Differential Fault Analysis on SMS4 using a single fault

Differential Fault Analysis (DFA) attack is a powerful cryptanalytic technique that could be used to retrieve the secret key by exploiting computational errors in the encryption (decryption) procedure. In this paper, we propose a new DFA attack on SMS4 using a single fault. We show that if a random byte fault is induced into either the second, third, or fourth word register at the input of the 28-th round, the 128-bit key could be recovered with an exhaustive search of 22.11 bits on average. The proposed attack makes use of the characteristic of the cipher's structure and its round function. Furthermore, it can be tailored to any block cipher employing a similar structure and an SPN-style round function as that of SMS4.

Research highlights
► The block cipher SMS4 could be broken using a single fault.
► The structure and round function make SMS4 susceptible to fault attacks.
► The proposed fault attack on SMS4 could be extended to a more generalized case.