Improved Algebraic Fault Analysis: A Case Study on Piccolo and Applications to Other Lightweight Block Ciphers

  • Fan Zhang
  • Xinjie Zhao
  • Shize Guo
  • Tao Wang
  • Zhijie Shi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7864)


This paper proposes some techniques to improve algebraic fault analysis (AFA). First, we show that building the equation set for the decryption of a cipher can accelerate the solving procedure. Second, we propose a method to represent the injected faults with algebraic equations when the accurate fault location is unknown. We take Piccolo as an example to illustrate our AFA and compare it with differential fault analysis (DFA). Only one fault injection is required to break Piccolo with the improved AFA. Finally, we extend the proposed AFA to other lightweight block ciphers, such as MIBS, LED, and DES. For the first time, the full secret key of DES can be recovered with only a single fault injection.


Algebraic fault analysis lightweight cipher Piccolo DES 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ali, S., Mukhopadhyay, D., Tunstall, M.: Differential fault analysis of AES: towards reaching its limits. Journal of Cryptographic Engineering (2012), doi:10.1007/s13389-012-0046-y.Google Scholar
  2. 2.
    Agoyan, M., Dutertre, J.-M., Naccache, D., Robisson, B., Tria, A.: When clocks fail: On critical paths and clock faults. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 182–193. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerers Apprentice Guide to Fault Attacks. In: IEEE 1994, pp. 370–382 (2006)Google Scholar
  4. 4.
    Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: Theory, practice and countermeasures. Politecnico di Milano, Milan, Italy, Tech. Rep. (2012)Google Scholar
  5. 5.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  6. 6.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  8. 8.
    Bouillaguet, C., Derbez, P., Fouque, P.-A.: Automatic Search of Attacks on Round-Reduced AES and Applications. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 169–187. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Courtois, N.T., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Courtois, N., Ware, D., Jackson, K.: Fault-Algebraic Attacks on Inner Rounds of DES. In: eSmart 2010, pp. 22–24 (2010)Google Scholar
  11. 11.
    Derbez, P., Fouque, P.-A., Leresteux, D.: Meet-in-the-Middle and Impossible Differential Fault Analysis on AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 274–291. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Ding, J., Buchmann, J., Mohamed, M.S.E., et al.: MutantXL algorithm. In: Proceedings of the 1st International Conference in Symbolic Computation and Cryptography, pp. 16–22 (2008)Google Scholar
  13. 13.
    Faugère, J.C.: Gröbner Bases. Applications in Cryptology. In: FSE 2007, Invited Talk (2007),
  14. 14.
    Gregory, V.B.: Algebraic Cryptanalysis. Published by Springer (2009)Google Scholar
  15. 15.
    Gu, D., Li, J., Li, S., Guo, Z., Liu, J.: Differential Fault Analysis on Lightweight Blockciphers with Statistical Cryptanalysis Techniques. In: FDTC 2012, pp. 27–33 (2012)Google Scholar
  16. 16.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED Block Cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Hojsík, M., Rudolf, B.: Differential fault analysis of Trivium. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 158–172. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Hojsík, M., Rudolf, B.: Floating fault analysis of trivium. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 239–250. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Izadi, M., Sadeghiyan, B., Sadeghian, S.S., et al.: MIBS: A New Lightweight Block Cipher. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 334–348. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Jeong, K., Lee, C.: Differential Fault Analysis on Block Cipher LED-64. In (Jong Hyuk) Park, J.J., Leung, V.C.M., Wang, C.-L., Shon, T. (eds.) Future Information Technology, Application, and Service. LNEE, vol. 164, pp. 747–755. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  21. 21.
    Jeong, K.: Differential Fault Analysis on Block Cipher Piccolo. Cryptology ePrint Archive (2012),
  22. 22.
    Jovanovic, P., Kreuzer, M., Polian, I.: A Fault Attack on the LED Block Cipher. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 120–134. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  23. 23.
    Jovanovic, P., Kreuzer, M., Polian, I.: An Algebraic Fault Attack on the LED Block Cipher. Cryptology ePrint Archive (2012),
  24. 24.
    Knudsen, L.R., Miolane, C.V.: Counting equations in algebraic attacks on block ciphers. International Journal of Information Security 9(2), 127–135 (2010)CrossRefGoogle Scholar
  25. 25.
    Lim, C.H., Korkishko, T.: mCrypton – A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 243–258. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Mohamed, M.S.E., Mohamed, W.S.A.E., Ding, J., Buchmann, J.: MXL2: Solving Polynomial Equations over GF(2) Using an Improved Mutant Strategy. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 203–215. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Mohamed, M., Bulygin, S., Buchmann, J.: Improved Differential Fault Analysis of Trivium. In: COSADE 2011, pp. 147–158 (2011)Google Scholar
  28. 28.
    Mohamed, M., Bulygin, S., Zohner, M., Heuser, A., Walter, M.: Improved Algebraic Side-Channel Attack on AES. Cryptology ePrint Archive (2011),
  29. 29.
    Mukhopadhyay, D.: An Improved Fault Based Attack of the Advanced Encryption Standard. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 421–434. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    National Bureau of Standards, Data Encryption Standard. U.S. Department of Commerce, FIPS PUB. 46 (January 1977)Google Scholar
  31. 31.
    Piret, G., Quisquater, J.-J.: A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  32. 32.
    Renauld, M., Standaert, F.-X.: Algebraic Side-Channel Attacks. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 393–410. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  33. 33.
    Rivain, M.: Differential Fault Analysis on DES Middle Rounds. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 457–469. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  34. 34.
    SAT. Sat Race Competition,
  35. 35.
    Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: An Ultra-Lightweight Blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  36. 36.
    Soos, M., Nohl, K., Castelluccia, C.: Extending SAT Solvers to Cryptographic Problems. In: Kullmann, O. (ed.) SAT 2009. LNCS, vol. 5584, pp. 244–257. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  37. 37.
    Takahashi, J., Fukunaga, T.: Improved Differential Fault Analysis on CLEFIA. In: FDTC 2008, pp. 25–34 (2008)Google Scholar
  38. 38.
    Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 224–233. Springer, Heidelberg (2011), CrossRefGoogle Scholar
  39. 39.
    Zhao, X., Wang, T., Wang, S., Wu, Y.: Research on deep differential fault analysis against MIBS. Journal on Communications 31(12), 82–89 (2010)Google Scholar
  40. 40.
    Zhao, X., Zhang, F., Guo, S., Wang, T., Shi, Z., Liu, H., Ji, K.: MDASCA: An Enhanced Algebraic Side-Channel Attack for Error Tolerance and New Leakage Model Exploitation. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 231–248. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  41. 41.
    Zhao, X., Guo, S., Zhang, F., et al.: Algebraic Differential Fault Attacks on LED using a Single Fault Injection. Cryptology ePrint Archive (2012),

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Fan Zhang
    • 1
  • Xinjie Zhao
    • 2
    • 3
  • Shize Guo
    • 3
  • Tao Wang
    • 2
  • Zhijie Shi
    • 1
  1. 1.University of ConnecticutStorrsUSA
  2. 2.Ordnance Engineering CollegeShijiazhuangChina
  3. 3.The Institute of North Electronic EquipmentBeijingChina

Personalised recommendations