ATProto Browser

ATProto Browser

Experimental browser for the Atmosphere

Post

Differential Fault Attacks on TFHE-friendly cipher FRAST (Weizhe Wang, Deng Tang) ia.cr/2025/771

May 3, 2025, 8:15 PM

Record data

{
  "uri": "at://did:plc:fwa55bujvdrwlwlwgqmmxmuf/app.bsky.feed.post/3loc5qckg3d2m",
  "cid": "bafyreia5yg344367pb4gv2zuf2ldzexoixsake2j73zeapp3clss3v2dmm",
  "value": {
    "text": "Differential Fault Attacks on TFHE-friendly cipher FRAST (Weizhe Wang, Deng Tang) ia.cr/2025/771",
    "$type": "app.bsky.feed.post",
    "embed": {
      "$type": "app.bsky.embed.images",
      "images": [
        {
          "alt": "Abstract. Differential Fault Attacks (DFAs) have recently emerged as a significant threat against stream ciphers specifically designed for Hybrid Homomorphic Encryption (HHE). In this work, we propose DFAs on the FRAST cipher, which is a cipher specifically tailored for Torus-based Fully Homomorphic Encryption (TFHE). The round function of FRAST employs random S-boxes to minimize the number of rounds, and can be efficiently evaluated in TFHE. With our specific key recovery strategy, we can mount the DFA with a few faults. Under the assumption of precise fault injection, our DFA can recover the key within one second using just 4 or 6 faults. When discarding the assumption and considering a more practical fault model, we can still achieve key recovery in a few minutes without increasing the number of faults. To the best of our knowledge, this is the first third-party cryptanalysis on FRAST. We also explored countermeasures to protect FRAST. Our analysis revealed that negacyclic S-boxes, a key component of TFHE-friendly ciphers, are unsuitable for incorporating linear structures to resist DFA. Consequently, we recommend removing the negacyclic restriction in the penultimate round of FRAST and introducing non-zero linear structures into the S-boxes of the last two rounds. We believe that our work will provide valuable insights for the design of TFHE-friendly ciphers.\n",
          "image": {
            "$type": "blob",
            "ref": {
              "$link": "bafkreiheagg5qnafkdnkjr7bfraanxik2tch5cfpifddfapjpofrku46qu"
            },
            "mimeType": "image/png",
            "size": 106195
          },
          "aspectRatio": {
            "width": 1200,
            "height": 800
          }
        },
        {
          "alt": "Image showing part 2 of abstract.",
          "image": {
            "$type": "blob",
            "ref": {
              "$link": "bafkreidzxcb7gdm4hm7maotbefxk5vr5sbufsl7arletfm243vul7avz34"
            },
            "mimeType": "image/png",
            "size": 28220
          },
          "aspectRatio": {
            "width": 1200,
            "height": 800
          }
        }
      ]
    },
    "facets": [
      {
        "index": {
          "byteEnd": 96,
          "byteStart": 82
        },
        "features": [
          {
            "uri": "https://ia.cr/2025/771",
            "$type": "app.bsky.richtext.facet#link"
          }
        ]
      }
    ],
    "createdAt": "2025-05-03T20:15:05.077155Z"
  }
}