In this paper, we propose a novel fault attack termed as Single Event Transient Fault Analysis (SETFA) attack, which is well suited for hardware implementations. The proposed approach pinpoints hotspots in the cypher's Sbox combinational logic circuit that significantly reduce the key entropy when subjected to faults. ELEPHANT is a parallel authenticated encryption and associated data (AEAD) scheme targeted to hardware implementations, a finalist in the Lightweight cryptography (LWC) competition launched by NIST. In this work, we investigate vulnerabilities of ELEPHANT against fault analysis. We observe that the use of 128-bit random nonce makes it resistant against many cryptanalysis techniques like differential, linear, etc., and their variants. However, the relaxed nature of Statistical Fault Analysis (SFA) methods makes them widely applicable in restrictive environments. We propose a SETFA-based key recovery attack on Elephant. We performed Single experiments with random plaintexts and keys, on Dumbo, a Sponge-based instance of the Elephant-AEAD scheme. Our proposed approach could recover the secret key in 85-250 ciphertexts. In essence, this work investigates new vulnerabilities towards fault analysis that may require to be addressed to ensure secure computations and communications in IoT scenarios.

中文翻译：

---

ELEPHANT密码单事件瞬态故障分析

在本文中，我们提出了一种新的故障攻击，称为单事件瞬态故障分析 (SETFA) 攻击，它非常适合硬件实现。所提出的方法确定了密码的 Sbox 组合逻辑电路中的热点，这些热点在遇到故障时会显着降低密钥熵。ELEPHANT 是一种针对硬件实现的并行认证加密和相关数据 (AEAD) 方案，是 NIST 发起的轻量级加密 (LWC) 竞赛的决赛选手。在这项工作中，我们针对故障分析调查了 ELEPHANT 的漏洞。我们观察到 128 位随机数的使用使其能够抵抗许多密码分析技术，如差分、线性等，以及它们的变体。然而，统计故障分析 (SFA) 方法的宽松性质使其广泛适用于限制性环境。我们提出了对 Elephant 的基于 SETFA 的密钥恢复攻击。我们使用随机明文和密钥在 Dumbo 上进行了单次实验，Dumbo 是 Elephant-AEAD 方案的基于海绵的实例。我们提出的方法可以恢复 85-250 个密文中的密钥。从本质上讲，这项工作调查了可能需要解决的故障分析的新漏洞，以确保物联网场景中的安全计算和通信。