Tao Wang
  • Francois-Xavier Standaert
  • Dawu Gu


Algebraic fault analysis (AFA), which combines algebraic cryptanalysis with fault attacks, has represented serious threats to the security of lightweight block ciphers. Inspired by an earlier framework for the analysis of side-channel attacks presented at EUROCRYPT 2009, a new generic framework is proposed to analyze and evaluate algebraic fault attacks on lightweight block ciphers. We interpret AFA at three levels: the target, the adversary, and the evaluator. We describe the capability of an adversary in four parts: the fault injector, the fault model describer, the cipher describer, and the machine solver. A formal fault model is provided to cover most of the current fault attacks. Different strategies of building optimal equation set are also provided to accelerate the solving process. At the evaluator level, we consider the approximate information metric and the actual security metric. These metrics can be used to guide adversaries, cipher designers, and industrial engineers. To verify the feasibility of the proposed framework, we make a comprehensive study of AFA on an ultra-lightweight block cipher called LBlock. Three scenarios are exploited which include injecting a fault to encryption, to key scheduling, or modifying the round number or counter. Our best results show that a single fault injection is enough to recover the master key of LBlock within the affordable complexity in each scenario.



This work was supported in part by the National Natural Science Foundation of China under the grants 61472357 and 61571063, the Zhejiang University Fundamental Research Funds for the Central Universities under the grant 2018QNA5005, the Open Fund of State Key Laboratory of Cryptology under the grand MMKFKT201805, the Alibaba-Zhejiang University Joint Institute of Frontier Technologies, the Major Scientific Research Project of Zhejiang Lab under the grant 2018FD0ZX01, and the European Commission through the ERC project 280141 (acronym CRASH).


  1. 1.
    H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, C. Whelan, The Sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)CrossRefGoogle Scholar
  2. 2.
    E. Biham, A. Shamir, Differential fault analysis of secret key cryptosystems, in B.S. Kaliski Jr. (eds.), Advances in Cryptology - CRYPTO ’97. Lecture Notes in Computer Science, vol. 1294 (Springer, Berlin, 1997), pp. 513–525Google Scholar
  3. 3.
    A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar, A. Poschmann, M.J. Robshaw, Y. Seurin, C. Vikkelsoe, PRESENT: an ultra-lightweight block cipher, in Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems, CHES ’07 (Springer, Berlin, 2007), pp. 450–466zbMATHGoogle Scholar
  4. 4.
    M. Cazorla, K. Marquet, M. Minier, Survey and benchmark of lightweight block ciphers for wireless sensor networks, in SECRYPT (2013), pp. 543–548Google Scholar
  5. 5.
    H. Chen, L. Fan, Integral based fault attack on LBlock, in ICISC (2014), pp. 227–240Google Scholar
  6. 6.
    H. Choukri, M. Tunstall, Round reduction using faults, in FDTC (2015), pp. 13–24Google Scholar
  7. 7.
    N.T. Courtois, J. Pieprzyk, Cryptanalysis of block ciphers with overdefined systems of equations, in Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT), Queenstown, December 2002 (Springer, Berlin, 2002), pp. 267–287Google Scholar
  8. 8.
    N.T. Courtois, K. Jackson, D. Ware, Fault-algebraic attacks on inner rounds of des, in e-Smart’10 Proceedings: The Future of Digital Security Technologies (Strategies Telecom and Multimedia, Montreuil, 2010)Google Scholar
  9. 9.
    A. Dehbaoui, A.-P. Mirbaha, N. Moro, J.-M. Dutertre, A. Tria, Electromagnetic glitch on the AES round counter, in International Workshop on Constructive Side-Channel Analysis and Secure Design (Springer, Berlin, 2013), pp. 17–31Google Scholar
  10. 10.
    D. Dinu, Y. Le Corre, D. Khovratovich, L. Perrin, J. Großschädl, A. Biryukov, Triathlon of lightweight block ciphers for the internet of things. J. Cryptogr. Eng. 209, 1–20 (2015)Google Scholar
  11. 11.
    K. Jeong, C. Lee, J.I. Lim, Improved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks. EURASIP J. Wirel. Commun. Netw. 2013(151), 1–9 (2013)Google Scholar
  12. 12.
    P. Jovanovic, M. Kreuzer, I. Polian, An algebraic fault attack on the LED block cipher. IACR Cryptol. ePrint Archive 2012, 400 (2012)zbMATHGoogle Scholar
  13. 13.
    L. Knudsen, C. Miolane, Counting equations in algebraic attacks on block ciphers. Int. J. Inf. Secur. 9(2), 127–135 (2010)CrossRefGoogle Scholar
  14. 14.
    W. Li, J. Zhao, X. Zhao, J. Zhu, Algebraic fault analysis on LBlock under nibble-based fault model, in IMCCC (2013), pp. 1525–1529Google Scholar
  15. 15.
    NIST, Data encryption standard. Federal Information Processing Standards Publications, May 1977Google Scholar
  16. 16.
    B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, Twofish: A 128-bit block cipher. NIST AES Proposal, 15 June 1998Google Scholar
  17. 17.
    F.-X. Standaert, T. Malkin, M. Yung, A unified framework for the analysis of side-channel key recovery attacks, in EUROCRYPT (2009), pp. 443–461Google Scholar
  18. 18.
    W. Wu, L. Zhang, LBlock: a lightweight block cipher, in ACNS (2011), pp. 327–344Google Scholar
  19. 19.
    F. Zhang, X. Zhao, S. Guo, T. Wang, Z. Shi, Improved algebraic fault analysis: a case study on piccolo and applications to other lightweight block ciphers, in Proceedings of the 4th International Workshop Constructive Side-Channel Analysis Secure Design (COSADE), Paris, March 2013 (Springer, Berlin, 2013), pp. 62–79Google Scholar
  20. 20.
    L. Zhao, T. Nishide, K. Sakurai, Differential fault analysis of full LBlock, in COSADE (2012), pp. 135–150Google Scholar
  21. 21.
    X. Zhao, S. Guo, F. Zhang, T. Wang, Z. Shi, K. Ji, Algebraic differential fault attacks on LED using a single fault injection, in IACR Cryptology ePrint Archive (2012)Google Scholar
  22. 22.
    X. Zhao, S. Guo, F. Zhang, Z. Shi, C. Ma, T. Wang, Improving and evaluating differential fault analysis on LED with algebraic techniques, in Proceedings of the 10th IEEE Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), Santa Barbara, August 2013 (IEEE, Los Alamitos, 2013), pp. 41–51Google Scholar
  23. 23.
    X. Zhao, S. Guo, F. Zhang, T. Wang, Z. Shi, D. Gu, C. Ma, Algebraic fault analysis on GOST for key recovery and reverse engineering, in FDTC (2014), pp. 29–39Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Fan Zhang
    • 1
    • 2
    • 3
    Email author
  • Bolin Yang
    • 1
  • Shize Guo
    • 4
  • Xinjie Zhao
    • 4
  • Tao Wang
    • 5
  • Francois-Xavier Standaert
    • 6
  • Dawu Gu
    • 7
  1. 1.College of Information Science and Electronic EngineeringZhejiang UniversityHangzhouChina
  2. 2.Institute of Cyberspace ResearchZhejiang UniversityHangzhouChina
  3. 3.State Key Laboratory of CryptologyBeijingChina
  4. 4.Institute of North Electronic EquipmentBeijingChina
  5. 5.Department of Information EngineeringOrdnance Engineering CollegeHebeiChina
  6. 6.UCL Crypto GroupLouvain-la-NeuveBelgium
  7. 7.Department of Computer Science and EngineeringShanghai Jiao Tong UniversityShanghaiChina

Personalised recommendations