ToFA: Towards Fault Analysis of GIFT and GIFT-like Ciphers Leveraging Truncated Impossible Differentials
In this work, we introduce ToFA, the first fault attack (FA) strategy that attempts to leverage the classically well-known idea of impossible differential cryptanalysis to mount practically verifiable attacks on bit-oriented ciphers like GIFT and BAKSHEESH. The idea stems from the fact that truncat...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2025-06-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://tches.iacr.org/index.php/TCHES/article/view/12237 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850132697472565248 |
|---|---|
| author | Anup Kumar Kundu Shibam Ghosh Aikata Aikata Dhiman Saha |
| author_facet | Anup Kumar Kundu Shibam Ghosh Aikata Aikata Dhiman Saha |
| author_sort | Anup Kumar Kundu |
| collection | DOAJ |
| description |
In this work, we introduce ToFA, the first fault attack (FA) strategy that attempts to leverage the classically well-known idea of impossible differential cryptanalysis to mount practically verifiable attacks on bit-oriented ciphers like GIFT and BAKSHEESH. The idea stems from the fact that truncated differential paths induced due to fault injection in certain intermediate rounds of the ciphers lead to active SBox-es in subsequent rounds whose inputs admit specific truncated differences. This leads to a (multi-round) impossible differential distinguisher, which can be incrementally leveraged for key-guess elimination via partial decryption. The key-space reduction further exploits the multi-round impossibility, capitalizing on the relations due to the quotient-remainder (QR) groups of the GIFT and BAKSHEESH linear layer, which increases the filtering capability of the distinguisher. Moreover, the primary observations made in this work are independent of the actual SBox. Clock glitch based fault attacks were mounted on 8-bit implementations of GIFT- 64/GIFT-128 using a ChipWhisperer Lite board on an 8-bit ATXmega128D4-AU micro-controller. Unique key recovery was achieved for GIFT-128 with 3 random byte faults, while for GIFT-64, key space was reduced to 232, the highest achievable for GIFT-64, with a single level fault due to its key-schedule. To the best of our knowledge, this work also reports the highest fault injection penetration for any variant of GIFT and BAKSHEESH. Finally, this work reiterates the role of classical cryptanalysis strategies in fault vulnerability assessment by showcasing the most efficient fault attacks on GIFT.
|
| format | Article |
| id | doaj-art-e40cd78216ee4ed3b31e81f455ccd1e8 |
| institution | OA Journals |
| issn | 2569-2925 |
| language | English |
| publishDate | 2025-06-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj-art-e40cd78216ee4ed3b31e81f455ccd1e82025-08-20T02:32:08ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252025-06-012025310.46586/tches.v2025.i3.614-643ToFA: Towards Fault Analysis of GIFT and GIFT-like Ciphers Leveraging Truncated Impossible DifferentialsAnup Kumar Kundu0Shibam Ghosh1Aikata Aikata2Dhiman Saha3Indian Statistical Institute, Kolkata 700108, IndiaDepartment of Computer Science, University Of Haifa, Haifa, Israel; Inria, Paris, FranceInstitute of Information Security, Graz University of Technology, Austriade.ci.phe.red Lab, Department of Computer Science & Engineering, Indian Institute of Technology Bhilai, Chhattisgarh - 491002, India In this work, we introduce ToFA, the first fault attack (FA) strategy that attempts to leverage the classically well-known idea of impossible differential cryptanalysis to mount practically verifiable attacks on bit-oriented ciphers like GIFT and BAKSHEESH. The idea stems from the fact that truncated differential paths induced due to fault injection in certain intermediate rounds of the ciphers lead to active SBox-es in subsequent rounds whose inputs admit specific truncated differences. This leads to a (multi-round) impossible differential distinguisher, which can be incrementally leveraged for key-guess elimination via partial decryption. The key-space reduction further exploits the multi-round impossibility, capitalizing on the relations due to the quotient-remainder (QR) groups of the GIFT and BAKSHEESH linear layer, which increases the filtering capability of the distinguisher. Moreover, the primary observations made in this work are independent of the actual SBox. Clock glitch based fault attacks were mounted on 8-bit implementations of GIFT- 64/GIFT-128 using a ChipWhisperer Lite board on an 8-bit ATXmega128D4-AU micro-controller. Unique key recovery was achieved for GIFT-128 with 3 random byte faults, while for GIFT-64, key space was reduced to 232, the highest achievable for GIFT-64, with a single level fault due to its key-schedule. To the best of our knowledge, this work also reports the highest fault injection penetration for any variant of GIFT and BAKSHEESH. Finally, this work reiterates the role of classical cryptanalysis strategies in fault vulnerability assessment by showcasing the most efficient fault attacks on GIFT. https://tches.iacr.org/index.php/TCHES/article/view/12237Fault AnalysisImpossible DifferentialGIFTBAKSHEESH |
| spellingShingle | Anup Kumar Kundu Shibam Ghosh Aikata Aikata Dhiman Saha ToFA: Towards Fault Analysis of GIFT and GIFT-like Ciphers Leveraging Truncated Impossible Differentials Transactions on Cryptographic Hardware and Embedded Systems Fault Analysis Impossible Differential GIFT BAKSHEESH |
| title | ToFA: Towards Fault Analysis of GIFT and GIFT-like Ciphers Leveraging Truncated Impossible Differentials |
| title_full | ToFA: Towards Fault Analysis of GIFT and GIFT-like Ciphers Leveraging Truncated Impossible Differentials |
| title_fullStr | ToFA: Towards Fault Analysis of GIFT and GIFT-like Ciphers Leveraging Truncated Impossible Differentials |
| title_full_unstemmed | ToFA: Towards Fault Analysis of GIFT and GIFT-like Ciphers Leveraging Truncated Impossible Differentials |
| title_short | ToFA: Towards Fault Analysis of GIFT and GIFT-like Ciphers Leveraging Truncated Impossible Differentials |
| title_sort | tofa towards fault analysis of gift and gift like ciphers leveraging truncated impossible differentials |
| topic | Fault Analysis Impossible Differential GIFT BAKSHEESH |
| url | https://tches.iacr.org/index.php/TCHES/article/view/12237 |
| work_keys_str_mv | AT anupkumarkundu tofatowardsfaultanalysisofgiftandgiftlikeciphersleveragingtruncatedimpossibledifferentials AT shibamghosh tofatowardsfaultanalysisofgiftandgiftlikeciphersleveragingtruncatedimpossibledifferentials AT aikataaikata tofatowardsfaultanalysisofgiftandgiftlikeciphersleveragingtruncatedimpossibledifferentials AT dhimansaha tofatowardsfaultanalysisofgiftandgiftlikeciphersleveragingtruncatedimpossibledifferentials |