Full key recovery of ACORN with a single fault

The ongoing CAESAR competition launched in 2013, aimed to design authenticated encryption schemes for different applications and environments, attracted 57 submissions as candidates. Out of the 57 round 1 submissions, only 29 candidates were selected for round 2. Each of these candidates is to be analyzed carefully. Among these 29 candidates, ACORN is a family of Lightweight Authenticated Ciphers with Associated Data (AEAD). In this paper we propose a hard fault attack on both the versions of ACORN in a nonce-respecting scenario whereby a random bit of the fifth LFSR is permanently stuck at the value ‘1’ before the driving procedure of the encryption device. Without the repetition of the same key–IV pair, this is the first work that we are aware of, where the secret key can be recovered fully with a computational complexity well below the limit of brute force search. With hard fault at a certain position the attack complexity reduces to 255.85.