Chao Luo, Yunsi Fei, David Kaeli
March 2018
IEEE/ACM International Conference on Computer-Aided Design (ICCAD)
Elliptic Curve Cryptography (ECC), initially proposed by Koblitz [17] and Miller [20], is a public-key cipher. Compared with other popular public-key ciphers (e.g., RSA), ECC features a shorter key length for the same level of security. For example, a 256-bit ECC cipher provides 128-bit security, equivalent to a 2048-bit RSA cipher [4]. Using smaller keys, ECC requires less memory for performing cryptographic operations. Embedded systems, especially given the proliferation of Internet-of-Things (IoT) devices and platforms, require efficient and low-power secure communications between edge devices and gateways/clouds. ECC has been widely adopted in IoT systems for authentication of communications, while RSA, which is much more costly to compute, remains the standard for desktops and servers.
Pei Luo, Konstantinos Athanasiou, Yunsi Fei, Thomas Wahl
January 2018
IEEE Transactions on Information Forensics and Security
As the new hash standard, Keccak-based Secure Hash Function (SHA-3) will be used in various cryptographic applications. Its security will be of paramount importance to the systems built on top of it. This paper proposes efficient algebraic fault analysis (AFA) methods, and for the first time, applies them onto all four modes of SHA-3 under relaxed fault models. Our AFA utilizes the clear algebraic properties of Keccak operations and is very suitable for fault analysis of SHA-3. Both our analysis and experimental results show that the proposed AFA method is more efficient than the traditional differential fault analysis (DFA) under the single-byte fault model, requiring much fewer faults to recover a whole internal state of the hashing computation. Meanwhile, as AFA is able to exploit all the information available, it can be applied to SHA-3 modes with shorter digests and under more relaxed fault models, where often time the DFA method fails. Our results show that AFA can successfully break all the four SHA-3 modes under a 16-bit fault model, and break SHA3-512 under an even more relaxed fault model, 32-bit fault, all within several minutes. The successful AFA on SHA-3 demonstrates the vulnerability of Keccak algorithms to fault analysis, calling for protections against fault injection and fault analysis.