Differential Fault Analysis of Trivium

Abstract

Trivium is a hardware-oriented stream cipher designed in 2005 by de Canni`ere and Preneel for the European project eStream, and it has successfully passed the first and the second phase of this project. Its design has a simple and elegant structure. Although Trivium has attached a lot of interest, it remains unbroken. In this paper we present differential fault analysis of Trivium and propose two attacks on Trivium using fault injection.We suppose that an attacker can corrupt exactly one random bit of the inner state and that he can do this many times for the same inner state. This can be achieved e.g. in the CCA scenario. During experimental simulations, having inserted 43 faults at random positions, we were able to disclose the trivium inner state and afterwards the private key. As far as we know, this is the first time differential fault analysis is applied to a stream cipher based on shift register with non-linear feedback.