Fault Attacks on Stream Cipher Scream
Fault Attacks on Stream Cipher Scream
In this paper we present a differential fault attack (DFA) on the stream cipher Scream which is designed by the IBM researchers Coppersmith, Halevi, and Jutla in 2002. The known linear distinguishing attack on Scream takes 2120 output words and there is no key recovery attack on it, since the S-box used by Scream is key-dependent and complex. Under the assumption that we can inject random byte faults in the same location multiple number of times, the 128-bit key can be recovered with 294 computations and 272 bytes memory by injecting around 2000 faults. Then combined with the assumption of related key attacks, we can retrieve the key with 244 computations and 240 bytes memory. The result is verified by experiments. To the best of the our knowledge this is the first DFA and key recovery attack on Scream.
- State Key Laboratory of Information Security China (People's Republic of)
- Institute of Software China (People's Republic of)
- Chinese Academy of Sciences China (People's Republic of)
- Institute of Information Engineering China (People's Republic of)
- China Tianjin Tools Research Institute (China) China (People's Republic of)
citations This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).1 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Average influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Average impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average
Citations provided by BIP!Popularity provided by BIP!