International Association
for Cryptologic Research

Differential Fault Analysis (DFA) attack is a powerful cryptanalytic technique that could be used to retrieve the secret key by exploiting computational errors in the encryption (decryption) procedure. In the present paper, we propose a new DFA attack on SMS4 using a single fault. We show that if a random byte fault is induced into either the second, third, or forth word register at the input of the $28$-th round, the $128$-bit master key could be recovered with an exhaustive search of $22.11$ bits on average. The proposed attack makes use of the characteristic of the cipher's structure, the speciality of the diffusion layer, and the differential property of the S-box. Furthermore, it can be tailored to any block cipher employing a similar structure and an SPN-style round function as that of SMS4.

In this paper, based on a differential property of two round Lai-Massay scheme in a fault model, we present an improved fault attack on the block cipher FOX64. Our improved method can deduce any round subkey through 4.25 faults on average (4 in the best case), and retrieve the whole round sub-keys through 45.45 faults on average (38 in the best case). The technique of the proposed attack in this paper can also be easily extended to other series of FOX.