[Resource Topic] 2023/322: Differential Fault Attack on Rasta and $\text {FiLIP} _ {\text {DSM}}$

Welcome to the resource topic for 2023/322

Differential Fault Attack on Rasta and \text {FiLIP} _ {\text {DSM}}

Authors: R Radheshwar, Meenakshi Kansal, Pierrick Méaux, Dibyendu Roy


In this paper we propose Differential Fault Attack (DFA) on two Fully Homomorphic Encryption (FHE) friendly stream ciphers Rasta and \text {FiLIP} _ {\text {DSM}} . Design criteria of Rasta rely on affine layers and nonlinear layers, whereas \text {FiLIP} _ {\text {DSM}} relies on permutations and a nonlinear fil- ter function. Here we show that the secret key of these two ciphers can be recovered by injecting only 1 bit fault in the initial state. Our DFA on full round (# rounds = 6) Rasta with 219 block size requires only one block (i.e., 219 bits) of normal and faulty keystream bits. In the case of our DFA on FiLIP-430 (one instance of \text {FiLIP} _ {\text {DSM}} ), we need 30000 normal and faulty keystream bits.

ePrint: https://eprint.iacr.org/2023/322

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .