Algebraic Fault Analysis of Subterranean 2.0

Algebraic Fault Analysis (AFA) is based on the principles of algebraic cryptanalysis in conjunction with fault analysis. One of the main benefits of AFA is the ability to use off the shelf solving tools like SAT solvers to conduct fault analysis in an automated fashion. In this work we show how the principles of AFA can be applied to the authenticated encryption scheme Subterranean 2.0, a second round candidate of the ongoing NISTLWC competition. In order to find the optimal parameters for a fault injection we investigated the fault model’s influence on the solving time. The optimal fault parameters turned out as a single bitflip fault in conjunction with a known but randomly chosen fault location, where the fault is applied just one cycle before the tag generation. We verify the efficiency of our attack by means of simulation. Conducting our proposed attack with optimal fault parameters requires only five fault injections to recover the secret key of Subterranean 2.0 in less than four seconds.     «

Algebraic Fault Analysis (AFA) is based on the principles of algebraic cryptanalysis in conjunction with fault analysis. One of the main benefits of AFA is the ability to use off the shelf solving tools like SAT solvers to conduct fault analysis in an automated fashion. In this work we show how the principles of AFA can be applied to the authenticated encryption scheme Subterranean 2.0, a second round candidate of the ongoing NISTLWC competition. In order to find the optimal parameters fo...     »