@inproceedings{7f41e3072cf7471083ec283c93650647,
title = "Algebraic Fault Analysis of Subterranean 2.0",
abstract = "Algebraic Fault Analysis (AFA) is based on the principles of algebraic cryptanalysis in conjunction with fault analysis. One of the main benefits of AFA is the ability to use off the shelf solving tools like SAT solvers to conduct fault analysis in an automated fashion. In this work we show how the principles of AFA can be applied to the authenticated encryption scheme Subterranean 2.0, a second round candidate of the ongoing NIST-LWC competition. In order to find the optimal parameters for a fault injection we investigated the fault model{\textquoteright}s influence on the solving time. The optimal fault parameters turned out as a single bitflip fault in conjunction with a known but randomly chosen fault location, where the fault is applied just one cycle before the tag generation. We verify the efficiency of our attack by means of simulation. Conducting our proposed attack with optimal fault parameters requires only five fault injections to recover the secret key of Subterranean 2.0 in less than four seconds.",
keywords = "AFA, SAT, Subterranean 2.0",
author = "Michael Gruber and Patrick Karl and Georg Sigl",
note = "Publisher Copyright: {\textcopyright} 2021 IEEE; 18th Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2021 ; Conference date: 17-09-2021",
year = "2021",
doi = "10.1109/FDTC53659.2021.00016",
language = "English",
series = "Proceedings - 2021 Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2021",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "45--55",
booktitle = "Proceedings - 2021 Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2021",
}