Fault Analysis of the KATAN Family of Block Ciphers
In this paper, we investigate the security of the KATAN family of block ciphers against differential fault attacks. KATAN consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32,KATAN48 and KATAN64, respectively. All three variants have the same key length of 80 bits. We assume...
| Main Author: | |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://eprints.utem.edu.my/id/eprint/3181/ http://eprints.utem.edu.my/id/eprint/3181/1/Paper62.pdf |
| _version_ | 1848886950393544704 |
|---|---|
| author | Abdul Latip, Shekh Faisal |
| author_facet | Abdul Latip, Shekh Faisal |
| author_sort | Abdul Latip, Shekh Faisal |
| building | UTeM Institutional Repository |
| collection | Online Access |
| description | In this paper, we investigate the security of the KATAN family of block ciphers against differential fault attacks. KATAN consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32,KATAN48 and KATAN64, respectively. All three variants have the same key length of 80 bits. We assume a single-bit fault injection model where the adversary is supposed to be able to corrupt a single random bit of the internal state of the cipher and this fault injection process can be repeated (by resetting the cipher); i.e., the faults are transient rather than permanent. First, we determine suitable rounds for effective fault injections by analyzing distributions of low-degree (mainly, linear and quadratic) polynomial equations obtainable using the cube and extended cube attack techniques. Then, we show how to identify the exact position of faulty bits within the internal state by precomputing difference characteristics for each bit position at a given round and comparing these characteristics with ciphertext differences (XOR of faulty and non-faulty ciphertexts) during the online phase of the attack. The complexity of our attack on KATAN32 is 2^59 computations and about 115 fault injections. For KATAN48 and KATAN64, the attack requires 2^55 computations (for both variants), while the required number of fault injections is 211 and 278, respectively. |
| first_indexed | 2025-11-15T19:46:38Z |
| format | Conference or Workshop Item |
| id | utem-3181 |
| institution | Universiti Teknikal Malaysia Melaka |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T19:46:38Z |
| publishDate | 2012 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | utem-31812015-05-28T02:33:42Z http://eprints.utem.edu.my/id/eprint/3181/ Fault Analysis of the KATAN Family of Block Ciphers Abdul Latip, Shekh Faisal QA75 Electronic computers. Computer science In this paper, we investigate the security of the KATAN family of block ciphers against differential fault attacks. KATAN consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32,KATAN48 and KATAN64, respectively. All three variants have the same key length of 80 bits. We assume a single-bit fault injection model where the adversary is supposed to be able to corrupt a single random bit of the internal state of the cipher and this fault injection process can be repeated (by resetting the cipher); i.e., the faults are transient rather than permanent. First, we determine suitable rounds for effective fault injections by analyzing distributions of low-degree (mainly, linear and quadratic) polynomial equations obtainable using the cube and extended cube attack techniques. Then, we show how to identify the exact position of faulty bits within the internal state by precomputing difference characteristics for each bit position at a given round and comparing these characteristics with ciphertext differences (XOR of faulty and non-faulty ciphertexts) during the online phase of the attack. The complexity of our attack on KATAN32 is 2^59 computations and about 115 fault injections. For KATAN48 and KATAN64, the attack requires 2^55 computations (for both variants), while the required number of fault injections is 211 and 278, respectively. 2012-04-02 Conference or Workshop Item PeerReviewed application/pdf en http://eprints.utem.edu.my/id/eprint/3181/1/Paper62.pdf Abdul Latip, Shekh Faisal (2012) Fault Analysis of the KATAN Family of Block Ciphers. In: Information Security Practice and Experience 2012 (ISPEC 2012), 9 - 12 April 2012, Hangzhou, China. http://www.springerlink.com/content/d56776k687xl3g35/about/ |
| spellingShingle | QA75 Electronic computers. Computer science Abdul Latip, Shekh Faisal Fault Analysis of the KATAN Family of Block Ciphers |
| title | Fault Analysis of the KATAN Family of Block Ciphers |
| title_full | Fault Analysis of the KATAN Family of Block Ciphers |
| title_fullStr | Fault Analysis of the KATAN Family of Block Ciphers |
| title_full_unstemmed | Fault Analysis of the KATAN Family of Block Ciphers |
| title_short | Fault Analysis of the KATAN Family of Block Ciphers |
| title_sort | fault analysis of the katan family of block ciphers |
| topic | QA75 Electronic computers. Computer science |
| url | http://eprints.utem.edu.my/id/eprint/3181/ http://eprints.utem.edu.my/id/eprint/3181/ http://eprints.utem.edu.my/id/eprint/3181/1/Paper62.pdf |