**Fault Attack on ACORN v3**

*Xiaojuan Zhang and Xiutao Feng and Dongdai Lin*

**Abstract: **Fault attack is one of the most efficient side channel attacks and has attracted much attention in recent public
cryptographic literatures.
In this work we introduce a fault attack on the authenticated cipher ACORN v3.
Our attack is done under the assumption that a fault is injected into an initial state of ACORN v3 randomly,
and contains two main steps: fault locating and equation solving.
At the first step, we introduce concepts of unique set and non-unique set, where differential strings belonging to unique sets can determine the fault location uniquely.
For strings belonging to non-unique sets, we use some strategies to increase the probability of determining the fault location uniquely to almost 1.
At the second step, we demonstrate several ways of retrieving equations, and then obtain the initial state by solving equations with the guess-and-determine method.
With $n$ fault experiments, we can recover the initial state with time complexity $c \cdot2^{146.5-3.52\cdot n}$, where $c$ is the time complexity of solving linear equations and $26<n<43$.
We also apply the attack to ACORN v2, which shows that, comparing with ACORN v2,
the tweaked version ACORN v3 is more vulnerable against the fault attack.

**Category / Keywords: **CAESAR, Authenticated Cipher, Stream Cipher, ACORN, Fault Attack

**Date: **received 4 Sep 2017

**Contact author: **zhangxiaojuan at iie ac cn

**Available format(s): **PDF | BibTeX Citation

**Version: **20170909:212047 (All versions of this report)

**Short URL: **ia.cr/2017/855

[ Cryptology ePrint archive ]