Differential Fault Attack on GIFT
-
Graphical Abstract
-
Abstract
GIFT, a lightweight block cipher proposed at CHES2017, has been widely cryptanalyzed this years. This paper studies the differential diffusion characteristics of round function of GIFT at first, and proposes a random nibble-based differential fault attack. The key recovery scheme is developed on the statistical properties we found for the differential distribution table of the S-box. A lot of experiments had been done and experimental results show that one round key can be retrieved with an average of 20.24 and 44.96 fault injections for GIFT-64 and GIFT-128 respectively. Further analysis shows that a certain number of fault injections recover most key bits. So we demonstrate an improved fault attack combined with the method of exhaustive search, which shows that the master key can be recovered by performing 216 and 217 computations and injecting 31 and 32 faults on an average for GIFT-64 and GIFT-128 respectively.
-
-