Algebraic Fault Analysis (AFA) is based on the
principles of algebraic cryptanalysis in conjunction with fault
analysis. One of the main benefits of AFA is the ability to use off
the shelf solving tools like SAT solvers to conduct fault analysis in
an automated fashion. In this work we show how the principles
of AFA can be applied to the authenticated encryption scheme
Subterranean 2.0, a second round candidate of the ongoing NISTLWC
competition. In order to find the optimal parameters for a
fault injection we investigated the fault model’s influence on the
solving time. The optimal fault parameters turned out as a single
bitflip fault in conjunction with a known but randomly chosen
fault location, where the fault is applied just one cycle before the
tag generation. We verify the efficiency of our attack by means of
simulation. Conducting our proposed attack with optimal fault
parameters requires only five fault injections to recover the secret
key of Subterranean 2.0 in less than four seconds.
«
Algebraic Fault Analysis (AFA) is based on the
principles of algebraic cryptanalysis in conjunction with fault
analysis. One of the main benefits of AFA is the ability to use off
the shelf solving tools like SAT solvers to conduct fault analysis in
an automated fashion. In this work we show how the principles
of AFA can be applied to the authenticated encryption scheme
Subterranean 2.0, a second round candidate of the ongoing NISTLWC
competition. In order to find the optimal parameters fo...
»