1. Fault Attacks on Cryptosystems
Sayan Chaudhuri
Abstract​ : In this paper we put forward an outlook on fault attack
techniques aimed at cryptanalysis of two stream ciphers ­ MICKEY and the
Grain family and also on public key encryption scheme RSA­CRT algorithm. The
study will start with an overview of fault attack types and methods and then
introduce cryptanalysis against the noted stream ciphers.
Introduction​ : Stream ciphers are type of symmetric key cipher where 1
plaintext digits are combined with a pseudorandom cipher digit stream. In a
stream cipher each plaintext digit is encrypted one at a time with the
corresponding digit of the keystream to yield a digit of the ciphertext
stream. Stream ciphers are generally used for their speed and simplicity of
implementation in hardware. An eavesdropper can induce errors during the
computation of the cryptographic algorithm and exploit the faulty results to
extract information about the secret key in the hardware which is often
preferred to be some embedded systems like smart card. Fault attacks can
break systems generally more quickly than the other available side channel
attacks like simple power analysis (SPA), differential power analysis (DPA),
electromagnetic analysis (EMA). As an example, it has been possible to break
RSA­CRT public key cryptosystem with just one faulty result along with the
Data Encryption Standard (DES) and Advanced Encryption Standard (AES) with
two faulty results. In the smart card industry, fault attacks have been
increasing studied since the publication of paper of Dan Boneh, DeMill and
Lipton in 1996. In 2001, Skorobogatov and Anderson presented a practical
attack requiring very cheap equipment, a photoflash lamp they succeeded in
flipping a bit in a memory cell of a old unprotected chip. Again the
protection against any probable fault attacks on a certain system is more
costly in terms of chip area.
Fault Injection methods​ : There are many ways of inducing faults. We
briefly discuss four of them which get published often in papers. All of
those techniques are moderately difficult to carry out but require
relatively simple equipment. They are all non­invasive or semi­invasive,
which means that they don’t require any physical tampering with the chip;
however the packaging may be destroyed in some cases.
1
Symmetric key algorithms are the algorithms that use the same cryptographic keys for both encryption and decryption of ciphertext.

2. Glitch Attack​ : Historically the first process of inducing faults
in a smart card was to induce a glitch of power on one of the contacts.
Variations in the V​cc​ power supply, GND (Ground) or to the external clock
can delay or hinder the functionality of a device and good results were
applied with a power glitch applied to those. A very powerful and brief
addition of power can perturb the component and hence generates a fault. The
additional signal has to short enough so that its detection could be avoided
or the system isn’t damaged. For a successful attack, we must set the
timing, amplitude and duration of the glitch.
Often hardware based stream ciphers use the external clock that can be
overclocked or underclocked by an attacker. The overclocking may cause data
misread or the misinterpretation or omission of an instruction. In case of
data misread the circuit tries to read a value from the data bus before the
memory has time to latch out the asked value. In case of instruction miss,
the circuit starts executing instruction n+1 before the microprocessor has
finished executing the instruction n.
This method is the most common one and also easy to set up and apply as
the intruder need not worry about the localization. However the main
drawback of the method is that the attacker can’t focus on specific parts of
the device.
The popular countermeasures are also employed on most smart cards with
mounted glitch detectors, DC converters or power sensors, filters to resist
those attacks. The smart card can either detect or cancel an out of
specifications peak of power that might induce faulty behaviour. The
hardware reacts accordingly by forcing a reset.
Light Attack​ : It was introduced in 2000 and is now the most common way
to induce faults on smart cards. This attack is based on using the energy of
a light emission to perturb the silicon of a chip. Actually any electric
circuit is sensitive to light due to photoelectric effect. This is very much
directional and an attacker can choose an exact location of the device and
can furthermore control the light’s energy, intensity, wavelength, emission
time etc properties. The penetration depth of the energy depends on the
light’s wavelength. For CMOS technology, a successful generation of
electron­hole pairs close to the N­channel or the P­channel, makes the
memory cells become very sensitive.
This attack is semi­invasive. The plastic layer on the component has to
be removed in order to reach the silicon with the light beam. The energy
carried by the light beam is absorbed by the silicon’s electrons and that
energy enables them to jump from the valence band to the conductance band.
Each new electron in the conductance band creates an electron­hole pair and
the set of all of these pairs forms a local photoelectric current. The
logical gates or the memory cells of the component are sensitive to such a
current and behave accordingly to induce faults. The longer the emission,

3. the larger the electron­hole pairs created and thus the longer the generated
current.
The spectrum of the camera flash is composed of all the visible
wavelengths and a great part of infra red. Moreover a camera flash is
difficult to control accurately. Laser systems are much more directive. The
main characteristics of a laser are discrete wavelength emission, very thin
beam and controllable beam­duration and power. It can be made to target very
small area of the device. Lasers are effective than camera flashes and so
are used customarily.
The advantage of the camera flash attack is low­cost. Again a laser
attack can also be performed to the back side of the chip (or smart card)
where usually no protecting mechanism like metal shields or light detectors
are mounted.
Magnetic Attack​ : Faults can also be induced by using an powerful
magnetic pulse emission near the silicon. The magnetic field creates local
currents on the component’s surface to generate a fault. The attack can be
performed on small parts on the chip. Practically the attack is performed
with cheap set­ups ­ a current carrying wire is wound around a very sharp
needle, the wire creates an oriented magnetic field. For better results, the
attack is to be semi­invasive. The needle is kept as close as possible to
the silicon and so the cover has to be removed. Depending upon the size of
the needle, number of loops around the needle, multiple parameters like
power of the magnetic field, its duration and localization on the chip etc.
are taken into account. However the equipments are difficult to set­up
practically because generation of a high magnetic field requires high
current which would destroy the wire. Comparatively laser can focus on a
very small part of the chip much more accurately than the needle even if it
concentrates the magnetic field.
Temperature Attack​ : Each hardware has some certain temperature range
in between of which they perform great. In extreme temperatures devices
won’t work as they are expected causing random modification of the RAM cells
or R&W threshold mismatches in non­volatile memories (NVMs). However
temperature detectors can be attached to smart cards, enabling them to cease
performing if beyond the range.
Types of Fault​ : Electronic circuits are susceptible to two main type of
faults ­ provisional faults and destructive faults.
Provisional Fault​ ­ A provisional attack is transient type that is it
has reversible effects and the circuit will recover its original behavior

4. after the system is reset or when the source of the fault is removed. These
are the most common one. They occur when a code execution or a certain
computation is perturbed. In this type of attack, silicon is locally ionized
so as to induce a current that may be falsely interpreted as an internal
signal if it’s strong enough. When ionization ceases, the induced current
and the resulting faulty signal also comes to a halt and the chip thereafter
recovers in normal behavior or its original state.
Destructive fault​ ­ As its name suggests it affects permanently and is
created by purposely inflicted defects to the chip’s structure. They can be
generated by self­sustained current by bipolar transistor or with releasing
of PNPN parasitic bipolar transistor, thermal runaway due to a parasitic
thyristor etc. They normally occurs when the value of a cell is definitively
changed. They can concern either data contained in EEPROM or in RAM or the
code contained in EEPROM. Modifying data is very powerful, particularly
when the data is related to sensitive objects of the smart card
While using fault injection as a side channel cryptanalysis strategy,
provisional faults are the method of choice as they permits to attempt
numerous experimental conditions on the device until a reasonable desired
result is achieved while keeping the system fully functional after all the
operations. There is however a third kind of fault attack which is called as
Latent Fault and it is caused by hardware or software bugs.
Fault Attack on RSA­CRT​ : RSA is one of the first public key cryptosystems
and undoubtedly the most common digital signature scheme used in embedded
security.
RSA system​ ­ Let N = p.q be the product of two large primes of similar
length. To sign a message m ​∈ ​Z​n​ using RSA we compute S : = m​d​
mod N, where
d is the private exponent satisfying e.d ​≡​ 1 mod(p­1)(q­1) for the public
exponent e. The computationally expensive part of signing is the modular
exponentiation. ​For efficiency reasons, it is possible to perform the
decryption modulo p and q separately and then use the Chinese Remainder
Theorem (CRT) to compute the decryption m = c​d​
mod n.
RSA decryption with CRT​ ­ This implementation speeds up the decryption
by a factor of 4 compared to naive implementations. Decryption of a
ciphertext c using CRT :
● Reduce the ciphertext modulo the prime factors :
c​p​=c mod p
c​q​=c mod q

5. ● Exponentiate the received values :
m​p​ = c​p​
dp​ ​
mod p
m​q​ = c​q​
dq​
mod q
Where d​p​ ​≡​ ​d mod(p­1) and d​q​ ​≡ ​d​ mod(q­1)
● Use the CRT to compute m ​∈ Z​n​
*​
such that m ​≡​ m​p​ mod p and m ​≡​ m​q​ mod q
The last step is done by computing m = (​x​m​p​+​y​m​q​)mod n, where ​x​ and ​y​ are
pre­computed integers that satisfy :
x ​≡​ 1 mod p ; x ​≡​ 0 mod q
y ​≡​ 0 mod p ; y ​≡​ 1 mod q
Here ​x​ and ​y​ are only computed once and then every execution of the third
step requires only two modu​lar exponentiations.
Fault attack​ ­ Let c be a ciphertext using CRT. We assume that only the
exponentiation modulo the factor q is faulty i.e. the value m​q​ is incorrect
while the value of m​p​ is correct.
After applying CRT, we get a value ​m​, which is different than the correct
message m. For that value it holds that :
m ​≡​ m​p​ mod p ; m ​≡​ m​q​ mod q and
m​ ​≡​ m​p​ mod p ; m​ ​≡​ m​q​ mod q
An attacker who gets a hold on both m and m can break RSA by computing :
gcd(m ­ ​m​, n) = p.
Alternatively, we can compute : gcd(C ­ ​m​e​
, n)=p ​if m is unavailable.
Stream ciphers​ ­ Prior to the appearance of fast block ciphers, such as
DES, stream ciphers ruled the world of encryption. A stream cipher generates
successive elements of the keystream based on an initial state. The state is
updated in essentially two ways ­ if the state changes independently of the
plaintext or ciphertext messages, the cipher is classified as a synchronous
stream cipher. On the contrast, self­synchronous stream ciphers update their
state based on previous ciphertext digits. In a synchronous stream cipher a
stream of pseudo­random digits is generated independently of the plaintext

6. and ciphertext messages and then combined with the plaintext (to encrypt) or
the ciphertext (to decrypt). Synchronous stream ciphers include Sober­128,
Trivium etc.
Stream ciphers are often constructed using (Linear) Feedback Shift
Registers as they can be easily implemented in hardware, can be readily
analysed mathematically, have provably long cycles and good statistical
properties. (L)FSR based ciphers are the main workhorses when there is a
need to encrypt large quantities of fast streaming data.
There are many secret military hardware­oriented ciphers as well as
civically used ciphers E0 (Bluetooth), designed for a short­range LAN and
one of the most widely used (by the virtue of being included in the GSM
cipher suite for ensuring over­the­air privacy) ciphers A5/1. Another
preference is to use parts of block­cipher like rounds mixed with LFSR­like
structure. MUGI is an example of them.
However,the LFSR alone can’t provide good security due to its inherent
linearity. Various schemes are used to increase the security of LFSRs.
Registers are combined in a variety of ways : LFSR with nonlinear filters,
irregular stepping function, nonlinear feedback functions, irregular
decimation or shrinking and any kind of non­linear transform. There are
certain possibilities for constructing a stream cipher with LFSRs with
greater enhancement in security :
● Filter the output of the LFSRs through a nonlinear function.
● Control the clocking of one LFSR by the output sequence of another
LFSR.
● Filter the output of the LFSRs through a FSM (Finite State Machine).
The length of the LFSR is generally denoted by n and the XOR of the original
and faulted value of the LFSR at the time the fault was introduced by ​Δ​ and
the number of flipped bits by k which is also the hamming weight of ​Δ​.
Grain​ : Grain is best described as a family of hardware­oriented synchronous
stream ciphers. The cipher’s initial version used an 80 bit key and a 64 bit
initialization vector. The revised specifications, Grain v1, described two
stream ciphers : one for 80 bit with 64 bit initialization vector and
another for 128 bit keys with 80 bit initialization vector. Elegant and
simple, Grain v1 has been an attractive choice with two shift registers :
one with linear feedback and the second with nonlinear feedback ­ being the
essential feature of the algorithm family. These registers and the output

7. bits are coupled by means of very lightweight but judiciously chosen boolean
functions.
Basic Design​ ­ The cipher consists of three main building blocks,
namely an LFSR, a NFSR and a filter function also called an output function.
The content of the LFSR is denoted by b​i​, b​i+1​,. . .,b​i+79​. The feedback
polynomial of the LFSR, f(x) is a primitive polynomial of degree 80. It is
defined as
f(x)=1+x​18​
+x​29​
+x​42​
+x​57​
+x​67​
+x​80
We also define the update function of the LFSR as
s​i+80​=s​i+62​+s​i+51​+s​i+38​+s​i+23​+s​i+13​+s​i
The feedback polynomial of the NFSR g(x) is defined as
g(x)=1+x​17​
+x​20​
+x​28​
+x​35​
+x​43​
+x​47​
+x​52​
+x​59​
+x​65​
+x​71​
+x​80​
+x​17​
x​20​
+x​43​
x​47​
+
x​65​
x​71​
+x​20​
x​28​
x​35​
+x​47​
x​52​
x​59​
+x​17​
x​35​
x​52​
x​71​
+x​20​
x​28​
x​43​
x​47​
+x​17​
x​20​
x​59​
x​65​
+
x​17​
x​20​
x​28​
x​35​
x​43​
+x​47​
x​52​
x​59​
x​65​
x​71​
+x​28​
x​35​
x​43​
x​47​
x​52​
x​59​
.
The bit s​i​ which is masked with the input is included in the update function
as described below
b​i+80​=s​i​+b​i+63​+b​i+60​+b​i+45​+b​i+37​+b​i+33​+b​i+28​+b​i+21​+b​i+15​+b​i+9​+b​i​+
b​i+63​b​i+60​+b​i+37​b​i+33​+b​i+15​b​i+9​+b​i+60​b​i+52​b​i+45​+b​i+33​b​i+28​b​i+21​+
b​i+63​b​i+45​b​i+28​b​i+9​+b​i+60​b​i+52​b​i+37​b​i+33​+b​i+63​b​i+60​b​i+21​b​i+15​+
b​i+63​b​i+60​b​i+52​b​i+45​b​i+37​+b​i+33​b​i+28​b​i+21​b​i+15​b​i+9​+
b​i+52​b​i+45​b​i+37​b​i+33​b​i+28​b​i+21​.
Fig. 1 ­ Grain Cipher

8.
The contents of the two shift registers represent the state of the cipher.
From this state, five variables are taken as input to a boolean function
h(x). This filter function is chosen to be balanced, correlation immune to
the first order and has algebraic degree 3. The nonlinearity is the highest
possible for these functions, namely twelve. The input is taken both from
the LFSR and from the NFSR. The function is defined as
h(x)=x​1​+x​4​+x​0​x​3​+x​2​x​3​+x​3​x​4​+x​0​x​1​x​2​+x​0​x​2​x​3​+x​0​x​2​x​4​+x​1​x​2​x​4​+x​2​x​3​x​4
where the variables x​0​,x​1​,x​2​,x​3​,x​4​ corresponds to the tap positions s​i+3​,
s​i+25​, s​i+46​, s​i+64​, s​i+63​ respectively. The output of the filter function is
masked with the bit b​i​ from the NFSR to produce the keystream.
Key Initialization​ ­ Before any keystream is generated the cipher must
be initialized with the key and the IV. Let the bits of the key k be denoted
by k​i​ where 0≤i≤79 and the bits of the IV be denoted IVi where 0≤i≤63. The
initialization of the key is done as follows.
● Load the LFSR with the key bits b​i​=k​i​ for 0≤i≤79
● Load the first 64 bits of the LFSR with the IV, s​i​=IV​i​ for 0≤i≤63
● The remaining bits of the LFSR are filled with ones, s​i​=1 for 64≤i≤79.
Because of this, the LFSR can’t be initialized to all zero state. Then the
cipher is clocked 160 times without producing any running key. Instead the
output of the filter function h(x) is fed back and XORed with the input both
to the LFSR and to the NFSR.
Fig. 2 ­ The key initialization

9.
There are four members of Grain Family of stream ciphers with different
feedback polynomials and other design specifications.
Grain V​0​ ­ It’s the first design submitted to eSTREAM. It is an 80 bit
stream cipher that uses one LFSR, one NFSR of 80 bit each that gives an
internal state of 160 bit.
Feedback polynomial of LFSR f(x)= 1+ x​18​
+ x​29​
+ x​42​
+ x​57​
+ x​67​
+ x​80
Feedback polynomial of NFSR
g(x) = 1+ x​17​
+ x​20​
+ x​28​
+ x​35​
+ x​43​
+ x​47​
+ x​52​
+ x​59​
+ x​65​
+ x​71​
+ x​80​
+ x​17​
x​20​
+
x​43​
x​47​
+ x​65​
x​71​
+ x​20​
x​28​
x​35​
+ x​47​
x​52​
x​59​
+ x​17​
x​35​
x​52​
x​71​
+ x​20​
x​28​
x​43​
x​47​
+ x​17​
x​20​
x​59​
x​65​
+
x​17​
x​20​
x​28​
x​35​
x​43​
+ x​47​
x​52​
x​59​
x​65​
x​71​
+ x​28​
x​35​
x​43​
x​47​
x​52​
x​59
The filter function used is
h(x) = x​1​+ x​4​+ x​0​x​3​+ x​2​x​3​+ x​3​x​4​+ x​0​x​1​x​2​+ x​0​x​2​x​3​+ x​0​x​2​x​4​+ x​1​x​2​x​4​+ x​2​x​3​x​4
where the variables x​0​, x​1​, x​2​, x​3​, x​4​ correspond to the tap positions s​i+3​,
s​i+25​, s​i+46​, s​i+64​, b​i+63​ respectively.
Keystream function : z​t ​= x​t ​⨁ h(y​t+3​, y​t+25​, y​t+46​, y​t+64​, y​t+63​)
Grain V​1​ ­ It has similar design specs as in Grain V​0​ and it is also 80 bit
stream cipher but the feedback function of NFSR is slightly modified :
The new feedback polynomial of NFSR
g​1​(x) = 1+ x​18​
+ x​20​
+ x​28​
+ x​35​
+ x​43​
+ x​47​
+ x​52​
+ x​59​
+ x​65​
+ x​71​
+ x​80​
+ x​17​
x​20​
+
x​43​
x​47​
+
x​65​
x​71​
+ x​20​
x​28​
x​35​
+ x​47​
x​52​
x​59​
+ x​17​
x​35​
x​52​
x​71​
+ x​20​
x​28​
x​43​
x​47​
+ x​17​
x​20​
x​59​
x​65​
+
x​17​
x​20​
x​28​
x​35​
x​43​
+ x​47​
x​52​
x​59​
x​65​
x​71​
+ x​28​
x​35​
x​43​
x​47​
x​52​
x​59​
.
The filter function is same as V​0​ ​but the keystream function is modified.
The new keystream function is defined as :
z​i​ = b​i+k​ + h(s​i+3​, s​i+25​, s​i+46​, s​i+64​, s​i+63​)
where A = {1, 2, 4, 10, 31, 43, 56}
Grain 128​ ­ Feedback polynomial of LFSR f(x) = 1+ x​32​
+ x​47​
+ x​58​
+ x​90​
+ x​121​
+
x​128

10. Feedback polynomial of NFSR
g(x) = 1+ x​32​
+ x​37​
+ x​72​
+ x​102​
+ x​128​
+ x​44​
x​60​
+ x​61​
x​125​
+ x​63​
x​67​
+ x​69​
x​101​
+ x​80​
x​88​
+
x​110​
x​111​
+ x​115​
x​117
The filter function is h(x) = x​0​x​1​+ x​2​x​3​+ x​4​x​5​+ x​6​x​7​ +x​0​x​4​x​8
where the variables x​0​ to x​8​ respectively correspond to the tap position
b​i+12​, s​i+8​, s​i+13​, s​i+20​, b​i+95​, s​i+42​, s​i+60​, s​i+79​, s​i+95
The keystream function is defined as
z​i​ = b​i+j​+ h(x)+ s​i+93
where A = {2, 15, 36, 45, 64, 73, 89}
Grain 128a​ ­ It is the strongest member of the Grain Family of stream
ciphers that is 128 bit cipher which also incorporate authentication
mechanism. It uses the same feedback polynomial for LFSR and similar filter
function as in the Grain 128 but the feedback polynomial has been
strengthened with respect of different possible attacks.
The new feedback polynomial of NFSR is
g(x) = 1+ x​32​
+ x​37​
+ x​72​
+ x​102​
+ x​128​
+ x​44​
x​60​
+ x​61​
x​125​
+ x​63​
x​67​
+ x​69​
x​101​
+ x​80​
x​88​
+
x​110​
x​111​
+ x​115​
x​117​
+ x​46​
x​50​
x​58​
+ x​103​
x​104​
x​106​
+ x​33​
x​35​
x​36​
x​40
The keystream function has been also tweaked :
y​i​ = h(x)+ s​i+93​+ b​i+j
where A = {2, 15, 36, 45, 64, 73, 89}
z​i​ = y​64+2i
Grain 128a can be used in both the modes ­ with authentication or without
authentication.
Assumptions​ ­ Resistance against all known cryptanalytic attacks is the
most important property of a cipher. Initial cryptanalytic attempts against
the cipher show fault attacks to be among the strongest attacks. We (from
the perspective of an attacker) assume that we can apply some bit flipping
faults to one of the two feedback registers at our will. However we have
only partial control over their number, location and exact timing. We can
make a stronger assumption that any attacker is able to flip a single bit at
a time instance and at a location which s/he may not know exactly.

11. Additionally we can reset the device to its original state and then apply
another randomly chosen fault to the device. However we make the strongest
possible assumption, which may not be realistic, that we induce a single bit
fault in the LFSR and that we’re somehow able to determine the exact
position of the fault. The aim is to study input­output properties for h(x)
and to derive information on the 5 inputs out of the known input­output
pairs similar as for S­boxes in differential cryptanalysis of DES.
Attacks​ ­ As long as the difference induced by the fault in the LFSR
does not propagate to position b​i+63​, the difference observed in the output
of the cipher is coming from inputs of h(x) from the LFSR alone. If we’re
able to reset the device to induce a single bit fault many times at
different positions that we can correctly guess from the output difference,
we can not preclude that we’ll get get the information about a subset of the
state bits in the LFSR. Nonetheless such an attack seems more difficult
under the (more realistic) assumption that the fault induced affects several
state bits at partially unknown positions, since in that case it’s more
difficult to determine the induced difference from output differences.
Likewise, we can also consider faults induced in the NFSR alone. By the
way these faults don’t influence the contents of the LFSR. However, faults
in the NFSR propagate nonlinearly and their evolution will be harder to
predict. Thus a fault attack on the NFSR seems more difficult.
The best classical cryptanalytic techniques haven’t yet obtained any
results against Grain. Recently there has been reported of a successful
fault attack based on a single bit­flip in the state of the cipher without
knowledge of the flipped bit though requiring exact timing downright
clock­accurate.
Here is a brief account on various attacks on the Grain family of
stream ciphers :
Grain V​0​ ­ A distinguishing attack against Grain V​0​ was mounted by Khazaei
et al. It uses the concepts of linear sequential circuit approximation
method with a time and memory complexity of O(2​61.4​
).
The second attack, presented by Maximov et al., is a key recovery
attack against Grain V0. In this attack, first of all linear approximation
method is used to derive the LFSR bits and these LFSR bits are further
utilized to recover the initial state of NFSR and knowledge of key. This
attack requires 2​38​
keystream bits and computational complexity of O(2​43​
) to
recover the key. As a countermeasure of these attacks, the designers of the
Grain proposed and submitted a new design Grain V​1​.
Grain V​1​ ­ Canniere et al. mounted an attack on Grain V1 by using a weakness
in initialization algorithm. This attack was an extension of the work by

12. Kucuk et al. Those two attacks have exploited the sliding property of the
Grain V1 that is due to similarity in key initialization and key generation
processes.
Lee et al extended a sophisticated attack by exploiting the same
weakness of related key in Grain V​1​. This attack is a key recovery attack
that recovers the key with 2​22.59​
chosen IVs, 2​26.29​
keystream bits and 2​22.90
computations.
Recently Dynamic Cube Attack was proposed against Grain V​1​ by Rahimi et
al. This attack can recover the 80 bit key if initialization rounds are
reduced to 100 with the computational complexity of 2​48​
.
Grain 128​ ­ Due to similarity in the designs of Grain V​1​ and Grain 128, the
attacks that are applicable to Grain V​1​ are also applicable to Grain 128.
The attack proposed by Lee et al. takes 226.59 chosen IVs, 231.39 keystream
bits and 227.01 computations to recover the 128 bit key.
Berzati et al. introduced a fault attack against Grain 128 that can
calculate 128 bit key within minutes by using an average 24 consecutive
faults in LFSR.
Karmakar et al. also proposed a fault attack against Grain 128 that
targets NFSR and requires 56 faults to up to 256 faults in NFSR state to
compute the secret key with time complexity of O(2​21​
) and space complexity
of O(2​22​
).
A more realistic differential fault attack of Grain­128 was
demonstrated in CHES 2015 in which multi clock glitches were supposed
instead of single clock glitch because of obtaining enough faults. Also the
concept of k­neighbourhood faults were theorized.

13.
Fig. 3 ­ More realistic DFA
2
Fig. 4 ­ k­neighbourhood faults
Practical results reveal the following data :
2
NLFSR in the fig. 5 is often termed as NFSR.

14. Fast Clock
Frequency
(MHz)
No Fault Single bit
fault
Multi bit fault
130 1024 0 0
140 1024 0 0
150 1024 0 0
160 1024 0 0
170 1024 0 0
180 1024 0 0
190 0 bitNFSR​128​(1024) 0
200 0 bitNFSR​125​(2) {bitNFSR​128​, bitNFSR​125​}(1022)
210 0 0 {bitNFSR​127​, bitNFSR​126​,
bitNFSR​125​}(1024)
220 0 0 {bitNFSR​127​, bitNFSR​126​,
bitNFSR​125​, bitNFSR​124​}(1024)
Grain 128a​ ­ The first 64 bits can not be accessed by the attackers when
authentication mode is on. Maitra et al. proposed a differential fault
attack that targets the MAC instead of keystream. The attack requires 2​11
fault injections and 2​12​
MAC generation routines to access the key.
Ding and Guan proposed a related key attack that requires 296 chosen
IVs and 2​103.613​
keystream bits to recover the 128 bit key with the
computational complexity of 2​96.322​
.
The following table gives the key length, IV size and padding used in
IV’s to fill it for different ciphers of Grain family :
Cipher Key Length IV Length Padding in IV
Grain V0 80 64 FFFF
Grain V1 80 64 FFFF

15. Grain 128 128 96 FFFFFFFF
Grain 128a 128 96 FFFFFFFE
The following table presents the update functions of all the ciphers of the
Grain family for the two shift register ­ LFSR and NFSR :
Ciphe
r
LFSR update
function
NFSR update function
Grain
V​0
s​i+80​=s​i​+s​i+13​+s​i+23​+
s​i+38​+s​i+51​+s​i+62
b​i+80​=s​i​+b​i+63​+b​i+60​+b​i+52​+b​i+45​+b​i+37​+b​i+33​+b​i+28​+b​i+21​+
b​i+15​+b​i+9​+b​i​+b​i+63​b​i+60​+b​i+37​b​i+33​+b​i+15​b​i+9​+b​i+60​b​i+52​b​i
+45​+
b​i+33​b​i+28​b​i+21​+b​i+63​b​i+45​b​i+28​b​i+9​+b​i+60​b​i+52​b​i+37​b​i+33​+
b​i+63​b​i+60​b​i+21​b​i+15​+b​i+63​b​i+60​b​i+52​b​i+45​b​i+37​+
b​i+33​b​i+28​b​i+21​b​i+15​b​i+9​+ b​i+52​b​i+45​b​i+37​b​i+33​b​i+28​b​i+21
Grain
V​1
s​i+80​=s​i​+s​i+13​+s​i+23​+
s​i+38​+s​i+51​+s​i+62
b​i+80​=s​i​+b​i​+b​i+9​+b​i+14​+b​i+21​+b​i+28​+b​i+33​+b​i+37​+b​i+45​+b​i+5
2​+
b​i+60​+b​i+62​+b​i+9​b​i+15​+b​i+33​b​i+37​+b​i+60​b​i+63​+b​i+21​b​i+28​b​i+33
+
b​i+45​b​i+52​b​i+60​+ b​i+15​b​i+21​b​i+60​b​i+63​+b​i+33​b​i+37​b​i+52​b​i+60​+
b​i+9​b​i+28​b​i+45​b​i+63​+b​i+9​b​i+15​b​i+21​b​i+28​b​i+33​+
b​i+37​b​i+45​b​i+52​b​i+60​b​i+63​+b​i+21​b​i+28​b​i+33​b​i+37​b​i+45​b​i+52
Grain
128
s​i+128​=s​i​+s​i+7​+s​i+38​+
s​i+70​+s​i+81​+s​i+96
b​i+128​=s​i​+b​i​+b​i+26​+b​i+56​+b​i+91​+b​i+96​+b​i+3​b​i+67​+b​i+11​b​i+13
+
b​i+17​b​i+18​+b​i+27​b​i+59​+b​i+40​b​i+48​+ b​i+61​b​i+65​+b​i+68​b​i+84
Grain
128a
b​i+128​=s​i​+b​i​+b​i+26​+b​i+56​+b​i+91​+b​i+96​+b​i+3​b​i+67​+b​i+11​b​i+13
+
b​i+17​b​i+18​+b​i+27​b​i+59​+b​i+40​b​i+48​+b​i+61​b​i+65​+b​i+68​b​i+84​+
b​i+88​b​i+92​b​i+93​b​i+95​+ b​i+22​b​i+24​b​i+25​+b​i+70​b​i+78​b​i+82
MICKEY 2.0 ​­ Mickey 2.0 is a hardware efficient synchronous cipher designed
by Steve Babbbage and Mattew Dodd aimed at resource constrained platforms.

16. The name MICKEY is abbreviated from ​M​utual ​I​rregular ​C​locking ​KEY​ Stream
Generator.
Design​ ­ The cipher makes use of a 80 bit key and an initialization
vector with up to 80 bits in length. The cipher secret state consists of two
100 bit shift registers : one linear and one nonlinear, each of which is
irregularly clocked under mutual control of the other.
The specific clocking mechanisms contribute cryptographic strength
while still providing guarantee on period and pseudorandomness. The cipher
specification states that each key can be used with up to 2​40​
different IVs
of the same length and that 2​40​
keystream bits can be generated from each
key/IV pair. The designers have also specified a scaled­up version of the
cipher called MICKEY­128 2.0 which takes a 128 bit key and an IV up to 128
bits.
The building blocks of MICKEY 2.0 are two registers R and S, each of
which is 100 stages long (each stage contains 1 bit). The register R is
envisioned as the “linear register” and the S one as the “nonlinear
register”. The clocking of R is done in two ways, depending on the control
bit of R. When the bit is 0 the clocking of R is a standard LFSR clocking
operation with a primitive polynomial of degree 100. When the bit is 1, each
bit in the register is shifted to the right as well as XOR­ed into the
current state.

17. Fig. 5 ­ MICKEY generic algorithm structure
The clocking of S is done by use of given four sequences of 100 bits each.
Two of the sequences are used to derive an intermediate state and the other
two are then multiplied with the feedback bit, one when the control bit of S
is 0 and the other one otherwise.
The generator is clocked on depending on both of the registers R and S.
The registers are both initialized with all zeros. After that IV and key are
loaded. Keystream bits are generated by XOR­ing the registers R and S.
1 IV Loading for i=0 to (v­1) CLOCK_KG(R,S,1,IV​i​) 3
2 Key Loading for i=0 to 79 CLOCK_KG(R,S,1,K​i​)
3 Pre Clock For i=0 to 99 CLOCK_KG(R,S,1,0)
4 PRGA While required z=r​0​+s​0​ CLOCK_KG(R,S,0,0)
3
Let’s say the cipher supports an 80bit Key and a v­bit IV for 0 ≤ v ≤ 80

18.
For security against side channel attacks is required, MICKEY isn’t
optimal. The main area of the susceptibility is the variable clocking of the
linear register R. The clocking of the overall generator includes some
conditional branching that is based on one bit. Therefore there is a
possibility for fault attack.
The first version (v 1.0) of the cipher was cryptanalyzed and presented
in INDOCRYPT 2005. It was a TMD­tradeoff attack by Hong et al. The attack 4
uses low sampling resistance of the cipher. The response to the betterment
of the cipher was an increase in state size from 160 to 200.
It has been noted that by Gierlichs et al. in a 2008 paper that
straightforward implementations of the MICKEY ciphers are likely to be
susceptible to side channel cryptanalysis attacks where these are relevant.
In 2013 Subhamoy Maitra et al. presented a revised and extended version
of a differential fault attack on MICKEY 2.0. The work is one of the first
cryptanalytic attempts against this cipher and requires reasonable
computational effort. The attack works due to the simplicity of the output
function and certain register update operations of MICKEY 2.0 and would have
been thwarted had those been of more complex nature.
Differential Fault Attacks are now known against all of the three ciphers in
the hardware portfolio of eSTREAM. The attacks on all the three ciphers use
exactly the same fault model that is similar to the operation proposed by
Subhamay et al. Let’s summarize the fault requirements :
Cipher State Size Average #Faults
Trivium 288 3.2
Grain v1 160 ≈10
MICKEY 2.0 200 ≈2​14.7
4
INDOCRYPT is an annual international cryptography conference held each December since 2000 in India. Venue of
INDOCRYPT 2005 was Bangalore.

19. Conclusion​ ­ This paper try to evaluate that fault attacks are quite
efficient and extremely powerful means for side channel cryptanalysis of
stream ciphers. Their applicability were demonstrated to a wide variety of
(mainly hardware­oriented) stream ciphers, actual schemes and improvement
over course of time. There is no such thing as absolute protection. Further
details on this subject matter requires practical laboratory based attacks
on smart card implementations of the stream ciphers because when describing
a fault attack on any cryptographic primitive, it is important to try and
bridge the gap between theoretically and practically achievable fault
models.