Improved Differential Fault Attack Method on SKINNY

doi:10.3778/j.issn.1673-9418.2409070

Abstract

Abstract: The existing differential fault attacks against the SKINNY algorithm have problems such as a large number of faults that need to be injected, high complexity in key searching, long attack execution time, and there may be remaining key in key space. To address the above issues, a new differential fault attack model based on double nibble/byte faults is proposed to implement differential fault attacks on the SKINNY-64-64 and SKINNY-128-128 algorithms. This model allows attackers to access and fully control the tweak (tweakable block cipher), assuming a fixed tweak for the tweak key input. By injecting double nibble and double byte faults into the R-3 and R-4 rounds of the key schedule algorithm for SKINNY-64-64 and SKINNY-128-128, respectively, the model recovers the main keys of SKINNY-64-64 and SKINNY-128-128 by establishing differential equations and computing equations according to constraints of the differential of S-box inputs in the last three rounds. The simulation results on software implementations show that, the proposed model can recover the main keys of SKINNY-64-64 and SKINNY-128-128 using only 5.9 and 6.7 pairs of faults, respectively. Compared with existing methods, the proposed model can maintain lower attack time overhead while injecting fewer faults to recover the unique keys of the algorithm.

Key words: differential fault attack, SKINNY, double nibble/byte fault, key schedule

摘要： 现有针对SKINNY算法的差分故障攻击存在需要注入的故障数量多、密钥搜索复杂度高及攻击执行时间长且密钥空间可能会有剩余等问题。针对上述问题，提出一种基于双半字节/双字节故障的差分故障攻击模型，实现对SKINNY-64-64算法和SKINNY-128-128算法的差分故障攻击。该模型允许攻击者对微调进行访问和完全控制，并假设可调密钥输入有一个固定的调整，在SKINNY-64-64算法和SKINNY-128-128算法的密钥编排算法的第R-3轮和R-4轮密钥中分别注入双半字节和双字节故障，利用最后三轮S盒输入差分中的约束建立差分方程，通过计算恢复SKINNY-64-64算法和SKINNY-128-128算法的主密钥。在软件实现上的仿真实验测试结果表明，新提出的模型分别利用5.9对和6.7对故障可以恢复出SKINNY-64-64算法和SKINNY-128-128的主密钥；相对于现有方法，新提出的模型可以在注入较少故障恢复算法唯一密钥的同时保持较低的攻击时间开销。

关键词: 差分故障攻击, SKINNY, 双半字节/字节故障, 密钥编排

WU Xiaonian, YANG Jiming, ZHANG Runlian. Improved Differential Fault Attack Method on SKINNY[J]. Journal of Frontiers of Computer Science and Technology, 2025, 19(10): 2844-2854.

武小年, 杨济铭, 张润莲. 针对SKINNY算法的改进差分故障攻击方法[J]. 计算机科学与探索, 2025, 19(10): 2844-2854.

References

[1] KUMAR C, PRAJAPATI S S, VERMA R K. A survey of various lightweight cryptography block ciphers for IoT devices[C]//Proceedings of the 2022 IEEE International Conference on Current Development in Engineering and Technology. Piscataway: IEEE, 2022: 1-6.
[2] DEVI M, MAJUMDER A. Side-channel attack in Internet of things: a survey[M]//Applications of Internet of things. Singapore: Springer, 2021: 213-222.
[3] BONEH D, DEMILLO R A, LIPTON R J. On the importance of checking cryptographic protocols for faults[C]//Proceedings of the 1997 International Conference on the Theory and Application of Cryptographic Techniques. Berlin, Heidelberg: Springer, 1997: 37-51.
[4] BIHAM E, SHAMIR A. Differential fault analysis of secret key cryptosystems[C]//Proceedings of the 17th Annual International Cryptology Conference. Berlin, Heidelberg: Springer, 1997: 513-525.
[5] ZHANG F, ZHANG Y R, JIANG H L, et al. Persistent fault attack in practice[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020, 2020(2): 172-195.
[6] WEI Y C, WANG X R, ZHOU Z C. Integral fault analysis of Midori64 lightweight cipher[C]//Proceedings of the 2021 International Conference on Network Communication and Information Security, 2022: 87-92.
[7] LE D P, LU R X, GHORBANI A A. Improved fault analysis on SIMECK ciphers[J]. Journal of Cryptographic Engineering, 2022, 12(2): 169-180.
[8] MA X L, ZHANG L Z, WU L J, et al. Differential fault analysis on 3DES middle rounds based on error propagation[J]. Chinese Journal of Electronics, 2022, 31(1): 68-78.
[9] NAGELER M, DOBRAUNIG C, EICHLSEDER M. Information-combining differential fault attacks on DEFAULT[C]//Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques. Cham: Springer, 2022: 168-191.
[10] XIAO H Y, WANG L F. Differential fault analysis on the key schedule of the LBlock algorithm[J]. IEEE Access, 2022, 10: 62402-62411.
[11] XIAO H Y, WANG L F. The differential fault analysis on block cipher KLEIN-96[J]. Journal of Information Security and Applications, 2022, 67: 103205.
[12] SALAM I, YAU W C, PHAN R C W, et al. Differential fault attacks on the lightweight authenticated encryption algorithm CLX-128[J]. Journal of Cryptographic Engineering, 2023, 13(3): 265-281.
[13] MONDAL S K, DEY P, ROY H S, et al. Improved fault analysis on subterranean 2.0[J]. IEEE Transactions on Computers, 2024, 73(6): 1631-1639.
[14] BEIERLE C, JEAN J, K?LBL S, et al. The SKINNY family of block ciphers and its low-latency variant MANTIS[C]//Proceedings of the 36th Annual International Cryptology Conference. Berlin, Heidelberg: Springer, 2016: 123-153.
[15] VAFAEI N, SAHA S, BAGHERI N, et al. Fault attack on SKINNY cipher[J]. Journal of Hardware and Systems Security, 2020, 4(4): 277-296.
[16] VAFAEI N, PORKAR M, RAMZANIPOUR H, et al. Practical differential fault analysis on SKINNY[J]. ISC International Journal of Information Security, 2017, 14: 9-19.
[17] 谢敏, 江家煜, 陈杰. SKINNY的差分故障攻击与ForkAE的密钥恢复攻击[J]. 密码学报(中英文), 2024, 11(3): 692-705.
XIE M, JIANG J Y, CHEN J. Differential fault attack on SKINNY and key recovery attack on ForkAE[J]. Journal of Cryptologic Research, 2024, 11(3): 692-705.