Abstract
As a hardware-oriented stream cipher, Trivium is on the edge of low cost and compactness. In this paper we discuss how brittle Trivium is under fault attack. Our fault model is based on the following two assumptions: (1) We can make fault injection on the state at a random time and (2) after each fault injection, the fault positions are from random one of three registers, and from a random area within eight neighboring bits. Our fault model has extremely weak assumptions for effective attack , and much weaker than that of Hojsík and Rudolf, in their fault attack on Trivium. We present a checking method such that, by observing original key-stream segment and fault injected key-stream segment, the injecting time and fault positions can be determined. Then, for several distributions of the injecting time, our random simulations always show that the attacker can break Trivium by a small number of repeated fault injections. For example, suppose that the injecting time has an uniform distribution over {0, 1, . . . , 32}, then averagely no more than 16 repeated fault injection procedures will break Trivium, by averagely observing no more than 195 × 17 key-stream bits.
Similar content being viewed by others
References
Cannière C.D., Preneel B.: Trivium: a stream cipher construction inspired by block cipher design principle. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/30. http://www.ecrypt.eu.org/stream (2005). Accessed 30 June 2006.
Cannière C.D., Preneel B.: Trivium specifications. www.ecrypt.eu.org/stream/p3ciphers/trivium/trivium_p3.pdf (2007). Accessed 29 Apr 2007.
Raddum H.: Cryptanalytic results on Trivium. eSTREAM, ECRYPT Stream Cipher Project, Report 2006/039. http://www.ecrypt.eu.org/stream (2006). Accessed 3 Apr 2006.
Maximov A., Biryukov A.: Two trivial attacks on Trivium. eSTREAM, ECRYPT Stream Cipher Project, Report 2007/006. http://www.ecrypt.eu.org/stream (2007). Accessed 29 Apr 2007.
Babbage S.: Some thoughts on Trivium. eSTREAM, ECRYPT Stream Cipher Project, Report 2007/007. http://www.ecrypt.eu.org/stream (2007). Accessed 29 Apr 2007.
Turan M.S., Kara O.: Linear approximations for 2-round Trivium. eSTREAM, ECRYPT Stream Cipher Project, Report 2007/008. http://www.ecrypt.eu.org/stream (2007). Accessed 29 Apr 2007.
Hwang D., Chaney M., Karanam S., Ton N., Gaj K.: Comparison of FPGA-targeted hardware implementations of eSTREAM stream cipher candidates. In: SASC 2008—The State of the Art of Stream Ciphers, Workshop Record, pp. 151–162. http://www.ecrypt.eu.org/stream (2008). Accessed 10 Mar 2009.
Good T., Benaissa M.: Hardware performance of eSTREAM phase-III stream cipher candidates. In: SASC 2008—The State of the Art of Stream Ciphers, Workshop Record, pp. 163–174. http://www.ecrypt.eu.org/stream (2008). Accessed 10 Mar 2009.
Biham E., Dunkelman O.: Differential cryptanalysis in stream ciphers. COSIC internal report (2007).
Rechberger C., Oswald E.: Stream ciphers and side-channel analysis. In: SASC 2004—The State of the Art of Stream Ciphers, Workshop Record, pp. 320–326. http://www.ecrypt.eu.org/stream (2004). Accessed 9 Apr 2005.
Fisher W., Gammel B.M., Kniffler O., Velten J.: Differential power analysis of stream ciphers. eSTREAM, ECRYPT Stream Cipher Project, Report 2007/014. http://www.ecrypt.eu.org/stream (2007). Accessed 29 Apr 2007.
Hoch J.J., Shamir A.: Fault analysis of stream ciphers. In: Joye, M., Quisquater, J.-J. (eds) CHES 2004. LNCS, vol. 3156, pp. 240–253. Springer, Heidelberg (2004)
Biham E., Granboulan L., Nguyen P.: Impossible fault analysis of RC4 and differential fault analysis of RC4. In: SASC 2004—The State of the Art of Stream Ciphers, Workshop Record, pp. 147–155. http://www.ecrypt.eu.org/stream (2004). Accessed 9 Apr 2005.
Gierlichs B., Batina L., Clavier C., Eisenbarth T., Gouget A., Handschuh H., Kasper T., Lemke-Rust K., Mangard S., Moradi A., Oswald E.: Susceptibility of eSTREAM candidates towards side channel analysis. In: SASC 2008—The State of the Art of Stream Ciphers, Workshop Record, pp. 123–150. http://www.ecrypt.eu.org/stream (2008). Accessed 10 Mar 2009.
Fisher S., Khazaei S., Meier W.: Chosen IV statistical analysis for key recovery attacks on stream cipher. In: SASC 2008—The State of the Art of Stream Ciphers, Workshop Record, pp. 31–41. http://www.ecrypt.eu.org/stream (2008). Accessed 10 Mar 2009.
Hojsík M., Rudolf B.: Differential fault analysis of Trivium. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 158–172. Springer, Heidelberg (2008)
Hojsík M., Rudolf B.: Floating fault analysis of Trivium. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds) INDOCRYPT 2008. LNCS, vol. 5365, pp. 239–250. Springer, Heidelberg (2008)
Biham E., Shamir A.: Differential fault analysis of secret key cryptosystems. In: Advances in Cryptology-CRYPTO’97. LNCS, vol. 1294, pp. 513–525. Springer-Verlag, Berlin, Heidelberg (1997).
Pasalic E.: Key differentiation attacks on stream ciphers. Cryptology ePrint Archive. http://eprint.iacr.org/2008/443 (2008). Accessed 12 Dec 2008.
Dinur I., Shamir A. Cube attacks on tweakable black box polynomials. Cryptology ePrint Archive. http://eprint.iacr.org/2008/385 (2008). Accessed 12 Dec 2008.
Bedi S.S., Pillai N.R.: Cube attacks on Trivium. Cryptology ePrint Archive. http://eprint.iacr.org/2009/015 (2009). Accessed 10 Feb 2009.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by V. van Rijmen.
Rights and permissions
About this article
Cite this article
Hu, Y., Gao, J., Liu, Q. et al. Fault analysis of Trivium. Des. Codes Cryptogr. 62, 289–311 (2012). https://doi.org/10.1007/s10623-011-9518-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-011-9518-9