{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:56:35Z","timestamp":1771700195957,"version":"3.50.1"},"reference-count":16,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2018,1,30]],"date-time":"2018-01-30T00:00:00Z","timestamp":1517270400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>This paper investigates the application of fault attacks to the authenticated encryption stream cipher algorithm MORUS. We propose fault attacks on MORUS with two different goals: one to breach the confidentiality component, and the other to breach the integrity component. For the fault attack on the confidentiality component of MORUS, we propose two different types of key recovery. The first type is a partial key recovery using a permanent fault model, except for one of the variants of MORUS where the full key is recovered with this model. The second type is a full key recovery using a transient fault model, at the cost of a higher number of faults compared to the permanent fault model. Finally, we describe a fault attack on the integrity component of MORUS, which performs a forgery using the bit-flipping fault model.<\/jats:p>","DOI":"10.3390\/cryptography2010004","type":"journal-article","created":{"date-parts":[[2018,1,30]],"date-time":"2018-01-30T12:13:37Z","timestamp":1517314417000},"page":"4","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Fault Attacks on the Authenticated Encryption Stream Cipher MORUS"],"prefix":"10.3390","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7956-8816","authenticated-orcid":false,"given":"Iftekhar","family":"Salam","sequence":"first","affiliation":[{"name":"Science and Engineering Faculty, Queensland University of Technology, Brisbane QLD 4000, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8434-9741","authenticated-orcid":false,"given":"Leonie","family":"Simpson","sequence":"additional","affiliation":[{"name":"Science and Engineering Faculty, Queensland University of Technology, Brisbane QLD 4000, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4347-0144","authenticated-orcid":false,"given":"Harry","family":"Bartlett","sequence":"additional","affiliation":[{"name":"Science and Engineering Faculty, Queensland University of Technology, Brisbane QLD 4000, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1932-1061","authenticated-orcid":false,"given":"Ed","family":"Dawson","sequence":"additional","affiliation":[{"name":"Science and Engineering Faculty, Queensland University of Technology, Brisbane QLD 4000, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1732-6149","authenticated-orcid":false,"given":"Kenneth","family":"Koon-Ho Wong","sequence":"additional","affiliation":[{"name":"Science and Engineering Faculty, Queensland University of Technology, Brisbane QLD 4000, Australia"}]}],"member":"1968","published-online":{"date-parts":[[2018,1,30]]},"reference":[{"key":"ref_1","unstructured":"Wu, H., and Huang, T. (2017, February 23). The Authenticated Cipher MORUS (v1). Available online: https:\/\/competitions.cr.yp.to\/round1\/morusv1.pdf."},{"key":"ref_2","unstructured":"Wu, H., and Huang, T. (2017, February 23). The Authenticated Cipher MORUS (v2). Available online: https:\/\/competitions.cr.yp.to\/round3\/morusv2.pdf."},{"key":"ref_3","unstructured":"(2014, September 20). CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness. Available online: http:\/\/competitions.cr.yp.to\/index.html."},{"key":"ref_4","first-page":"45","article-title":"Analysis of the Authenticated Cipher MORUS (v1)","volume":"Volume 9540","author":"Pasalic","year":"2015","journal-title":"Cryptography and Information Security in the Balkans"},{"key":"ref_5","unstructured":"Dwivedi, A., Morawiecki, P., and W\u00f3jtowicz, S. (2017, January 26\u201328). Differential and Rotational Cryptanalysis of Round-reduced MORUS. Proceedings of the 14th International Conference on Security and Cryptography (SECRYPT-2017), Madrid, Spain."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Dwivedi, A.D., Klou\u010dek, M., Morawiecki, P., Nikoli\u0107, I., Pieprzyk, J., and W\u00f3jtowicz, S. (2017, March 03). SAT-Based Cryptanalysis of Authenticated Ciphers from the CAESAR Competition. IACR ePrint Archive. 2016\/1053. Available online: http:\/\/eprint.iacr.org\/2016\/1053.pdf.","DOI":"10.5220\/0006387302370246"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Salam, I., Simpson, L., Bartlett, H., Dawson, E., Pieprzyk, J., and Wong, K.K.-H. (2017, January 1\u20134). Investigating Cube Attacks on the Authenticated Encryption Stream Cipher MORUS. Proceedings of the IEEE Trustcom\/BigDataSE\/ICESS, Sydney, Australia.","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.337"},{"key":"ref_8","first-page":"37","article-title":"On the importance of checking cryptographic protocols for faults","volume":"Volume 1233","author":"Fumy","year":"1997","journal-title":"Advances in Cryptology\u2014EUROCRYPT 1997"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"3056","DOI":"10.1109\/JPROC.2012.2188769","article-title":"Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures","volume":"100","author":"Barenghi","year":"2012","journal-title":"Proc. IEEE"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"513","DOI":"10.1007\/BFb0052259","article-title":"Differential fault analysis of secret key cryptosystems","volume":"Volume 1294","author":"Kaliski","year":"1997","journal-title":"Advances in Cryptology\u2014 CRYPTO \u201897"},{"key":"ref_11","first-page":"57","article-title":"Full key recovery of ACORN with a single fault","volume":"29","author":"Dey","year":"2016","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_12","first-page":"2","article-title":"Optical fault induction attacks","volume":"Volume 2523","author":"Kaliski","year":"2003","journal-title":"Proceedings of the CHES 2002 4th International Workshop"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Agoyan, M., Dutertre, J.-M., Mirbaha, A.-P., Naccache, D., and Ribotta, A.-L. (2010, January 5\u20137). How to Flip a Bit?. Proceedings of the IEEE 16th International On-Line Testing Symposium (IOLTS), Corfu, Greece.","DOI":"10.1109\/IOLTS.2010.5560194"},{"key":"ref_14","first-page":"162","article-title":"Fault Based Cryptanalysis of the Advanced Encryption Standard (AES)","volume":"Volume 2742","author":"Wright","year":"2003","journal-title":"Financial Cryptography\u2014FC 2003"},{"key":"ref_15","unstructured":"Carlet, C., Hasan, M., and Saraswat, V. (2016). Fault Based almost Universal Forgeries on CLOC and SILC. Security, Privacy, and Applied Cryptography Engineering. SPACE 2016, Springer International Publishing. Lecture Notes in Computer Science."},{"key":"ref_16","unstructured":"Iwata, T., Minematsu, K., Guo, J., Morioka, S., and Kobayashi, E. (2017, September 01). Re: Fault Based Forgery on CLOC and SILC. Available online: https:\/\/groups.google.com\/forum\/#!topic\/crypto-competitions\/_qxORmqcSrY."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/1\/4\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T14:53:06Z","timestamp":1760194386000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/1\/4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,1,30]]},"references-count":16,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2018,3]]}},"alternative-id":["cryptography2010004"],"URL":"https:\/\/doi.org\/10.3390\/cryptography2010004","relation":{},"ISSN":["2410-387X"],"issn-type":[{"value":"2410-387X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,1,30]]}}}