Differential Fault Analysis on Midori

Citation: Wei Cheng, Yongbin Zhou, Laurent Sauvage. Differential Fault Analysis on Midori. ICICS 2016 : 307-317. [Online link, Full version, BibTeX]

Midori is an energy-efficient lightweight block cipher published by Banik et al. in ASIACRYPT 2015, which consists of two variants with block sizes of 64-bit and 128-bit, respectively. In this paper, a new method is proposed to exploit cell-oriented fault propagation patterns in recognizing appropriate faulty ciphertexts and fault positions, which poses a serious threat to practical security of Midori. In light of this, we present a Differential Fault Attack against the Midori using cell-oriented fault model. Specifically, by inducing two random cell faults into the input of the antepenultimate round, our attack reduces the secret key search space from $2^{128}$ to $2^{32}$ for Midori-128 and from $2^{128}$ to $2^{80}$ for Midori-64, respectively. Our experiments confirmed that two faulty ciphertexts induced into the input of antepenultimate round could recover twelve in sixteen cells of subkey with over 80% probability