Portal de Periódicos da CAPES

Floating Fault Analysis of Trivium

2008; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-540-89754-5_19

1611-3349

Michal Hojsík, Bohuslav Rudolf,

Chaos-based Image/Signal Encryption

One of the eSTREAM final portfolio ciphers is the hardware-oriented stream cipher Trivium. It is based on 3 nonlinear feedback shift registers with a linear output function. Although Trivium has attached a lot of interest, it remains unbroken by passive attacks. At FSE 2008 a differential fault analysis of Trivium was presented. It is based on the fact that one-bit fault induction reveals many polynomial equations among which a few are linear and a few quadratic in the inner state bits. The attack needs roughly 43 induced one-bit random faults and uses only linear and quadratic equations. In this paper we present an improvement of this attack. It requires only 3.2 one-bit fault injections in average to recover the Trivium inner state (and consequently its key) while in the best case it succeeds after 2 fault injections. We termed this attack floating fault analysis since it exploits the floating model of the cipher. The use of this model leads to the transformation of many obtained high-degree equations into linear equations. The presented work shows how a change of the cipher representation may result in much better attack.