This paper proposes two Differential Fault Attacks on the
lightweight block cipher KLEIN. Variant one targets the intermediate state of the cipher. Using at least five faulty ciphertexts, the attacker is able to determine the last round key. The second variant, which works only on KLEIN-64, injects a byte-fault in the key schedule and requires at least four faulty ciphertexts in order to determine the whole key. Furthermore, we demonstrate the efficiency of both attack
methods by simulation.
Dewey Decimal Classification:
Polian, Ilia; Stöttinger, Marc
Book / Congress title:
Constructive Side-Channel Analysis and Secure Design