An Improved DEFAULT-like Cipher via Dynamic Secret S-Boxes Against Differential Fault Attack

Abstract

DEFAULT block cipher presented at ASIACRYPT 2021 was specially designed against differential fault attack (DFA). However, the security of DEFAULT against Information Combining Differential Fault Attack (IC-DFA) was further checked at EUROCRYPT 2022. It is illustrated that IC-DFA can recover the secret key of DEFAULT with less than 100 faults and negligible computational complexity. In this article, a variant cipher based on linear structure and dynamic secret S-box (called DEFAULT-DS) is proposed. More precisely, DEFAULT-DS introduces 15 secret S-boxes, where the selection of these S-boxes is determined by using the round subkey. Moreover, the experimental results show that DEFAULT-DS achieves better security level and stronger resistance against DFA compared with original DEFAULT. In particular, DEFAULT-DS can resist to both the classical DFA and IC-DFA. Furthermore, the software implementation complexity of DEFAULT-DS is similar as DEFAULT.