Title :
Differential Fault Analysis on Grøstl
Author :
Fischer, Wieland ; Reuter, Christian A.
Author_Institution :
Infineon Technol. AG, Neubiberg, Germany
Abstract :
This paper presents a DFA on Grøstl-256, a hash algorithm that imitates the main structures of AES. Although our attack is inspired by the classical fault attacks on AES these could not be adapted directly. The attack is able to completely recover the whole input message using a one-bit and a random-byte fault model. It needs 16 errors to invert the output transformation Ωn and on average 280 errors for each compression step. When Grøstl is used in a keyed hash function like HMAC, this attack is able to retrieve the secret key from about 300 faulty outputs in less than three minutes.
Keywords :
cryptography; fault diagnosis; AES; Grostl-256; differential fault analysis; hash algorithm; input message; one bit fault model; random byte fault model; Algorithm design and analysis; Computational modeling; Cryptography; Doped fiber amplifiers; Hardware; NIST; DFA; Differential Fault Analysis; Fault Attack; Grøstl; Hash Algorithm; SHA-3; Side Channel Attack;
Conference_Titel :
Fault Diagnosis and Tolerance in Cryptography (FDTC), 2012 Workshop on
Conference_Location :
Leuven
Print_ISBN :
978-1-4673-2900-2
DOI :
10.1109/FDTC.2012.14
