Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017, Article ID 3834685, 16 pages
https://doi.org/10.1155/2017/3834685
Research Article

Fault Attack on the Authenticated Cipher ACORN v2

1State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
2School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China
3Key Laboratory of Mathematics Mechanization, Academy of Mathematics and System Science, Chinese Academy of Sciences, Beijing, China

Correspondence should be addressed to Xiaojuan Zhang; nc.ca.eii@naujoaixgnahz

Received 9 May 2017; Revised 24 July 2017; Accepted 23 August 2017; Published 2 October 2017

Academic Editor: Angelos Antonopoulos

Copyright © 2017 Xiaojuan Zhang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Fault attack is an efficient cryptanalysis method against cipher implementations and has attracted a lot of attention in recent public cryptographic literatures. In this work we introduce a fault attack on the CAESAR candidate ACORN v2. Our attack is done under the assumption of random fault injection into an initial state of ACORN v2 and contains two main steps: fault locating and equation solving. At the first step, we first present a fundamental fault locating method, which uses 99-bit output keystream to determine the fault injected location with probability . And then several improvements are provided, which can further increase the probability of fault locating to almost 1. As for the system of equations retrieved at the first step, we give two solving methods at the second step, that is, linearization and guess-and-determine. The time complexity of our attack is not larger than at worst, where is the number of fault injections such that and is the time complexity of solving linear equations. Our attack provides some insights into the diffusion ability of such compact stream ciphers.