Issue No. 10 - Oct. (2017 vol. 66)
Subhamoy Maitra , Indian Statistical Institute, 203 B T Road, Kolkata, India
Akhilesh Siddhanti , BITS Pilani KK Birla Goa Campus, Zuarinagar, Goa, India
Santanu Sarkar , Department of Mathematics, IIT Madras, Chennai, India
Lightweight stream ciphers have received serious attention in the last few years. The present design paradigm considers very small state (less than twice the key size) and use of the secret key bits during pseudo-random stream generation. One such effort, Sprout, had been proposed two years back and it was broken almost immediately. After carefully studying these attacks, a modified version named Plantlet has been designed very recently. While the designers of Plantlet do not provide any analysis on fault attacks, we note that Plantlet is even weaker than Sprout in terms of Differential Fault Attack (DFA). Our investigation, following the similar ideas as in the analysis against Sprout, shows that we require only around 4 faults to break Plantlet by DFA in a few hours time. While fault attack is indeed difficult to implement and our result does not provide any weakness of the cipher in normal mode, we believe that these initial results will be useful for further understanding of Plantlet.
Ciphers, Radiation detectors, Fault location, Clocks, Shift registers
S. Maitra, A. Siddhanti and S. Sarkar, "A Differential Fault Attack on Plantlet," in IEEE Transactions on Computers, vol. 66, no. 10, pp. 1804-1808, 2017.