International Association for Cryptologic Research

International Association
for Cryptologic Research

Transactions on Cryptographic Hardware and Embedded Systems 2025

ToFA:

Towards Fault Analysis of GIFT and GIFT-like Ciphers Leveraging Truncated Impossible Differentials


Anup Kumar Kundu
Indian Statistical Institute, Kolkata 700108, India

Shibam Ghosh
Department of Computer Science, University Of Haifa, Haifa, Israel; Inria, Paris, France

Aikata Aikata
Institute of Information Security, Graz University of Technology, Austria

Dhiman Saha
de.ci.phe.red Lab, Department of Computer Science & Engineering, Indian Institute of Technology Bhilai, Chhattisgarh - 491002, India


Keywords: Fault Analysis, Impossible Differential, GIFT, BAKSHEESH


Abstract

In this work, we introduce ToFA, the first fault attack (FA) strategy that attempts to leverage the classically well-known idea of impossible differential cryptanalysis to mount practically verifiable attacks on bit-oriented ciphers like GIFT and BAKSHEESH. The idea stems from the fact that truncated differential paths induced due to fault injection in certain intermediate rounds of the ciphers lead to active SBox-es in subsequent rounds whose inputs admit specific truncated differences. This leads to a (multi-round) impossible differential distinguisher, which can be incrementally leveraged for key-guess elimination via partial decryption. The key-space reduction further exploits the multi-round impossibility, capitalizing on the relations due to the quotient-remainder (QR) groups of the GIFT and BAKSHEESH linear layer, which increases the filtering capability of the distinguisher. Moreover, the primary observations made in this work are independent of the actual SBox. Clock glitch based fault attacks were mounted on 8-bit implementations of GIFT- 64/GIFT-128 using a ChipWhisperer Lite board on an 8-bit ATXmega128D4-AU micro-controller. Unique key recovery was achieved for GIFT-128 with 3 random byte faults, while for GIFT-64, key space was reduced to 232, the highest achievable for GIFT-64, with a single level fault due to its key-schedule. To the best of our knowledge, this work also reports the highest fault injection penetration for any variant of GIFT and BAKSHEESH. Finally, this work reiterates the role of classical cryptanalysis strategies in fault vulnerability assessment by showcasing the most efficient fault attacks on GIFT.

Publication

IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2025, Issue 3

Paper

Artifact

Artifact number
tches/2025/a29

Artifact published
September 1, 2025

Badge
IACR CHES Artifacts Functional

README

ZIP (5416400 bytes)  

View on Github

License
GPLv3 This work is licensed under the GNU General Public License version 3.

Note that license information is supplied by the authors and has not been confirmed by the IACR.

BibTeX How to cite

Anup Kumar Kundu, Shibam Ghosh, Aikata Aikata, Dhiman Saha. (2025). ToFA: Towards Fault Analysis of GIFT and GIFT-like Ciphers Leveraging Truncated Impossible Differentials. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2025(3), 614–643. https://doi.org/10.46586/tches.v2025.i3.614-643. Artifact at https://artifacts.iacr.org/tches/2025/a29.