hard fault analysis of trivium

Information Sciences 229 (2013) 142–158

Contents lists available at SciVerse ScienceDirect

Information Sciences

journal homepage: www.elsevier .com/locate / ins

Hard fault analysis of Trivium q

0020-0255/$ - see front matter � 2012 Elsevier Inc. All rights reserved.http://dx.doi.org/10.1016/j.ins.2012.12.014

q This work was supported in part by National Science Foundation of China (60833008), in part Science and Technology on CommunicationLaboratory (9140C110201110C1102) and in part 973 Project (2007CB311201).⇑ Corresponding author.

E-mail addresses: [email protected] (Y.-p. Hu), [email protected] (F.-r. Zhang), [email protected] (W.-z. Zhang).

Yu-pu Hu a,⇑, Feng-rong Zhang a, Wen-zheng Zhang b

a State Key Laboratory of Integrated Services Networks, Xidian University, Xi’an 710071, PR Chinab Science and Technology on Communication Security Laboratory, The 30th Research Institute of China Electronics Technology Group Corporation,Chengdu 610041, PR China

a r t i c l e i n f o

Article history:Received 4 October 2010Received in revised form 9 October 2012Accepted 9 December 2012Available online 19 December 2012

Keywords:Side-channel analysisFault analysisStream cipherTrivium

a b s t r a c t

Fault analysis is an attack on stream ciphers with potential power. Up until now, majorefforts on fault analysis have been to simplify the cipher by injecting some soft faults, thatis, momentarily changing values of some register bits. We call this soft fault analysis. As ahardware-oriented stream cipher, Trivium is weak under soft fault analysis.

In this paper we consider another type of fault analysis. It is to simplify the cipher byinjecting some hard faults, that is, permanently setting values of some register bits to bezero. We call this hard fault analysis, and use it to analyze Trivium. We classify the faultspositions into seven cases, and in five cases the cipher can be broken or be efficiently sim-plified. We present the following results about such attack on Trivium. In one case with theprobability not smaller than 0.2396, the attacker can obtain 69 bits of the 80-bit key. Inanother case with the probability not smaller than 0.2292, the attacker can recover the fullkey. In the third case with the probability not smaller than 0.2292, the attacker can par-tially solve the key. In the fourth case with non-negligible probability, the attacker canobtain a simplified cipher, with smaller number of state bits and slower non-linearizationprocedure. In the fifth case with non-negligible probability, the attacker can obtain anothersimplified cipher. The attacker’s computations are simple and immediate, and the ciphercan be broken or be efficiently simplified with the probability not smaller than 0.698.Besides, these five cases can be distinguished by observing the keystream.

� 2012 Elsevier Inc. All rights reserved.

1. Introduction

1.1. Background and results of our work

Side-channel analysis is a class of attacks on ciphers. It combines physical tools and mathematical methods to simplify thecipher, so that it reveals the hidden secrets. It has been found that side-channel analysis is quite effective against streamciphers [18], including fault analysis [10], power analysis [9], timing analysis, electromagnetic leakage analysis, and soon. In the class of side-channel analysis, fault analysis is an attack with potential power. Up until now, major efforts on faultanalysis have been to simplify the cipher by injecting some soft faults (that is, by changing the values of some positions atsome moment), thus revealing the key hidden in the encryption machine. We call such attack soft fault analysis. Soft fault

Security

http://dx.doi.org/10.1016/j.ins.2012.12.014

mailto:[email protected]




http://www.sciencedirect.com/science/journal/00200255

http://www.elsevier.com/locate/ins

Y.-p. Hu et al. / Information Sciences 229 (2013) 142–158 143

analysis is a known differential attack [5], by which the attacker can obtain additional low-degree-equations of the state.Trivium [6,7] is a hardware-oriented stream cipher, and one of the finally chosen ciphers by eSTREAM project, but it is weakunder soft fault analysis [11,12].

In this paper we consider another type of fault analysis. It is to simplify the cipher by injecting some hard faults (that is, bysetting the values of some positions to be permanently 0). We call this hard fault analysis. Such attack was presented byBiham and Shamir [4], which was used for breaking block ciphers. In this paper we use such attack to analyze Trivium.We classify the fault positions into seven cases. We present the following results about hard fault analysis of Trivium. In Case1 (94 6 PL 6 162, where PL is the lowest position of the injected faults) with the probability not smaller than 69/288 � 0.2396, the attacker can obtain 69 bits of the 80-bit key. In Case 2 ð178 6 PL 6 243Þ with the probability not smallerthan 66/288 � 0.2292, the attacker can recover the full key. In Case 3 ð1 6 PL 6 66Þwith the probability not smaller than 66/288 � 0.2292, the attacker can partially solve the key. In Case 4 ð163 6 PL 6 171Þwith non-negligible probability, the attack-er can obtain a simplified cipher, with a smaller number of state bits and slower non-linearization procedure. In Case 5ð172 6 PL 6 176Þ with non-negligible probability, the attacker can obtain another simplified cipher. The attacker’s compu-tations are simple and immediate. Besides, these five cases can be distinguished by observing the keystream.

The contents are organized as follows. Section 1.2 is explanation and review of the soft/hard fault analysis. Section 1.3 isan introduction to related work on Trivium. In Section 2 we prepare for the hard fault analysis of Trivium, including adescription of Trivium, our assumptions, notations, and some facts. In Section 3 we present different features of the faultinjected machine, in seven different cases. In this section we show that, in each of the former five cases, either the keycan be revealed, or the cipher can be practically simplified. In Section 4 we present an algorithm to identify the cases, byobserving the keystream. In this section we identify the former four cases with the probability close to 1, and identify Case5 with the probability no smaller than 5=6. Section 5 is the conclusion and future work expectations.

1.2. Soft fault analysis and hard fault analysis

Soft fault analysis is based on soft fault injection. At a random moment of the encryption machine’s driving procedure, theattacker changes the values of some random positions of the state. By doing this, the attacker can obtain several additionallow-degree-equations of the state.

Hard fault analysis is based on hard fault injection. The attacker makes the values of some random positions of the state tobe permanently 0. That is, after hard fault injection, those injected bits can be read out as 0, but can no longer be written in.We know that the encryption machine’s driving procedure is extremely fast. On the other hand, the hard fault injection pro-cedure is not so fast, with some time interval. If the hard fault injection is made during the encryption machine’s drivingprocedure, the distribution of the fault positions may be too complicated to be analyzed. Besides, such injection may com-pletely destroy the key. According to this technical restriction, the hard fault injection must be made before the encryptionmachine’s driving procedure.

Four contrasts between hard fault analysis and soft fault analysis are as follows.Contrast 1: Hard fault analysis is more practical than soft fault analysis. The main criticism against soft fault analysis was

the transient fault model that was claimed to be unrealistic [4]. Skorobogatov and Anderson reported [19] a transient softfault injection, but a common understanding is that soft fault injection does not reach the precision needed for analyzingan ordinary cipher. Hard fault injection is a current technique for micro-probing, and has already become real danger to ci-pher chip [1]. For example, DS5003 is a new product of Maxim. It is a secure microprocessor chip, which uses a coating tech-nique, for resisting hard fault injection.

Contrast 2: Hard fault analysis is more expensive than soft fault analysis. Soft fault injection is assumed to be made bysimple fault induction (special kind of light, magnetic disturbance, or other brute methods). Hard fault injection needsexpensive FIB and related equipment.

Contrast 3: Mathematically speaking, hard fault analysis is more powerful than soft fault analysis for simplifying thecipher.

Contrast 4: Hard fault analysis is destructive, while soft fault analysis is not. After soft fault analysis, an encryption ma-chine can be returned back to the owner and be used again. On the other hand, after hard fault analysis, an encryption ma-chine is destroyed, so it seems meaningless to reveal the hidden key for this machine. By this, it may be considered that hardfault analysis is not as valuable as soft fault analysis. This may also be the reason that hard fault analysis has sparsely ap-peared in the literature of stream cipher analysis.

For Contrast 4, we argue that hard fault analysis is useful in some application scenarios. One scenario is that the currentkey is used for decrypting the former plain-texts before they are outdated. Another scenario is that the system has a weakkey-renewal-algorithm, where the current key can help to predict future keys. The third scenario is that several machinesshare a common key, or have closely related keys.

We find that hard fault analysis is usually effective against those stream ciphers based on shift-registers. The major func-tion of a hard fault injection is to cut off the shifting routine of registers, so as to simplify the cipher. Hard fault analysis isespecially effective against those stream ciphers based on circular-type-shift-registers (shift-registers which are head–tail-linked), and Trivium is one of such stream ciphers. Hard fault analysis is ineffective against those stream ciphers, whose staterenewal is not simple shift-registers. Mickey (another finalist of eSTREAM) is one of such stream ciphers.

144 Y.-p. Hu et al. / Information Sciences 229 (2013) 142–158

1.3. Related work on Trivium

Many previous results in Trivium cryptanalysis have been mentioned by Hojsik and Rudolf in [11, Section 2] and [12, Sec-tion 2]. Here we only briefly mention the results obtained recently. Priemuth-Schmid and Biryukov [17] presented slid pairs inTrivium. They showed that initialization and keystream generation of Trivium is slidable, that is, one can find distinct (Key, IV)pairs that produce identical (or closely related) keystreams. There are more than 239 such pairs in Trivium. Pasalic [16] mainlyconsidered the scenario where the key differential and/or IV differential influence the internal state of the cipher. They showedthat under certain circumstances a chosen IV attack may be transformed into a chosen key attack. Based on the idea of cubeattack proposed by Dinur and Shamir [8], Bedi and Pillai [3] presented cube attacks on Trivium. Aumasson et al. [2] presenteda clearer result with regards to cube attack on reduced-round Trivium.

As for recent applications of fault analysis to other cryptosystems, Lin and Chang [15] presented a novel security enhance-ment for signature schemes with fault tolerance. Li et al. [14] presented a fault analysis on block cipher ARIA. Kim [13] pre-sented a fault analysis on block cipher AES (Advanced Encryption Standard).

2. Preparation for hard fault analysis of Trivium

2.1. Trivium key-stream generation and Trivium state initialization

The state of Trivium is 288 bits long, denoted as ðs1; . . . ; s288Þ. The state is renewed by 3 combined NFSRs (Non-linear Feed-back Shift Registers). The first NFSR is 93 bits long, denoted as ðs1; . . . ; s93Þ. The second NFSR is 84 bits long, denoted asðs94; . . . ; s177Þ. The third NFSR is 111 bits long, denoted as ðs178; . . . ; s288Þ. Current keystream bit is a linear function of currentstate. Table 1 is an equivalent algorithm for the keystream generation.

The key is 80 bits long denoted as ðk1; . . . ; k80Þ, and it is kept secret. IV (Initial Vector) is 80 bits long denoted asðIV1; . . . ; IV80Þ, and it is public. In other words, if anyone obtains an encryption machine, he can arbitrarily set the valuefor IV. Table 2 is an equivalent algorithm for the initial state generation.

Table 1 and Table 2 show that for keystream generation and initial state generation, the state renewal is the same. In de-tail, let sðt;jÞ denote the state bit at time t and position j, then Table 3 presents a clearer description for the state renewal.

Lemma 1 ([6,7]). Let ðs1; . . . ; s288Þ denote the initial state (that is, the state at the time just before generating z0). Takefz0; z1; z2; . . .g as functions of ðs1; . . . ; s288Þ. Then

(1) fz0; z1; . . . ; z65g are 66 linear functions.(2) fz66; z67; . . . ; z147g are 82 quadratic functions.(3) fz148; z149; . . . ; z213g are 66 cubic functions.(4) Each of fz214; z215; . . .g is at least a quartic function.

Lemma 1 shows such a weakness of Trivium that its non-linearization procedure is over slow. By knowing the keystream,a large number of low-degree-equations will be obtained.

2.2. Assumptions, notations and some facts

Suppose that the attacker obtains an encryption machine (or an encryption card) equipped with Trivium. He wants toobtain the hidden key ðk1; . . . ; k80Þ. He makes a hard fault injection. That is, he set the values of some positions of the stateto be permanently 0. These positions are called fault positions. He uses a corrupting tool, with a ball-pen-like shape, to pointrandomly onto the state once. Three NFSRs are separated each other, that is, if the corrupting tool points onto the state once,only one NFSR is pointed. For the sake of simplifying the cryptanalysis, he only makes such injection once. Now we formalizethe fault model. We have only two restrictions. One restriction is that the hard fault bits must be within one random NFSR,from three NFSRs. Another restriction is that, if the fault injection points at one NFSR, each bit in this NFSR is fault injectedwith same conditional probability. The attacker does not need to know this conditional probability. In this random NFSR,there is no any limitation to the number and the positions of the fault bits. At injecting moment, the attacker cannot controlfault positions. After injection, he does not know fault positions. He can only in the later obtain some information about faultpositions, by checking the keystream.

Then he sets ðIV1; . . . ; IV80Þ ¼ ð0; . . . ;0Þ. That is, for initial state generation procedure, the input state is

ðs1; . . . ; s93Þ ðk1; . . . ; k80;0; . . . ;0Þ;ðs94; . . . ; s177Þ ð0; . . . ;0Þ;ðs178; . . . ; s288Þ ð0; . . . ;0;1;1;1Þ:

Then he starts up the machine (initial state generation and keystream generation), and checks the output keystream fromthis fault-injected machine.

It is easy to see that our assumptions are quite trivial.

Table 1The keystream generation algorithm.

Input: the initial state ðs1; . . . ; s288Þ, the number of output bits N 6 264

Output: keystream ðz0; z1; z2; . . . ; zN�1Þ

1: for i ¼ 0 to N � 1 do2: zi s66 þ s93 þ s162 þ s177 þ s243 þ s288

3: t1 s66 þ s91s92 þ s93 þ s171

4: t2 s162 þ s175s176 þ s177 þ s264

5: t3 s243 þ s286s287 þ s288 þ s69

6: ðs1; . . . ; s93Þ ðt3; s1; . . . ; s92Þ7: ðs94; . . . ; s177Þ ðt1; s94; . . . ; s176Þ8: ðs178; . . . ; s288Þ ðt2; s178; . . . ; s287Þ9: end for


PL denotes the lowest position of injected faults. By considering the special structure of Trivium, we classify the value of PL

into seven cases.

Case 1 : 94 6 PL 6 162.Case 2 : 178 6 PL 6 243.Case 3 : 1 6 PL 6 66.Case 4 : 163 6 PL 6 171.Case 5 : 172 6 PL 6 176.Case 6 : PL ¼ 177.Case 7 : other values of PL, that is,

67 6 PL 6 93 or 244 6 PL 6 288:

To estimate probabilities of various cases, we consider our assumptions (the attacker uses a tool, to point randomly ontothe state, and three NFSRs are separated each other). Under these assumptions, the probabilities the tool points onto threeNFSRs are 93/288, 84/288 and 111/288 respectively.

Now we prove that the probability of Case 1 is not smaller than 69/288. First, suppose that the tool points onto the secondNFSR (fault positions are among {94,95, . . . ,177}), and the number of fault bits is fixed as k. Under such double conditions,

the event 163 6 PL 6 177 has conditional probability 15k

� ��84k

� �. Notice that this conditional probability has an upper

bound 15/84, and that this upper bound is not related to k, the number of fault bits. Then, suppose that the tool points ontothe second NFSR, and the number of fault bits is a random variable. From the discussion above, conditional probability of theevent 163 6 PL 6 177 has an upper bound 15/84, for any distribution of the number of fault bits. Finally, we can summarizethat the event 163 6 PL 6 177 has the probability that is not larger than (84/288) � (15/84) = 15/288. This implies that theprobability of Case 1 is not smaller than (84/288) � (15/288) = 69/288.

Similarly, the probability of Case 2 is not smaller than 66/288, and the probability of Case 3 is not smaller than 66/288.The probabilities of Case 4, Case 5, Case 6 and Case 7 depend on more detailed probability model, especially depending on

the distribution of the number of fault bits. Unless the detailed probability model is special, we can always say that theseprobabilities are non-negligible. As an example, we only compute the probability of Case 6. Suppose that, if the fault injectionpoints at the second NFSR, each of 84 bits is fault injected with same conditional probability a. Then the probability of Case 6is 84

288� a� ð1� aÞ83. If 0:01 6 a 6 0:1, this conditional probability is non-negligible.We call the input state the state at time 0, and sequentially rank the state at time 1, 2, . . . . With this ranking, the initial

state (that is, the state at the time just before generating z0) is the state at time 1152. ðsðt;1Þ; sðt;2Þ; . . . ; sðt;288ÞÞ denotes the stateat time t. For each m P 0, the keystream bit zm has such a representation

zm ¼ sðmþ1152;66Þ þ sðmþ1152;93Þ þ sðmþ1152;162Þ þ sðmþ1152;177Þ þ sðmþ1152;243Þ þ sðmþ1152;288Þ:

‘‘�’’ denotes an arbitrary bit-value. F denotes the set of fault positions.Some simple facts about the hard fault injection are as follows.F � f1;2; . . . ;93g or F � f94;95; . . . ;177g or F � f178;179; . . . ;288g.Suppose j 2 F, and 1 6 j 6 93. Then sðt;jþmÞ ¼ 0 for each (t, m) such that t P 0 and 0 6 m 6 minf93� j; tg.Suppose j 2 F, and 94 6 j 6 177. Then sðt;jþmÞ ¼ 0 for each (t, m) such that t P 0 and 0 6 m 6 minf177� j; tg.Suppose j 2 F, and 178 6 j 6 288. Then sðt;jþmÞ ¼ 0 for each (t, m) such that t P 0 and 0 6 m 6 minf288� j; tg.

Table 2The initial state generation algorithm.

Input: the state ðs1; . . . ; s93Þ ðk1; . . . ; k80 ;0; . . . ;0Þ ðs94; . . . ; s177Þ ðIV1; . . . ; IV80;0; . . . ;0Þ ðs178; . . . ; s288Þ ð0; . . . ;0;1;1;1ÞOutput: the initial state ðs1; . . . ; s288Þ

1: for i ¼ 1 to 1152 do2: t1 s66 þ s91s92 þ s93 þ s171

3: t2 s162 þ s175s176 þ s177 þ s264

4: t3 s243 þ s286s287 þ s288 þ s69

5: ðs1; . . . ; s93Þ ðt3; s1; . . . ; s92Þ6: ðs94; . . . ; s177Þ ðt1; s94; . . . ; s176Þ7: ðs178; . . . ; s288Þ ðt2; s178; . . . ; s287Þ8: end for


3. Features of fault injected machine in seven cases

In this section we present our major results, which are all propositions. Their proofs are in A.

3.1. Features of fault injected machine in Case 1: 94 6 PL 6 162

Proposition 1. Suppose 94 6 PL 6 162. Then the keystream (z0z1z2. . .) has a period 69, where

ðz0; z1; z2; . . . ; z68Þ ¼ ðk18; k17; . . . ; k1; k69; k68 þ 1; k67 þ 1; k66; k65; . . . ; k19Þ:


Proposition 2. Suppose 178 6 PL 6 243. Then

(1) The keystream (z0z1z2. . .) has a period 3588.(2) By knowing the values of fz0; z1; z2; . . . ; z3587g, the attacker obtains a group of 3588 linear equations of 216 variables

ðsð27;25Þ; sð27;26Þ; . . . ; sð27;93Þ; sð27;100Þ; sð27;101Þ; . . . ; sð27;177Þ; a28; a29; . . . ; a96Þ;

where ðsð27;172Þ; . . . ; sð27;177ÞÞ are the changed values as described in Lemma 6. For example,

z0 ¼ sð27;45Þ þ sð27;72Þ þ sð27;129Þ þ sð27;144Þ þ a28 þ a34 þ a37 þ a46 þ a58 þ a67 þ a70 þ a76 þ a79 þ a85 þ a88 þ a94:

(3) These 216 variables satisfy another group of 63 linear equations, described as follows:

ðsð27;109Þ; . . . ; sð27;171ÞÞ ¼ ðsð27;82Þ; . . . ; sð27;93Þ;0; . . . ;0Þ:

(4) The rank of two groups of linear equations is equal to 216. That is, 216 variables can be uniquely determined by 3651linear equations.

Now, ðk1; . . . ; k80Þ can be computed from the values of 216 variables mentioned in Proposition 2.First,

ðk1; . . . ; k66; k67; k68; k69Þ ¼ ðsð27;28Þ; . . . ; sð27;93Þ; sð27;25Þ þ 1; sð27;26Þ þ 1; sð27;27ÞÞ:

Second, ðk70; k71; . . . ; k80Þ can be gradually computed from equations

sð27;97Þ ¼ k43 þ k68k69 þ k70;

sð27;98Þ ¼ k44 þ k69k70 þ k71;

. . .

sð27;107Þ ¼ k53 þ k78k79 þ k80:

Notice that ðk1; . . . ; k80Þ only depend on

ðsð27;25Þ; . . . ; sð27;93Þ; sð27;97Þ; . . . ; sð27;107ÞÞ;

and are not related to the changed values of

ðsð27;172Þ; . . . ; sð27;177ÞÞ:

In other words, the computed ðk1; . . . ; k80Þ are true values of the key.

Table 3The state renewal.

ðsðtþ1;1Þ; sðtþ1;2Þ; . . . ; sðtþ1;93ÞÞ ¼ ðsðt;243Þ þ sðt;286Þsðt;287Þ þ sðt;288Þ þ sðt;69Þ; sðt;1Þ; . . . ; sðt;92ÞÞðsðtþ1;94Þ; sðtþ1;95Þ; . . . ; sðtþ1;177Þ ¼ ðsðt;66Þ þ sðt;91Þsðt;92Þ þ sðt;93Þ þ sðt;171Þ; sðt;94Þ; . . . ; sðt;176ÞÞðsðtþ1;178Þ; sðtþ1;179Þ; . . . ; sðtþ1;288ÞÞ ¼ ðsðt;162Þ þ sðt;175Þsðt;176Þ þ sðt;177Þ þ sðt;264Þ; sðt;178Þ; . . . ; sðt;287ÞÞ



Proposition 3. Suppose 1 6 PL 6 66. Then

(1) The keystream (z0z1z2. . .) has a period 4524.(2) By knowing the values of ðz0; z1; z2; . . . ; z4523Þ, the attacker obtains a group of 4524 linear equations of 243 variables

ðsð98;100Þ; . . . ; sð98;177Þ; sð98;202Þ; . . . ; sð98;288Þ; b99; . . . ; b176Þ;

where ðsð98;265Þ; . . . ; sð98;288ÞÞ are the changed values as described in Lemma 11. For example,

z0 ¼ sð98;122Þ þ sð98;137Þ þ sð98;233Þ þ sð98;278Þ þ b103 þ b112 þ b115 þ b121 þ b124 þ b133 þ b142 þ b151 þ b163 þ b172:

(3) These 243 variables satisfy another group of 58 linear equations, described as follows.

ðsð98;207Þ; . . . ; sð98;264ÞÞ ¼ ð0; . . . ; 0Þ:

(4) The rank of two groups of linear equations is equal to 243. That is, 243 variables can be uniquely determined by 4582 linearequations.

Up until now, values of 243 variables

ðsð98;100Þ; . . . ; sð98;177Þ; sð98;202Þ; . . . ; sð98;288Þ; b99; . . . ; b176Þ

have been uniquely determined. So that values of 92 variables

ðsð98;100Þ; . . . ; sð98;177Þ; sð98;193Þ; . . . ; sð98;206ÞÞ

have been obtained. Notice that values of these 92 variables are original values, without any change. Now we try to computethe key from values of these 92 variables. We redefine fatþ1; t P 0g. For each t such that t P 0; atþ1 ¼ sðt;66Þþsðt;91Þsðt;92Þ þ sðt;93Þ.By considering Lemma 9, Case 3 and the fact that ðsð0;81Þ; . . . ; sð0;93ÞÞ ¼ ð0; . . . ;0Þ, it is easy to see that

atþ1 ¼ sðt;66Þ for each t such that 0 6 t 6 11,atþ1 ¼ sðt;66Þ þ sðt;91Þsðt;92Þ for t ¼ 12,atþ1 ¼ sðt;91Þsðt;92Þ þ sðt;93Þ for each t such that 65 6 t 6 89,atþ1 ¼ sðt;93Þ for t ¼ 90;91,atþ1 ¼ 0 for each t such that t P 92.

Proposition 4. Suppose 1 6 PL 6 66.

(1) Suppose atþ1 ¼ 1 for some t such that 0 6 t 6 11. Then

ðk66; k65; . . . ; k66�tÞ ¼ ða1; a2; . . . ; atþ1Þ:

(2) Suppose atþ1 ¼ 1 for some t such that 27 6 t 6 91. Then
(a) when 27 6 t 6 38,
ðk66; k65; . . . ; k93�tÞ ¼ ða1; a2; . . . ; at�27þ1Þ;

(b) when 39 6 t 6 91,

ðk66; k65; . . . ; k55Þ ¼ ða1; a2; . . . ; a12Þ:

Proposition 5. Suppose 1 6 PL 6 66.

(1) Suppose atþ1 ¼ 1 for some t such that 65 6 t 6 91. Then a13 ¼ k54 þ k79k80.(2) Suppose atþ1 ¼ 1 for some t such that 65 6 t 6 89. Then(a) either amþ1 ¼ k66�m þ k91�mk92�m þ k93�m for each m such that 13 6 m 6 t � 27,(b) or amþ1 ¼ k66�m þ k91�mk92�m for each m such that 13 6 m 6 t � 27.(3) Suppose atþ1 ¼ 1 for some t such that 90 6 t 6 91. Then amþ1 ¼ k66�m þ k91�mk92�m þ k93�m for each m such that

13 6 m 6 t � 27.



Proposition 6. Suppose we are in Case 4: 163 6 PL 6 171. Then

(1) For each t such that t P 0,

ðsðt;171Þ; . . . ; sðt;177ÞÞ ¼ ð0; . . . ;0Þ;

so that generation of the keystream (z0z1z2. . .) is degraded as

zt ¼ sðtþ1152;66Þ þ sðtþ1152;93Þ þ sðtþ1152;162Þ þ sðtþ1152;243Þ þ sðtþ1152;288Þ; t P 0;

and the state is degraded into 273 bits

ðsðt;1Þ; sðt;2Þ; . . . ; sðt;162Þ; sðt;178Þ; sðt;179Þ; . . . ; sðt;288ÞÞ:

(2) The state renewal is the follow.

ðsðtþ1;1Þ; sðtþ1;2Þ; . . . ; sðtþ1;93ÞÞ ¼ ðsðt;243Þ þ sðt;286Þsðt;287Þ þ sðt;288Þ þ sðt;69Þ; sðt;1Þ; . . . ; sðt;92ÞÞ;ðsðtþ1;94Þ; sðtþ1;95Þ; . . . ; sðtþ1;162ÞÞ ¼ ðsðt;66Þ þ sðt;91Þsðt;92Þ þ sðt;93Þ; sðt;94Þ; . . . ; sðt;161ÞÞ;ðsðtþ1;178Þ; sðtþ1;179Þ; . . . ; sðtþ1;288ÞÞ ¼ ðsðt;162Þ þ sðt;264Þ; sðt;178Þ; . . . ; sðt;287ÞÞ:

(3) The state renewal is reversible, and the inverse is the follow.

ðsðt;1Þ; sðt;2Þ; . . . ; sðt;93ÞÞ ¼ ðsðtþ1;2Þ; sðtþ1;3Þ; . . . ; sðtþ1;93Þ; sðtþ1;67Þ þ sðtþ1;92Þsðtþ1;93Þ þ sðtþ1;94ÞÞ;ðsðt;94Þ; sðt;95Þ; . . . ; sðt;162ÞÞ ¼ ðsðtþ1;95Þ; sðtþ1;96Þ; . . . ; sðtþ1;162Þ; sðtþ1;178Þ þ sðtþ1;265ÞÞ;ðsðt;178Þ; sðt;179Þ; . . . ; sðt;288ÞÞ ¼ ðsðtþ1;179Þ; sðtþ1;180Þ; . . . ; sðtþ1;288Þ; sðtþ1;244Þ þ sðtþ1;287Þsðtþ1;288Þ þ sðtþ1;1Þ þ sðtþ1;70ÞÞ:

(4) Change IV (Initial Vector) from ðIV1; . . . ; IV80Þ ¼ ð0; . . . ;0Þ to the follow: IVj ¼ 0 for each j such that 1 6 j 6 80, exceptIV70 ¼ 1. Then the keystream (z0z1z2. . .) are kept unchanged.

Proposition 6 is clear by considering Trivium keystream generation and Trivium state renewal. Proposition 7 is our check-ing result.

Proposition 7. Suppose we are in Case 4: 163 6 PL 6 171. Let ðs1; . . . ; s162; s178; . . . ; s288Þ denote the initial state (that is, the stateat the time just before generating z0). Take fz0; z1; z2; . . .g as functions of ðs1; . . . ; s162; s178; . . . ; s288Þ. Then


Propositions 6 and 7 present a simpler cipher than Trivium. It has a smaller number of state bits and a slower non-lin-earization procedure. So that it is easier to solve the state at a fixed time. Reversibility is important because, if the stateat a fixed time is known, the key will be known by reversing the state.


Proposition 8. Suppose we are in Case 5: 172 6 PL 6 176. Then

(1) Generation of the keystream (z0z1z2. . .) is degraded as

zt ¼ sðtþ1152;66Þ þ sðtþ1152;93Þ þ sðtþ1152;162Þ þ sðtþ1152;243Þ þ sðtþ1152;288Þ; t P 0:

(2) Suppose m is the earliest time such that, for each t P m; ðsðt;176Þ; sðt;177ÞÞ ¼ ð0;0Þ. Then for each t P mþ 9, we have
(a) The state is degraded into 273 bits ðsðt;1Þ; sðt;2Þ; . . . ; sðt;162Þ; sðt;178Þ; sðt;179Þ; . . . ; sðt;288ÞÞ.(b) The state renewal is the follow.
ðsðtþ1;1Þ; sðtþ1;2Þ; . . . ; sðtþ1;93ÞÞ ¼ ðsðt;243Þ þ sðt;286Þsðt;287Þ þ sðt;288Þ þ sðt;69Þ; sðt;1Þ; . . . ; sðt;92ÞÞ;ðsðtþ1;94Þ; sðtþ1;95Þ; . . . ; sðtþ1;162ÞÞ ¼ ðsðt;66Þ þ sðt;91Þsðt;92Þ þ sðt;93Þ þ sðt;186Þ þ sðt;273Þ;ðt;94Þ; . . . ; sðt;161ÞÞ;ðsðtþ1;178Þ; sðtþ1;179Þ; . . . ; sðtþ1;288ÞÞ ¼ ðsðt;162Þ þ sðt;264Þ; sðt;178Þ; . . . ; sðt;287ÞÞ:


(c) The state renewal is reversible, and the inverse is the follow.

ðsðt;1Þ; sðt;2Þ; . . . ; sðt;93ÞÞ ¼ ðsðtþ1;2Þ; sðtþ1;3Þ; . . . ; sðtþ1;93Þ; sðtþ1;67Þ þ sðtþ1;92Þsðtþ1;93Þ þ sðtþ1;94Þ þ sðtþ1;187Þ þ sðtþ1;274ÞÞ;

ðsðt;94Þ; sðt;95Þ; . . . ; sðt;162ÞÞ ¼ ðsðtþ1;95Þ; sðtþ1;96Þ; . . . ; sðtþ1;162Þ; sðtþ1;178Þ þ sðtþ1;265ÞÞ;

ðsðt;178Þ; sðt;179Þ; . . . ; sðt;288ÞÞ ¼ ðsðtþ1;179Þ; sðtþ1;180Þ; . . . ; sðtþ1;288Þ; sðtþ1;1Þ þ sðtþ1;70Þ þ sðtþ1;244Þ þ sðtþ1;287Þsðtþ1;288ÞÞ:

(3) Change IV (Initial Vector) from ðIV1; . . . ; IV80Þ ¼ ð0; . . . ;0Þ to the follow: IVj ¼ 0 for each j such that 1 6 j 6 80, exceptIV79 ¼ 1. Then the keystream (z0z1z2. . .) are kept unchanged.

Proposition 8 is our checking result.

Proposition 9. Suppose we are in Case 5: 172 6 PL 6 176. Let ðs1; . . . ; s162; s178; . . . ; s288Þ denote the initial state (that is, the stateat the time just before generating z0). Take fz0; z1; z2; . . .g as functions of ðs1; . . . ; s162; s178; . . . ; s288Þ. Then


Propositions 8 and 9 present another simpler cipher than Trivium. It has a smaller number of state bits and a slower non-linearization procedure. Thus, it is easier to solve the state at a fixed time. If the state at a fixed time is known, the state attime 14 will be known by reversing the state, described in Proposition 8 (we know that 14 P mþ 9), where m is the earliesttime such that, for each t P m; ðsðt;176Þ; sðt;177ÞÞ ¼ ð0;0ÞÞ.

Suppose that the state at time 14 is known. We know that

ðk1; . . . ; k79Þ ¼ ðsð14;15Þ; sð14;16Þ; . . . ; sð14;93ÞÞ:

Then, if m < 5; k80 ¼ sð13;93Þ ¼ sð14;67Þ þ sð14;92Þsð14;93Þ þ sð14;94Þ þ sð14;187Þ þ sð14;274Þ, according to Proposition 8. If m ¼ 5, the valueof k80 cannot be determined.

3.6. Features of fault injected machine in Cases 6 and 7

Suppose we are in Case 6: PL ¼ 177. Then we can still obtain some degradation in keystream generation and state renew-al. However, degraded state renewal is irreversible, so that Case 6 has no practical power for searching the key.

Case 6 has a peculiar feature. Change IV (Initial Vector) as ðIV1; . . . ; IV78Þ ¼ ð0; . . . ;0Þ, and ðIV79; IV80Þ– ð0;0Þ. Then the key-stream (z0z1z2. . .) are kept unchanged.

Suppose we are in Case 7: 67 6 PL 6 93 or 244 6 PL 6 288. Then there are many features similar to the former cases. Hereare some examples.

If 244 6 PL 6 264, the features are similar to those of Case 4.If 265 6 PL 6 287, the features are similar to those of Case 5.If PL ¼ 288, the features are similar to those of Case 6.If 67 6 PL 6 69, the features are similar to those of Case 4.If 70 6 PL 6 92, the features are similar to those of Case 5.If PL ¼ 93, the features are similar to those of Case 6.

3.7. Experiments

In this subsection we take the key as

k1k2 . . . k80 ¼ 1101010011; 0010101100;1111100000;1010101010;1100110011;0011001100;1001110000;0110001111:

Under our fault model, we drive the fault injected Trivium on the computer, and verify the correctness of someresults.

Experiment 1: Take the set of fault positions as f115;136;170g. This is Case 1. Then (z0z1z2. . .) has a period 69, and

z0z1z2 . . . z68 ¼ 1101010011;0010101101;1111001001;1001100110;0110011010;1010101000;001111100

¼ k18; k17; . . . ; k1; k69; k68 þ 1; k67 þ 1; k66; k65; . . . ; k19:

Experiment 2: Take the set of fault positions as f179;264g. This is Case 2. Then (z0z1z2. . .) has a period 3588.


Experiment 3: Take the set of fault positions as f33;44;55;66;77;88g. This is Case 3. Then (z0z1z2. . .) has a period 4524.

4. Cases checking

From the last section, we know that the attacker can break Trivium to different extents in different cases. Next question ishow to check the case, but the last section has already given the answer. In this section we present an algorithm, to check thecase by observing the keystream (z0z1z2. . .). We first define 6 features for (z0z1z2. . .).

Feature 1: ðz0z1 . . . z68Þ ¼ ðz69z70 . . . z137Þ.Feature 2: ðz0z1 . . . z3587Þ ¼ ðz3588z3589 . . . z7175Þ.Feature 3: ðz0z1 . . . z4523Þ ¼ ðz4524z4525 . . . z9047Þ.Feature 4: Change IV70 from 0 to 1, then ðz0z1z2 . . . z287Þ are kept unchanged.Feature 5: Change IV79 from 0 to 1, then ðz0z1z2 . . . z287Þ are kept unchanged.Feature 6: Change IV80 from 0 to 1, then ðz0z1z2 . . . z287Þ are kept unchanged.Then we point out some facts, as the follow.In Case 1, (z0z1z2. . .) satisfies Feature 1.In Case 2, (z0z1z2. . .) satisfies Feature 2.In Case 3, (z0z1z2. . .) satisfies Feature 3.In Case 4, (z0z1z2. . .) satisfies Feature 4.In Case 5, (z0z1z2. . .) satisfies Feature 5.In Case 5, (z0z1z2. . .) may or may not satisfy Feature 6.In Case 6, (z0z1z2. . .) satisfies both Features 5 and 6.Then we present some natural assumptions, described in the follow.

1. If the case is not Case 1, (z0z1z2. . .) satisfies Feature 1 with a negligible probability.2. If the case is neither Case 1 nor Case 2, (z0z1z2. . .) satisfies Feature 2 with a negligible probability.3. If the case is not from fCase 1;Case 2;Case 3g; ðz0z1z2 . . .Þ satisfies Feature 3 with a negligible probability.4. If the case is not from fCase 1;Case 2;Case 3;Case 4g, (z0z1z2. . .) satisfies Feature 4 with a negligible probability.5. In Case 7, (z0z1z2. . .) satisfies Feature 5 with a negligible probability.6. In Case 7, (z0z1z2. . .) satisfies Feature 6 with a negligible probability.

Algorithm Suppose that the attacker has obtained the keystream ðz0z1 . . .Þ, from a hard-fault-injected machine.

1. If (z0z1z2. . .) satisfies Feature 1, take the case as Case 1.2. If (z0z1z2. . .) does not satisfy Feature 1, but satisfies Feature 2, take the case as Case 2.3. If (z0z1z2. . .) does not satisfy each from Feature 1, Feature 2, but satisfies Feature 3, take the case as Case 3.4. If (z0z1z2. . .) does not satisfy each from fFeature 1; Feature 2; Feature 3g, but satisfies Feature 4, take the case as

Case 4.5. If (z0z1z2. . .) does not satisfy each from fFeature 1; Feature 2; Feature 3; Feature 4g, but satisfies both Features 5 and 6,

take the case as from fCase 5;Case 6g.6. If (z0z1z2. . .) does not satisfy each from Feature 1, Feature 2, Feature 3, Feature 4, Feature 6, but satisfies Feature 5, take the

case as Case 5.7. If (z0z1z2. . .) does not satisfy each from Feature 1, Feature 2, Feature 3, Feature 4, Feature 5, Feature 6, take the case as Case 7.

Under our natural assumptions, Algorithm selects wrong cases with a negligible probability. Besides, in step (5) we canalso take the case directly as Case 5. The probability for mistaking the case should be no more than 1/6, under any compre-hensive fault model.

5. Conclusion and future work

From all of the discussions above, it is clear that Trivium is weak under hard fault analysis, with our trivial assumptions.The cipher can be broken or be efficiently simplified with the probability not smaller than 0.698.

Hard fault injection will lead us to continue our work. One future work is combined fault analysis of Grain. Grain is an-other hardware-oriented stream cipher, and one of the finally chosen ciphers by eSTREAM project. We find Grain muchstronger under either soft or hard fault analysis. We will combine hard fault injection and soft fault injection, looking forweakness of Grain. The second future work is the study under weaker assumptions. One weaker assumption is that, afterfault injection, the values of those injected bits are permanently 0 or permanently 1. At injecting moment, the attacker can-not control values of hard fault bits. After injection, he does not know true values of hard fault bits. He can only in the late


obtain some information about true values of fault bits by checking the keystream. Such weaker fault model means cheaperequipment and cheaper attack, and means more complicated analysis.

Appendix A

We prove Propositions 1–9. Because of the special structure of Trivium, we need to have a careful discussion on severalkey points. The state at time 27 is a key point of Cases 1 and 2. The states at time 92 and at time 98 are two key points of Case3. The state at time 14 is a key point of Case 5.

Lemma 2. Suppose 94 6 PL 6 162. The state at time 27 is the follow.

(1) ðsð27;1Þ; . . . ; sð27;93ÞÞ ¼ ðk43; . . . ; k66; k67 þ 1; k68 þ 1; k69; k1; . . . ; k66Þ.(2) ðsð27;94Þ; . . . ; sð27;161ÞÞ ¼ ð�; . . . ; �Þ, and ðsð27;162Þ; . . . ; sð27;177ÞÞ ¼ ð0; . . . ; 0Þ.(3) ðsð27;178Þ; . . . ; sð27;288ÞÞ ¼ ð0; . . . ;0Þ.

Lemma 3. Suppose 94 6 PL 6 162.


ðsðtþ1;1Þ; . . . ; sðtþ1;93ÞÞ ¼ ðsðt;69Þ; sðt;1Þ; . . . ; sðt;92ÞÞ:

So that fðsðt;1Þ; . . . ; sðt;93ÞÞ; t P 27g has a period 69.(2) For each t such that t P 27,

ðsðt;70Þ; . . . ; sðt;93ÞÞ ¼ ðsðt;1Þ; . . . ; sðt;24ÞÞ:


ðsðt;162Þ; . . . ; sðt;288ÞÞ ¼ ð0; . . . ;0Þ:

Lemmas 2 and 3 are clear by gradually renewing the state (see Table 3), and by considering the state at time 0:

ðsð0;1Þ; . . . ; sð0;93ÞÞ ¼ ðk1; . . . ; k80;0; . . . ;0Þ:ðsð0;94Þ; . . . ; sð0;177ÞÞ ¼ ð0; . . . ;0Þ:ðsð0;178Þ; . . . ; sð0;288ÞÞ ¼ ð0; . . . ; 0;1;1;1Þ:

Proof of Proposition 1. By Lemmas 2 and 3, z0 ¼ sð1152;66Þ, z1 ¼ sð1153;66Þ; z2 ¼ sð1154;66Þ; . . . So that the keystream (z0z1z2. . .)has a period 69. Again z0 ¼ sð1152;66Þ ¼ sð27;45Þ ¼ k18. Proposition 1 is proved. h

Lemma 4. Suppose 178 6 PL 6 243. The state at time 27 is the follow.

(1) ðsð27;1Þ; . . . ; sð27;93ÞÞ ¼ ðk43; . . . ; k66; k67 þ 1; k68 þ 1; k69; k1; . . . ; k66Þ.(2) ðsð27;94Þ; . . . ; sð27;177ÞÞ ¼ ðk40 þ k65k66 þ k67; k41 þ k66k67 þ k68; . . . ; k53 þ k78k79 þ k80,k54 þ k79k80; k55; k56; . . . ; k66;0; . . . ;0Þ.(3) ðsð27;178Þ; . . . ; sð27;288ÞÞ ¼ ð0; . . . ;0Þ.

Proof. According to Case 2 and Trivium state renewal, we can gradually induce the state at time 27. In the follow we presentdetailed induction.

The state at time 1:

ðsð1;1Þ; . . . ; sð1;93ÞÞ ¼ ðk69; k1; . . . ; k80; 0; . . . ;0Þ;ðsð1;94Þ; . . . ; sð1;177ÞÞ ¼ ðk66;0; . . . ;0Þ;ðsð1;178Þ; . . . ; sð1;288ÞÞ ¼ ð0; . . . ; 0;1;1Þ:


ðsð2;1Þ; . . . ; sð2;93ÞÞ ¼ ðk68 þ 1; k69; k1; . . . ; k80;0; . . . ;0Þ;ðsð2;94Þ; . . . ; sð2;177ÞÞ ¼ ðk65; k66;0; . . . ;0Þ;ðsð2;178Þ; . . . ; sð2;288ÞÞ ¼ ð0; . . . ; 0;1Þ:


ðsð3;1Þ; . . . ; sð3;93ÞÞ ¼ ðk67 þ 1; k68 þ 1; k69; k1; . . . ; k80; 0; . . . ;0Þ;ðsð3;94Þ; . . . ; sð3;177ÞÞ ¼ ðk64; k65; k66;0; . . . ;0Þ;ðsð3;178Þ; . . . ; sð3;288ÞÞ ¼ ð0; . . . ; 0Þ:



ðsð12;1Þ; . . . ; sð12;93ÞÞ ¼ ðk58; . . . ; k66; k67 þ 1; k68 þ 1; k69; k1; . . . ; k80;0Þ;ðsð12;94Þ; . . . ; sð12;177ÞÞ ¼ ðk55; . . . ; k66;0; . . . ; 0Þ; ðsð12;178Þ; . . . ; sð12;288ÞÞ ¼ ð0; . . . ;0Þ:


ðsð13;1Þ; . . . ; sð13;93ÞÞ ¼ ðk57; . . . ; k66; k67 þ 1; k68 þ 1; k69; k1; . . . ; k80Þ;ðsð13;94Þ; . . . ; sð13;177ÞÞ ¼ ðk54 þ k79k80; k55; . . . ; k66;0; . . . ;0Þ;ðsð13;178Þ; . . . ; sð13;288ÞÞ ¼ ð0; . . . ;0Þ:


ðsð14;1Þ; . . . ; sð14;93ÞÞ ¼ ðk56; . . . ; k66; k67 þ 1; k68 þ 1; k69; k1; . . . ; k79Þ;ðsð14;94Þ; . . . ; sð14;177ÞÞ ¼ ðk53 þ k78k79 þ k80; k54 þ k79k80; k55; . . . ;

k66;0; . . . ;0Þ; ðsð14;178Þ; . . . ; sð14;288ÞÞ ¼ ð0; . . . ;0Þ:


ðsð27;1Þ; . . . ; sð27;93ÞÞ ¼ ðk43; . . . ; k66; k67 þ 1; k68 þ 1; k69; k1; . . . ; k66Þ;ðsð27;94Þ; . . . ; sð27;177ÞÞ ¼ ðk40 þ k65k66 þ k67; . . . ; k53 þ k78k79 þ k80;

k54 þ k79k80; k55; . . . ; k66;0; . . . ;0Þ; ðsð27;178Þ; . . . ; sð27;288ÞÞ ¼ ð0; . . . ;0Þ:

Lemma 4 is proved. h

Notice that (1) and (2) of Lemma 3 are still true for Case 2: 178 6 PL 6 243. Now we present a definition. For each t suchthat t P 27, define atþ1 ¼ sðt;66Þ þ sðt;91Þsðt;92Þ þ sðt;93Þ. For each t such that 0 6 t < 27, define atþ1 ¼ atþ70.



ðsðtþ1;94Þ; . . . ; sðtþ1;177ÞÞ ¼ ðsðt;171Þ þ atþ1; sðt;94Þ; . . . ; sðt;176ÞÞ:

(2) fatþ1; t P 27g has a period 69.(3)

ða28; . . . ; a96Þ ¼ ðk39 þ k64k65 þ k66; k38 þ k63k64 þ k65; . . . ; k1 þ k26k27 þ k28; k69 þ k25k26 þ k27; k68 þ 1þ k24k25 þ k26; k67

þ 1þ k23k24 þ k25; k66 þ k22k23 þ k24; k65 þ k21k22 þ k23; . . . ; k45 þ k1k2 þ k3; k44 þ k69k1 þ k2; k43 þ ðk68

þ 1Þk69 þ k1; k42 þ ðk67 þ 1Þðk68 þ 1Þ þ k69; k41 þ k66ðk67 þ 1Þ þ k68 þ 1; k40 þ k65k66 þ k67 þ 1Þ:
ðsðt;178Þ; . . . ; sðt;242ÞÞ ¼ ð�; . . . ; �Þ;ðsðt;243Þ; . . . ; sðt;288ÞÞ ¼ ð0; . . . ; 0Þ:

Proof. (1) and (4) are clear from Trivium state renewal, Case 2 and Lemma 4.

According to (1) of Lemma 3, (2) is true.According to (2) of Lemma 3, for each t such that t P 27, each j such that 1 6 j 6 69; sðt;jÞ ¼ sð27;j�tþ27ðmod69ÞÞ. So we have

atþ1 ¼ sðt;66Þ þ sðt;91Þsðt;92Þ þ sðt;93Þ ¼ sðt;66Þ þ sðt;22Þsðt;23Þ þ sðt;24Þ

¼ sð27;24�tðmod69ÞÞ þ sð27;49�tðmod69ÞÞsð27;50�tðmod69ÞÞ þ sð27;51�tðmod69ÞÞ:

By combing this equation and Lemma 4, we can see that (3) is true. Lemma 5 is proved. h

In our next Lemma, we consider a slightly modified version of the state sequence, which is periodic rather than just ulti-mately periodic. This simplifies the proof.

Lemma 6. Suppose 178 6 PL 6 243. Change the state at time 27 as described in the follow, ðsð27;172Þ; . . . ; sð27;177ÞÞ are changed as

ðsð27;172Þ; . . . ; sð27;177ÞÞ ¼ ðsð27;94Þ þ a27; sð27;95Þ þ a26; . . . ; sð27;99Þ þ a22Þ;

and other positions are kept unchanged. Make state renewal to obtain the state at each time t > 27, by this changed state at time27. Compute the keystream (z0z1z2. . .) by the equation


Then

(1) For each t such that t P 33, ðsðt;1Þ; . . . ; sðt;177ÞÞ and ðsðt;243Þ; . . . ; sðt;288ÞÞ are kept unchanged.(2) The keystream (z0z1z2. . .) are kept unchanged.


Proof. Notice that we are in Case 2: 178 6 PL 6 243, and that the state bits shift rightwards. For each t such that t P 33,ðsðt;1Þ; . . . ; sðt;177ÞÞ and ðsðt;243Þ; . . . ; sðt;288ÞÞ are not related to ðsð27;172Þ; . . . ; sð27;177ÞÞ. So that (1) is true. (2) is immediate from (1).Lemma 6 is proved. h

Lemma 7. Suppose 178 6 PL 6 243. Take the changed state at time 27 and make state renewal, as described in Lemma 6. Then foreach t such that t P 27, each j such that 94 6 j 6 177; sðtþ78;jÞ ¼ sðt;jÞ þ atþ172�j.

Proof. We prove Lemma 7 in 5 occasions for ðt; jÞ.Occasion 1 is ft P 27;94 6 j 6 171g.Occasion 2 is ft P 33;172 6 j 6 177g.Occasion 3 is ft ¼ 27;172 6 j 6 177g.Occasion 4 is f28 6 t 6 32;172 6 j 6 177; j� ðt � 27Þ 6 171g.Occasion 5 is f28 6 t 6 32;172 6 j 6 177; j� ðt � 27ÞP 172g.

(1) Suppose ðt; jÞ is of Occasion 1. Then t þ 172� j P 28. According to (1) of Lemma 5,

sðtþ78;jÞ ¼ sðtþ172�j;94Þ ¼ sðtþ171�j;171Þ þ atþ172�j ¼ sðt;jÞ þ atþ172�j:

So that Lemma 7 is true in Occasion 1.(2) For ðt; jÞ of Occasion 2, ðt � 6; j� 6Þ is of Occasion 1. According to (1) of Lemma 5 and Occasion 1,

sðtþ78;jÞ ¼ sðt�6þ78;j�6Þ ¼ sðt�6;j�6Þ þ at�6þ172�ðj�6Þ ¼ sðt;jÞ þ atþ172�j:

So that Lemma 7 is true in Occasion 2.(3) Suppose ðt; jÞ is of Occasion 3. Then 94 6 j� 78 6 99. According to assumptions of Lemma 6,

sð27þ78;jÞ ¼ sð27;j�78Þ ¼ sð27;jÞ þ a27þ172�j:

So that Lemma 7 is true in Occasion 3.(4) For ðt; jÞ of Occasion 4, ð27; j� ðt � 27ÞÞ is of Occasion 1. According to (1) of Lemma 5 and Occasion 1,

sðtþ78;jÞ ¼ sð27þ78;j�ðt�27ÞÞ ¼ sð27;j�ðt�27ÞÞ þ a27þ172�ðj�ðt�27ÞÞ ¼ sðt;jÞ þ atþ172�j:



So that Lemma 7 is true in Occasion 5. h

Lemma 8. Suppose 178 6 PL 6 243. Take the changed state at time 27 and make state renewal, as described in Lemma 6. Then

(1) For each t such that t P 27, each j such that 94 6 j 6 177,

sðtþ1794;jÞ ¼ sðt;jÞ þX22

m¼0

atþ34�jþ3m:

(2) fðsðt;1Þ; . . . ; sðt;177ÞÞ; t P 27g has a period 3588.

Proof. According to Lemmas 5–7 and the fact that 1794 ¼ 78� 23 ¼ 69� 26,

sðtþ1794;jÞ ¼ sðtþ78�23;jÞ ¼ sðt;jÞ þX22

n¼0

atþ172�jþ78�nðmod69Þ ¼ sðt;jÞ þX22

m¼0

atþ34�jþ3m;

so that (1) is true. According to (1), for each t such that t P 27, each j such that 94 6 j 6 177,

sðtþ3588;jÞ ¼ sðtþ1794þ1794;jÞ ¼ sðt;jÞ þX22

m¼0

atþ34�jþ3m þX22

m¼0

atþ1794þ34�jþ3m ¼ sðt;jÞ:

This means that fðsðt;94Þ; . . . ; sðt;177ÞÞ; t P 27g has a period 3588. Again by the fact that fðsðt;1Þ; . . . ; sðt;93ÞÞ; t P 27g has a period69, (2) is true. Lemma 8 is proved. h

Proof of Proposition 2.(1) and (2) are clear from Lemmas 4–8, and from (1) and (2) of Lemma 3. Again by Lemma 4 wehave


ðsð27;82Þ; . . . ; sð27;93ÞÞ ¼ ðk55; . . . ; k66Þ

and
ðsð27;109Þ; . . . ; sð27;171ÞÞ ¼ ðk55; . . . ; k66;0; . . . ;0Þ:
So that (3) is true.(4) is our checking result. We checked the rank of neighboring 216 equations from the first group, and found that it is

equal to 210. Then we checked the rank of these equations and all equations in the second group, and found that it is equalto 216.

Proposition 2 is proved.For Case 3 we have an induction procedure somewhat like for Case 2. But Case 3 is much weaker than Case 2, in solving

the key. One major reason is that Case 3 greatly damages the key.



ðsðt;66Þ; . . . ; sðt;93ÞÞ ¼ ð0; . . . ; 0Þ:


ðsðt;172Þ; . . . ; sðt;177ÞÞ ¼ ðsðt;94Þ; . . . ; sðt;99ÞÞ; ðsðtþ1;94Þ; . . . ; sðtþ1;177ÞÞ ¼ ðsðt;171Þ; sðt;94Þ; . . . ; sðt;176ÞÞ;

and fðsðt;94Þ; . . . ; sðt;177ÞÞ; t P 98g has a period 78.

Proof. (1) is clear in Case 3. (2) are immediate from (1). h

Now we present a definition. For each t such that t P 98, define

btþ1 ¼ sðt;162Þ þ sðt;175Þsðt;176Þ þ sðt;177Þ:

For each t such that 0 6 t < 98, define btþ1 ¼ btþ79.



ðsðtþ1;178Þ; . . . ; sðtþ1;288ÞÞ ¼ ðsðt;264Þ þ btþ1Þ; ðsðt;178Þ . . . ; sðt;287ÞÞ:

(2) fbtþ1; t P 0g has a period 78.

Proof. (1) is clear from Trivium state renewal. (2) is clear from (2) of Lemma 9. h

Lemma 11. Suppose 1 6 PL 6 66. Change the state at time 98 as described in the follow. ðsð98;265Þ; . . . ; sð98;288ÞÞ are changed as

ðsð98;265Þ; . . . ; sð98;288ÞÞ ¼ ðsð98;178Þ þ b98; sð98;179Þ þ b97; . . . ; sð98;201Þ þ b75Þ;

and other positions are kept unchanged. Make state renewal to obtain the state at each time t > 98, by this changed state at time98. Compute the keystream (z0z1z2. . .) by the equation


Then

(1) For each t such that t P 122, ðsðt;66Þ; . . . ; sðt;288ÞÞ are kept unchanged.(2) The keystream (z0z1z2. . .) are kept unchanged.

Proof. Notice that we are in Case 3: 1 6 PL 6 66, and that the state bits shift rightwards. For each t such that t P 122,ðsðt;66Þ; . . . ; sðt;288ÞÞ are not related to ðsð98;265Þ; . . . ; sð98;288ÞÞ. So that (1) is true. (2) is immediate from (1). Lemma 11 is proved.

Lemma 12. Suppose 1 6 PL 6 66. Take the changed state at time 98 and make state renewal, as described in Lemma 11. Then foreach t such that t P 98, each j such that 178 6 j 6 288, sðtþ87;jÞ ¼ sðt;jÞ þ btþ265�j.

Proof. Similar to the proving procedure of Lemma 7, we prove Lemma 12 in 5 occasions for ðt; jÞ.


Occasion 1 is ft P 98;178 6 j 6 264g.Occasion 2 is ft P 122;265 6 j 6 288g.Occasion 3 is ft ¼ 98;265 6 j 6 288g.Occasion 4 is f99 6 t 6 121;265 6 j 6 288; j� ðt � 98Þ 6 264g.Occasion 5 is f99 6 t 6 121;265 6 j 6 288; j� ðt � 98ÞP 265g.

(1) Suppose ðt; jÞ is of Occasion 1. Then t þ 265� j P 99. According to (1) of Lemma 10,

sðtþ87;jÞ ¼ sðtþ265�j;178Þ ¼ sðtþ264�j;264Þ þ atþ265�j ¼ sðt;jÞ þ atþ265�j:

So that Lemma 12 is true in Occasion 1.(2) For ðt; jÞ of Occasion 2, ðt � 24; j� 24Þ is of Occasion 1. According to (1) of Lemma 10 and Occasion 1,

sðtþ87;jÞ ¼ sðt�24þ87;j�24Þ ¼ sðt�24;j�24Þ þ at�24þ265�ðj�24Þ ¼ sðt;jÞ þ atþ265�j:

So that Lemma 12 is true in Occasion 2.(3) Suppose ðt; jÞ is of Occasion 3. Then 178 6 j� 87 6 201. According to assumptions of Lemma 11,

sð98þ87;jÞ ¼ sð98;j�87Þ ¼ sð98;jÞ þ a98þ265�j:





So that Lemma 12 is true in Occasion 5.

Lemma 13. Suppose 1 6 PL 6 66. Take the changed state at time 98 and make state renewal, as described in Lemma 11. Then

(1) For each t such that t P 98, each j such that 178 6 j 6 288,

sðtþ2262;jÞ ¼ sðt;jÞ þX25

m¼0

btþ31�jþ3m:

(2) fðsðt;94Þ; . . . ; sðt;288Þ; t P 98Þg has a period 4524.

Proof. According to Lemmas 10–12 and the fact that 2262 ¼ 87� 26 ¼ 78� 29,

sðtþ2262;jÞ ¼ sðtþ87�26;jÞ ¼ sðt;jÞ þX25

n¼0

btþ265�jþ87�nðmod78Þ ¼ sðt;jÞ þX25

m¼0

btþ31�jþ3m;

so that (1) is true. According to (1), for each t such that t P 98, each j such that 178 6 j 6 288,

sðtþ4524;jÞ ¼ sðtþ2262þ2262;jÞ ¼ sðt;jÞ þX25

m¼0

btþ31�jþ3m þX25

m¼0

btþ2262þ31�jþ3m ¼ sðt;jÞ:

This implies that fðsðt;178Þ; . . . ; sðt;288Þ; t P 98Þg has a period 4524. Again by the fact that fðsðt;94Þ; . . . ; sðt;177Þ; t P 98Þg has a per-iod 78, Lemma 13 is proved. h

Proof of Proposition 3. (1) and (2) are clear from Lemmas 9–13. (3) is clear by Trivium state renewal and the fact that

ðsð0;94Þ; . . . ; sð0;264ÞÞ ¼ ð0; . . . ;0Þ:

(4) is our checking result. We checked the rank of neighboring 243 equations from the first group, and found that it is equal to237. Then we checked the rank of these equations and all equations in the second group, and found that it is equal to 243.

Proposition 3 is proved.


ða1; a2; . . . ; a14Þ ¼ ðsð98;206Þ; sð98;205Þ; . . . ; sð98;193ÞÞ;ða15; a16; . . . ; a78Þ ¼ ðsð98;177Þ; sð98;176Þ; . . . ; sð98;114ÞÞ;ða79; a80; . . . ; a92Þ ¼ ðsð98;113Þ þ sð98;206Þ; sð98;112Þ þ sð98;205Þ; . . . ; sð98;100Þ þ sð98;193ÞÞ:


Proof. We induce the state at time 98 by gradually renewing the state.

ðsð78;94Þ; . . . ; sð78;177ÞÞ ¼ ða78; a77; . . . ; a1;0; . . . ; 0Þ;ðsð84;94Þ; . . . ; sð84;177ÞÞ ¼ ða6 þ a84; a5 þ a83; . . . ; a1 þ a79; a78; a77; . . . ; a1Þ;ðsð92;94Þ; . . . ; sð92;177ÞÞ ¼ ða14 þ a92; a13 þ a91; . . . ; a1 þ a79; a78; a77; . . . ; a9Þ;ðsð98;94Þ; . . . ; sð98;177ÞÞ ¼ ða20; a19; . . . ; a15; a14 þ a92; a13 þ a91; . . . ; a1 þ a79; a78; a77; . . . ; a15Þ:

Again we can easily obtain ðsð83;178Þ; . . . ; sð83;191ÞÞ ¼ ða14; a13; . . . ; a1Þ, so that

ðsð98;193Þ; . . . ; sð98;206ÞÞ ¼ ða14; a13; . . . ; a1Þ:

Lemma 14 is proved. h

Lemma 14 means that values of fa1; a2; . . . ; a92ghave been obtained. Lemma 15, stated in the follow, is a trivial fact for Case 3.


(1) Suppose fj; jþ 1; . . . ; jþmg \ F ¼ Ø, where 1 6 j 6 jþm 6 93; F is the set of fault positions. Then

sðm;jþmÞ ¼ sðm�1;jþm�1Þ ¼ � � � ¼ sð1;jþ1Þ ¼ sð0;jÞ ¼kj; 1 6 j 6 80;0; 81 6 j 6 93:

�

(2) Suppose there is ðj;mÞ;1 6 j 6 jþm 6 93, such that sðm;jþmÞ ¼ 1. Then

fj; jþ 1; . . . ; jþmg \ F ¼ Ø:

Proof of Proposition 4.Suppose atþ1 ¼ 1 for some t such that 0 6 t 6 11. By Lemma 15,

ða1; a2; . . . ; atþ1Þ ¼ ðsð0;66Þ; sð1;66Þ; . . . ; sðt;66ÞÞ ¼ ðsð0;66Þ; sð0;65Þ; . . . ; sð0;66�tÞÞ ¼ ðk66; k65; . . . ; k66�tÞ:

(1) is proved.Suppose atþ1 ¼ 1 for some t such that 27 6 t 6 91. Then sðt;66Þ ¼ 1 or sðt;91Þ ¼ 1 or sðt;93Þ ¼ 1 (or else there would be a con-

tradiction). By (2) of Lemma 15,

f66� t; . . . ;66g \ F ¼ Ø; orf91� t; . . . ;91g \ F ¼ Ø; orf93� t; . . . ;93g \ F ¼ Ø:

So that we have f93� t; . . . ;66g \ F ¼ Ø. According to (1) of Lemma 15,
ða1; a2; . . . ; at�27þ1Þ ¼ ðsð0;66Þ; sð1;66Þ; . . . ; sðt�27;66ÞÞ ¼ ðsð0;66Þ; sð0;65Þ; . . . ; sð0;93�tÞÞ ¼ ðk66; k65; . . . ; k93�tÞ
if 27 6 t 6 38, and

ða1; a2; . . . ; a12Þ ¼ ðsð0;66Þ; sð1;66Þ; . . . ; sð55;66ÞÞ ¼ ðsð0;66Þ; sð0;65Þ; . . . ; sð0;55ÞÞ ¼ ðk66; k65; . . . ; k55Þ

if 39 6 t 6 91. (2) is proved. Proposition 4 is proved.Proof of Proposition 5. In our proving procedure, we will take close contact with Lemma 15.Suppose atþ1 ¼ 1 for some t such that 65 6 t 6 91. Then either sðt;91Þsðt;92Þ ¼ 1 or sðt;93Þ ¼ 1, so that

f93� t;94� t; . . . ;92g \ F ¼ Ø:
On the other hand, to guarantee a13 ¼ k54 þ k79k80, it is sufficient that f54;55; . . . ;92g \ F ¼ Ø. (1) is proved.
Suppose atþ1 ¼ 1 for some t such that 65 6 t 6 89. We have known that f93� t;94� t; . . . ;92g \ F ¼ Ø. Now we class thisoccasion into 93 R F and 93 2 F.

If 93 R F; f93� t;94� t; . . . ;93g \ F ¼ Ø. This is sufficient to guarantee amþ1 ¼ k66�m þ k91�mk92�m þ k93�m for each msuch that 13 6 m 6 t � 27.

Let 93 2 F. Two conditions, f93� t;94� t; . . . ;92g \ F ¼ Ø and 93 2 F, are sufficient to guaranteeamþ1 ¼ k66�m þ k91�mk92�m for each m such that 13 6 m 6 t � 27. (2) is proved.

Suppose atþ1 ¼ 1 for some t such that 90 6 t 6 91. Then f93� t;94� t; . . . ;93g \ F ¼ Ø, which is sufficient to guaranteeamþ1 ¼ k66�m þ k91�mk92�m þ k93�m for each m such that 13 6 m 6 t � 27.

(3) is proved. Proposition 5 is proved.

Lemma 16. Suppose 172 6 PL 6 176. Then

ðsðt;176Þ; sðt;177ÞÞ ¼ ð0;0Þ:


(2) Suppose m is the earliest time such that, for each t P m; ðsðt;176Þ; sðt;177ÞÞ ¼ ð0;0Þ. Then for each t P m, we have(a) The state is degraded into 282 bits ðsðt;1Þ; sðt;2Þ; . . . ; sðt;171Þ; sðt;178Þ; sðt;179Þ; . . . ; sðt;288ÞÞ.(b) State renewal is the follow.

ðsðtþ1;1Þ; sðtþ1;2Þ; . . . ; sðtþ1;93ÞÞ ¼ ðsðt;243Þ þ sðt;286Þsðt;287Þ þ sðt;288Þ þ sðt;69Þ; sðt;1Þ; . . . ; sðt;92ÞÞ;ðsðtþ1;94Þ; sðtþ1;95Þ; . . . ; sðtþ1;171ÞÞ ¼ ðsðt;66Þ þ sðt;91Þsðt;92Þ þ sðt;93Þ þ sðt;171Þ; sðt;94Þ; . . . ; sðt;170ÞÞ;ðsðtþ1;178Þ; sðtþ1;179Þ; . . . ; sðtþ1;288ÞÞ ¼ ðsðt;162Þ þ sðt;264Þ; sðt;178Þ; . . . ; sðt;287ÞÞ:

Lemma 16 is clear by considering Trivium keystream generation and Trivium state renewal. Degraded state renewal pro-cedure in Lemma 16-(2)-(b) is irreversible, because there is another degradation, described in Lemma 17.

Lemma 17. Suppose 172 6 PL 6 176. Suppose m is the earliest time such that, for each t P m; ðsðt;176Þ; sðt;177ÞÞ ¼ ð0;0Þ. Then

(1) For each t such that t P mþ 1,

sðt;163Þ þ sðt;178Þ þ sðt;265Þ ¼ 0:



. . .



Proof. By Lemma 16, we know that, for each t such that t P mþ 1,

sðt;163Þ ¼ sðt�1;162Þ;

sðt;178Þ ¼ sðt�1;162Þ þ sðt�1;264Þ;

sðt;265Þ ¼ sðt�1;264Þ:

So that (1) is true. Again for each t such that t P mþ 1,

sðt;163Þ þ sðt;178Þ þ sðt;265Þ ¼ sðtþ1;164Þ þ sðtþ1;179Þ þ sðtþ1;266Þ � � � ¼ sðtþ8;171Þ þ sðtþ8;186Þ þ sðtþ8;273Þ:

So that ð2Þ; ð3Þ; . . . ; ð9Þ are true, by considering (1). Lemma 17 is proved. h

Proof of Proposition 8 (1) is clear. (2) is a natural corollary of Lemmas 16 and 17. (3) is clear. Proposition 8 is proved.Proposition 9 is our checking result.

References

[1] R. Anderson, M. Kuhn, Low cost attacks on tamper resistant devices, in: Proceedings of the Security Protocols Workshop 1997, Paris, 1997, pp. 7–9.[2] J.P. Aumasson, I. Dinur, W. Meier, A. Shamir, Cube testers and key recovery attacks on reduced-round MD6 and Trivium, in: Proceedings of the Fast

Software Encryption – FSE 2009, LNCS, vol. 5665, Springer-Verlag, 2009, pp. 1–22.[3] S.S. Bedi, N.R. Pillai, Cube Attacks on Trivium. <http://eprint.iacr.org/2009/015>.[4] E. Biham, A. Shamir, Differential fault analysis of secret key cryptosystems, in: Proceedings of the Cryptology – Crypto’97, LNCS, vol. 1294, Springer-

Verlag, 1997, pp. 513–525.[5] E. Biham, O. Dunkelman, Differential cryptanalysis in stream ciphers, COSIC internal report, 2007.[6] C. De Cannière, B. Preneel, Trivium: a stream cipher construction inspired by block cipher design principle, eSTREAM, ECRYPT Stream Cipher Project,

Report 2005/30, 2005. <http://www.ecrypt.eu.org/stream>.[7] C. De Cannière, B. Preneel, Trivium Specifications. <http://www.ecrypt.eu.org/stream/p3ciphers/trivium/trivium_p3.pdf>.[8] I. Dinur, A. Shamir, Cube attacks on tweakable black box polynomials, in: Proceedings of the EUROCRYPT’09, LNCS, vol. 5479, Springer-Verlag, 2009, pp.

278–299.[9] W. Fisher, B.M. Gammel, O. Kniffler, J. Velten, Differential power analysis of stream ciphers, eSTREAM, ECRYPT Stream Cipher Project, Report 2007/014,

2007. <http://www.ecrypt.eu.org/stream>.[10] J.J. Hoch, A. Shamir, Fault analysis of stream ciphers, in: Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems – CHES

2004, LNCS, vol. 3156, Springer-Verlag, 2004, pp. 240–253.[11] M. Hojsik, B. Rudolf, Differential fault analysis of Trivium, in: Proceedings of the Fast Software Encryption – FSE 2008, LNCS, vol. 5086, Springer-Verlag,

2008, pp. 158–172.[12] M. Hojsik, B. Rudolf, Floating fault analysis of Trivium, in: Proceedings of the INDOCRYPT 2008, LNCS, vol. 5365, Springer-Verlag, 2008, pp. 239–250.[13] C.H. Kim, Differential fault analysis of AES: toward reducing number of faults, Inform. Sci., 2012. <http://dx.doi.org/10.1016/j.ins.2012.02.028>.[14] W. Li, D.W. Gu, J.R. Li, Differential fault analysis on the ARIA algorithm, Information Sciences 178 (2008) 3727–3737.[15] I.C. Lin, C.C. Chang, Security enhancement for digital signature schemes with fault tolerance in RSA, Information Sciences 177 (2007) 4031–4039.[16] E. Pasalic, Key differentiation attacks on stream ciphers. <http://eprint.iacr.org/2008/443>.[17] D. Priemuth-schmid, A. Biryukov, Slid pairs in salsa20 and Trivium, in: Proceedings of the INDOCRYPT 2008, LNCS, vol. 5365, Springer-Verlag, 2008, pp.

1–14.

http://eprint.iacr.org/2009/015

http://www.ecrypt.eu.org/stream

http://www.ecrypt.eu.org/stream/p3ciphers/trivium/trivium_p3.pdf



http://eprint.iacr.org/2008/443


[18] C. Rechberger, E. Oswald, Stream ciphers and side-channel analysis, workshop record, in: Proceedings of the State of the Art of Stream Ciphers – SASC2004, 2004, pp. 320–326. <http://www.ecrypt.eu.org/stream>.

[19] S.P. Skorobogatov, R.J. Anderson, Optical fault induction attack, in: Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems –CHES 2002, LNCS, vol. 2523, Springer-Verlag, 2003, pp. 2–12.


hard fault analysis of trivium

Documents