Skip to main content
SpringerLink
Log in

Differential Fault Analysis of SHA-3

  • Conference paper
  • First Online:
Progress in Cryptology -- INDOCRYPT 2015 (INDOCRYPT 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9462))

Included in the following conference series:

Abstract

In this paper we present the first differential fault analysis (DFA) of SHA-3. This attack can recover the internal state of two versions of SHA-3 (namely, SHA3-512 and SHA3-384) and can be used to forge MAC’s which are using these versions of SHA-3. Assuming that the attacker can inject a random single bit fault on the intermediate state of the hash computation, and given the output of the SHA-3 version for a correct message and 80 faulty messages, we can extract 1592 out of the 1600 bits of the compression function’s internal state. To the best of our knowledge, this is the first public analysis of SHA-3 against DFA. Although our results do not compromise any security claim of SHA-3, it shows the feasibility of DFA on this scheme and possibly other Sponge based MACs and increases our understanding of SHA-3.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ali, S., Mukhopadhyay, D., Tunstall, M.: Differential fault analysis of AES: towards reaching its limits. J. Crypt. Eng. 3(2), 73–97 (2013)

    Article  Google Scholar 

  2. AlTawy, R., Youssef, A.M.: Differential fault analysis of streebog. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 35–49. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  3. Aumasson, J.-P., Meier, W.: Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi. Rump session of Cryptographic Hardware and Embedded Systems-CHES 2009, p. 67 (2009)

    Google Scholar 

  4. Banik, S., Maitra, S.: A differential fault attack on MICKEY 2.0. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 215–232. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  5. Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family of stream ciphers. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 122–139. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  6. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)

    Google Scholar 

  7. Benoît, O., Peyrin, T.: Side-channel analysis of six SHA-3 candidates. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 140–157. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  8. Bertoni, G., Daemen, J., Peeters, M.: Cryptographic sponge functions. Report, STMicroelectronics, Antwerp, Belgium, January 2011

    Google Scholar 

  9. Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak SHA-3 submission (2009)

    Google Scholar 

  10. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  11. Boura, C., Canteaut, A.: A zero-sum property for the Keccak-f permutation with 18 rounds. In: ISIT 2010s, pp. 2488–2492. IEEE (2010)

    Google Scholar 

  12. Boura, C., Canteaut, A.: Zero-sum distinguishers for iterated permutations and application to Keccak-f and Hamsi-256. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 1–17. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  13. Boura, C., Canteaut, A., De Cannière, C.: Higher-order differential properties of Keccak and Luffa. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 252–269. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  14. Chakraborti, A., Chang, D., Nandi, M.: Fault based forgeries on CLOC and SILC. In: Latincrypt, LNCS. Springer (2015). https://groups.google.com/forum/#!topic/crypto-competitions/_qxORmqcSrY

  15. Das, S., Meier, W.: Differential biases in reduced-round Keccak. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT. LNCS, vol. 8469, pp. 69–87. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  16. Dey, P., Chakraborty, A., Adhikari, A., Mukhopadhyay, D.: Improved practical differential fault analysis of Grain-128. DATE 2015, 459–464 (2015)

    Google Scholar 

  17. Dinur, I., Dunkelman, O., Shamir, A.: New attacks on Keccak-224 and Keccak-256. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 442–461. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  18. Dinur, I., Dunkelman, O., Shamir, A.: Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 219–240. Springer, Heidelberg (2014)

    Google Scholar 

  19. Dinur, I., Dunkelman, O., Shamir, A.: Improved practical attacks on round-reduced Keccak. J. Crypt. 27(2), 183–209 (2014)

    Article  MATH  MathSciNet  Google Scholar 

  20. Dinur, I., Morawiecki, P., Pieprzyk, J., Srebrny, M., Straus, M.: Cube attacks and cube-attack-like cryptanalysis on the round-reduced Keccak sponge function. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 733–761. Springer, Heidelberg (2015)

    Google Scholar 

  21. Duc, A., Guo, J., Peyrin, T., Wei, L.: Unaligned rebound attack: application to Keccak. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 402–421. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  23. FIPS-202. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. National Institute for Standards and Technology, pub-NIST, May 2014

    Google Scholar 

  24. Fischer, W., Reuter, C.A.: Differential fault analysis on Grøstl. In: Bertoni, G., Gierlichs, B. (eds.) FDTC 2012, pp. 44–54. IEEE Computer Society (2012)

    Google Scholar 

  25. Giraud, C.: DFA on AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 27–41. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  26. Giraud, C., Thillard, A.: Piret and quisquater’s DFA on AES revisited. IACR Cryptology ePrint Archive, 2010:440 (2010)

    Google Scholar 

  27. Hemme, L.: A differential fault attack against early rounds of (Triple-)DES. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 254–267. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  28. Hemme, L., Hoffmann, L.: Differential fault analysis on the SHA1 compression function. In: Breveglieri, L., Guilley, S., Koren, I., Naccache, D., Takahashi, J. (eds.) FDTC 2011, pp. 54–62. IEEE Computer Society (2011)

    Google Scholar 

  29. Jean, J., Nikolic, I.: Internal differential boomerangs: practical analysis of the round-reduced Keccak-f permutation. IACR Cryptology ePrint Archive 2015:244 (2015)

    Google Scholar 

  30. Karmakar, S., Chowdhury, D.R.: Differential fault analysis of MICKEY-128 2.0. In: Fischer, W., Schmidt, J. (eds.) FDTC 2013, pp. 52–59. IEEE Computer Society (2013)

    Google Scholar 

  31. Kim, C.H.: Differential fault analysis of AES: toward reducing number of faults. Inf. Sci. 199, 43–57 (2012)

    Article  MATH  Google Scholar 

  32. Kim, C.H., Quisquater, J.-J.: New differential fault analysis on AES key schedule: two faults are enough. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 48–60. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  33. Kölbl, S., Mendel, F., Nad, T., Schläffer, M.: Differential cryptanalysis of Keccak variants. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 141–157. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  34. Luo, P., Fei, Y., Fang, X., Ding, A.A., Kaeli, D.R., Leeser, M.: Side-channel analysis of MAC-Keccak hardware implementations. Cryptology ePrint Archive, Report 2015/411 (2015). http://eprint.iacr.org/

  35. Morawiecki, P., Pieprzyk, J., Srebrny, M.: Rotational cryptanalysis of round-reduced Keccak. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 241–262. Springer, Heidelberg (2014)

    Google Scholar 

  36. Naya-Plasencia, M., Röck, A., Meier, W.: Practical analysis of reduced-round Keccak. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 236–254. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  37. Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  38. Preneel, B., van Oorschot, P.C.: On the security of iterated message authentication codes. IEEE Trans. Inf. Theory 45(1), 188–199 (1999)

    Article  MATH  Google Scholar 

  39. Rivain, M.: Differential fault analysis on DES middle rounds. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 457–469. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  40. Saha, D., Kuila, S., Chowdhury, D.R.: EscApe: diagonal fault analysis of APE. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 197–216. Springer, Heidelberg (2014)

    Google Scholar 

  41. Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 224–233. Springer, Heidelberg (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran

    Nasour Bagheri & Navid Ghaedi

  2. The School of Computer Science, Institute for Research in Fundamental Sciences (IPM), Tehran, Iran

    Nasour Bagheri

  3. IIIT-Delhi, Delhi, India

    Somitra Kumar Sanadhya

Authors
  1. Nasour Bagheri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Navid Ghaedi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Somitra Kumar Sanadhya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nasour Bagheri .

Editor information

Editors and Affiliations

  1. Luxembourg, Luxembourg

    Alex Biryukov

  2. Microsoft Research India, Banglore, India

    Vipul Goyal

A Appendix

A Appendix

We stress that all differential output happen with probability 1. The state is described as a matrix of \(5\times 5\) lanes of 64 bits, ordered from right to left, where each lane is given in bit using the little-endian format.

x represents a linear equation of \(\chi \) input (B).

figure c
figure d

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Bagheri, N., Ghaedi, N., Sanadhya, S.K. (2015). Differential Fault Analysis of SHA-3. In: Biryukov, A., Goyal, V. (eds) Progress in Cryptology -- INDOCRYPT 2015. INDOCRYPT 2015. Lecture Notes in Computer Science(), vol 9462. Springer, Cham. https://doi.org/10.1007/978-3-319-26617-6_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26617-6_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26616-9

  • Online ISBN: 978-3-319-26617-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation