SBCMA: Semi-Blind Combined Middle-Round Attack on Bit-Permutation Ciphers With Application to AEAD Schemes

Side-channel and fault injection attacks are well-researched topics within physical security of cryptographic implementations. They can reduce the complexity of the key retrieval to trivial numbers. It was shown that their combination is even more effective, for example in breaking redundancy countermeasures. In this paper, we present the first semi-blind combined attack that allows secret key retrieval in unknown plaintext and ciphertext scenario. SBCMA – Semi-Blind Combined Middle-round Attack is aimed at bit-permutation ciphers, such as GIFT-128 which serves as a case study for this work. On average, it can recover GIFT-128 master key with 92.17 encryptions and 91.17 faults. For GIFT-128 based NIST LWC Round 2 candidates, SBCMA requires 13.79 sessions and 94.32 faults on average.