ToFA - Fault Analysis of GIFT

Published in IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), 2025.

Team

Anup Kumar Kundu
Shibam Ghosh
Aikata Aikata
Dhiman Saha

Abstract

In this work, we introduce ToFA, the first fault attack (FA) strategy that attempts to leverage the classically well-known idea of impossible differential cryptanalysis to mount practically verifiable attacks on bit-oriented ciphers like GIFT and BAKSHEESH. The idea stems from the fact that truncated differential paths induced due to fault injection in certain intermediate rounds of the ciphers lead to active SBox-es in subsequent rounds whose inputs admit specific truncated differences. This leads to a (multi-round) impossible differential distinguisher, which can be incrementally leveraged for key-guess elimination via partial decryption.

Key Contributions

ToFA Strategy: Introduction of the first fault attack strategy leveraging truncated impossible differentials for bit-oriented ciphers like GIFT and BAKSHEESH.
Practical Verification: Successfully mounted clock glitch based fault attacks on 8-bit implementations of GIFT-64/GIFT-128 using a ChipWhisperer Lite board.
Key Recovery: Achieved unique key recovery for GIFT-128 with 3 random byte faults and reduced key space to $2^{32}$ for GIFT-64 with a single level fault.
Highest Penetration: Reports the highest fault injection penetration for any variant of GIFT and BAKSHEESH.

Read the full paper

Artifact