The differential fault analysis on block cipher FeW

Abstract

AbstractFeather weight (FeW) cipher is a lightweight block cipher proposed by Kumar et al. in 2019, which takes 64 bits plaintext as input and produces 64 bits ciphertext. As Kumar et al. said, FeW is a software oriented design with the aim of achieving high efficiency in software based environments. It seems that FeW is immune to many cryptographic attacks, like linear, impossible differential, differential and zero correlation attacks. However, in recent work, Xie et al. reassessed the security of FeW. More precisely, they proved that under the differential fault analysis (DFA) on the encryption states, an attacker can completely recover the master secret key. In this paper, we revisit the block cipher FeW and consider the DFA on its key schedule algorithm, which is rather popular cryptanalysis for kinds of block ciphers. In particular, by respectively injected faults into the 30th and 29th round subkeys, one can recover about 55/80 ≈ 69% bits of master key. Then the brute force searching remaining bits, one can obtain the full master secret key. The simulations and experiment results show that our analysis is practical.