##
**Research on fault-tolerant algebraic fault attack on HIGHT.**
*(Chinese.
English summary)*
Zbl 1399.94070

Summary: HIGHT is built by using ARX (addition modulo \(2^n\), bit rotation and XOR) structure, which is suitable for resource-constrained environment such as Radio Frequency Identification (RFID) tag or ubiquitous computing system and it has been adopted as a standard block cipher by Telecommunications Technology Association (TTA) of Korea and ISO/IEC 18033-3. Since the accurate location of the injected fault cannot be successfully determined when fault failures are occurred, the success rate of the existing algebraic fault attack on HIGHT is always less than 100%. To improve the success rate and efficiency, a fault tolerant algebraic fault attack is proposed in this paper. Firstly, fault failures and their properties are studied and a complete distinguisher based on fault failures, fault locations and cipher differences for determining the accurate fault locations in all different scenarios is built. Then, HIGHT is described as a set of algebraic equations. The faulty ciphertext is generated via fault injections and fault differences are represented with algebraic equations. To make maximum use of the injected faults, fault failures are also described as a set of algebraic equations. In the meantime, the procedure of constructing algebraic equations for the injected faults is optimized to perform automatically to further make the attack easy to launch. Finally, the CryptoMiniSAT solver is applied to solve the equations for the key and the number of fault injections that required and success rate of the proposed attack are analyzed in theory. The simulation experiments show that compared with the existing algebraic fault attack on HIGHT, the success rate of the proposed attack has been improved to 100% and the method of constructing algebraic equations for the injected faults is easier and can be performed automatically, the entire mater key bytes can be fully recovered in a rather smaller time by solving the algebraic equations with the CryptoMiniSAT solver, and the proposed attack can be easily extended to other cipher which has the similar structure.

### MSC:

94A60 | Cryptography |