Deep round key recovery attacks and countermeasure in persistent fault model: a case study on GIFT and KLEIN

Abstract

Persistent fault analysis (PFA) has emerged as a powerful technique that can recover the secret key by influencing ciphertext distribution. Most research work highlights its application for investigating the last round key. This work presents PFA attack methods to recover deeper round keys of SPN ciphers, wherein the last round key alone can not determine the entire master key. We use GIFT and KLEIN ciphers to validate our methods and show the effectiveness of the proposed approach through simulation. We could recover the full master keys of both the GIFT cipher versions by retrieving the round keys up to the depth 2 and 4 for GIFT-128 and GIFT-64, respectively. Our method recovered KLEIN�s last round key and penultimate round key in average 75 and 180 ciphertexts, respectively. We also analyzed the success rate of our approach for varying depths and Hamming distances. In GIFT-64, for Hamming distance 1, keys were recovered in approximately 110, 290, and 750 ciphertexts for round numbers 28, 27, and 26, respectively, with a 100% success rate. For round 25, around 2000 ciphertexts were sufficient to recover the round key in 90% of the cases out of 1000 experiments. For 39th round of GIFT-128, the round key can be recovered with a 100% success rate in roughly 380, 575, and 1100 ciphertexts for the Hamming distance 1, 2, and 3, respectively. However, for the same round with Hamming distance of value 4, the success rate is 75% for around 2000 ciphertexts. In addition, we propose a countermeasure to thwart PFA attacks and Intermediate-oriented fault attacks, such as, differential fault analysis. � The Author(s), under exclusive licence to Springer-Verlag GmbH Germany, part of Springer Nature 2024.