{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T01:15:22Z","timestamp":1760058922816,"version":"build-2065373602"},"reference-count":35,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2025,5,10]],"date-time":"2025-05-10T00:00:00Z","timestamp":1746835200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Cryptologic Science Fund of China","award":["2025NCSF02011","62102025","4222035","XSQD-202024003"],"award-info":[{"award-number":["2025NCSF02011","62102025","4222035","XSQD-202024003"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["2025NCSF02011","62102025","4222035","XSQD-202024003"],"award-info":[{"award-number":["2025NCSF02011","62102025","4222035","XSQD-202024003"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004826","name":"Beijing Natural Science Foundation","doi-asserted-by":"publisher","award":["2025NCSF02011","62102025","4222035","XSQD-202024003"],"award-info":[{"award-number":["2025NCSF02011","62102025","4222035","XSQD-202024003"]}],"id":[{"id":"10.13039\/501100004826","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012236","name":"Beijing Institute of Technology Research Fund Program for Young Scholars","doi-asserted-by":"publisher","award":["2025NCSF02011","62102025","4222035","XSQD-202024003"],"award-info":[{"award-number":["2025NCSF02011","62102025","4222035","XSQD-202024003"]}],"id":[{"id":"10.13039\/501100012236","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Algebraic persistent fault analysis (APFA) combines algebraic analysis with persistent fault analysis, providing a novel approach for examining block cipher implementation security. Since its introduction, APFA has attracted considerable attention. Traditionally, APFA has assumed that fault injection occurs solely within the S-box during the encryption process. Yet, algorithms like PRESENT and AES also utilize S-boxes in the key scheduling phase, sharing the same S-box implementation as encryption. This presents a previously unaddressed challenge for APFA. In this work, we extend APFA\u2019s fault injection and analysis capabilities to encompass the key scheduling stage, validating our approach on PRESENT. Our experimental findings indicate that APFA continues to be a viable approach. However, due to faults arising during the key scheduling process, the number of feasible candidate keys does not converge. To address this challenge, we expanded the depth of our fault analysis without increasing the number of faulty ciphertexts, effectively narrowing the key search space to near-uniqueness. By employing a compact S-box modeling approach, we were able to construct more concise algebraic equations with solving efficiency improvements ranging from tens to hundreds of times for PRESENT, SKINNY and CRAFT block ciphers. The efficiency gains became even more pronounced as the depth of the fault leakage increased, demonstrating the robustness and scalability of our approach.<\/jats:p>","DOI":"10.3390\/cryptography9020030","type":"journal-article","created":{"date-parts":[[2025,5,12]],"date-time":"2025-05-12T06:17:08Z","timestamp":1747030628000},"page":"30","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["General Extensions and Improvements of Algebraic Persistent Fault Analysis"],"prefix":"10.3390","volume":"9","author":[{"given":"Hanbing","family":"Li","sequence":"first","affiliation":[{"name":"School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing 100081, China"},{"name":"No. 208 Research Institute of China Ordnance Industries, Beijing 102202, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3624-9364","authenticated-orcid":false,"given":"Kexin","family":"Qiao","sequence":"additional","affiliation":[{"name":"School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing 100081, China"}]},{"given":"Ye","family":"Xu","sequence":"additional","affiliation":[{"name":"No. 208 Research Institute of China Ordnance Industries, Beijing 102202, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2845-6232","authenticated-orcid":false,"given":"Changhai","family":"Ou","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9873-1308","authenticated-orcid":false,"given":"An","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing 100081, China"}]}],"member":"1968","published-online":{"date-parts":[[2025,5,10]]},"reference":[{"key":"ref_1","unstructured":"Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y., and Vikkelsoe, C. (2007, January 10\u201313). PRESENT: An ultra-lightweight block cipher. Proceedings of the Cryptographic Hardware and Embedded Systems-CHES 2007: 9th International Workshop, Vienna, Austria. Proceedings 9."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., and Todo, Y. (2017, January 25\u201328). GIFT: A small present: Towards reaching the limit of lightweight encryption. Proceedings of the Cryptographic Hardware and Embedded Systems\u2013CHES 2017: 19th International Conference, Taipei, Taiwan. Proceedings.","DOI":"10.1007\/978-3-319-66787-4_16"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Beierle, C., Jean, J., K\u00f6lbl, S., Leander, G., Moradi, A., Peyrin, T., Sasaki, Y., Sasdrich, P., and Sim, S.M. (2016, January 14\u201318). The SKINNY family of block ciphers and its low-latency variant MANTIS. Proceedings of the Advances in Cryptology\u2013CRYPTO 2016: 36th Annual International Cryptology Conference, Santa Barbara, CA, USA. Proceedings, Part II 36.","DOI":"10.1007\/978-3-662-53008-5_5"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Guo, J., Peyrin, T., Poschmann, A., and Robshaw, M. (October, January 28). The LED block cipher. Proceedings of the Cryptographic Hardware and Embedded Systems\u2013CHES 2011: 13th International Workshop, Nara, Japan. Proceedings 13.","DOI":"10.1007\/978-3-642-23951-9_22"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"5","DOI":"10.46586\/tosc.v2019.i1.5-45","article-title":"CRAFT: Lightweight tweakable block cipher with efficient protection against DFA attacks","volume":"2019","author":"Beierle","year":"2019","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Joye, M., and Tunstall, M. (2012). (Eds.) Fault Analysis in Cryptography, Springer.","DOI":"10.1007\/978-3-642-29656-7"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1864","DOI":"10.1016\/j.jss.2013.02.021","article-title":"A fault induction technique based on voltage underfeeding with application to attacks against AES and RSA","volume":"86","author":"Barenghi","year":"2013","journal-title":"J. Syst. Softw."},{"key":"ref_8","unstructured":"Aum\u00fcller, C., Bier, P., Fischer, W., Hofreiter, P., and Seifert, J.P. (2002, January 13\u201315). Fault attacks on RSA with CRT: Concrete results and practical countermeasures. Proceedings of the Cryptographic Hardware and Embedded Systems-CHES 2002: 4th International Workshop, Redwood Shores, CA, USA. Revised Papers 4."},{"key":"ref_9","unstructured":"Hutter, M., and Schmidt, J.M. (2013, January 27\u201329). The temperature side channel and heating fault attacks. Proceedings of the Smart Card Research and Advanced Applications: 12th International Conference, CARDIS 2013, Berlin, Germany. Revised Selected Papers 12."},{"key":"ref_10","unstructured":"Skorobogatov, S.P., and Anderson, R.J. (2002, January 13\u201315). Optical fault induction attacks. Proceedings of the Cryptographic Hardware and Embedded Systems-CHES 2002: 4th International Workshop Redwood Shores, CA, USA. Revised Papers 4."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"425","DOI":"10.46586\/tches.v2024.i4.425-450","article-title":"Switching off your device does not protect against fault attacks","volume":"2024","author":"Grandamme","year":"2024","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref_12","first-page":"1","article-title":"Single\u2013Trace Template Attack on the DES Round Keys of a Recent Smart Card","volume":"2017","author":"Wagner","year":"2017","journal-title":"Cryptol. ePrint Arch."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Biham, E., and Shamir, A. (1997, January 17\u201321). Differential fault analysis of secret key cryptosystems. Proceedings of the Advances in Cryptology\u2014CRYPTO\u201997: 17th Annual International Cryptology Conference, Santa Barbara, CA, USA. Proceedings 17.","DOI":"10.1007\/BFb0052259"},{"key":"ref_14","unstructured":"Courtois, N.T., Jackson, K., and Ware, D. (2010, January 22\u201324). Fault-algebraic attacks on inner rounds of DES. Proceedings of the E-Smart\u201910 Proceedings: The Future of Digital Security Technologies, Strategies Telecom and Multimedia, Valbonne, French."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"150","DOI":"10.46586\/tches.v2018.i3.150-172","article-title":"Persistent fault analysis on block ciphers","volume":"2018","author":"Zhang","year":"2018","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"172","DOI":"10.46586\/tches.v2020.i2.172-195","article-title":"Persistent fault attack in practice","volume":"2020","author":"Zhang","year":"2020","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1","DOI":"10.62056\/a60l5wol7","article-title":"Practical persistent fault attacks on AES with instruction skip","volume":"2","author":"Nguyen","year":"2025","journal-title":"IACR Commun. Cryptol."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"289","DOI":"10.46586\/tches.v2022.i2.289-311","article-title":"Free fault leakages for deep exploitation: Algebraic persistent fault analysis on lightweight block ciphers","volume":"2022","author":"Zhang","year":"2022","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Fang, X., Zhang, H., Wang, D., Yan, H., Fan, F., and Shu, L. (2022). Algebraic persistent fault analysis of SKINNY_64 based on s_box decomposition. Entropy, 24.","DOI":"10.3390\/e24111508"},{"key":"ref_20","unstructured":"Soos, M., Nohl, K., and Castelluccia, C. (July, January 30). Extending SAT solvers to cryptographic problems. Proceedings of the International Conference on Theory and Applications of Satisfiability Testing, Swansea, UK."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1007\/s10207-009-0099-9","article-title":"Counting equations in algebraic attacks on block ciphers","volume":"9","author":"Knudsen","year":"2010","journal-title":"Int. J. Inf. Secur."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"521","DOI":"10.1080\/00029890.1952.11988183","article-title":"The problem of simplifying truth functions","volume":"59","author":"Quine","year":"1952","journal-title":"Am. Math. Mon."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Brayton, R.K., Hachtel, G.D., McMullen, C., and Sangiovanni-Vincentelli, A. (1984). Logic Minimization Algorithms for VLSI Synthesis, Springer Science & Business Media.","DOI":"10.1007\/978-1-4613-2821-6"},{"key":"ref_24","first-page":"1","article-title":"CNF characterization of sets over Z2n and its applications in cryptography","volume":"2023","author":"Hu","year":"2023","journal-title":"Cryptol. ePrint Arch."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Daemen, J., and Rijmen, V. (2002). The Design of Rijndael, Springer.","DOI":"10.1007\/978-3-662-04722-4"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"136","DOI":"10.1109\/TVLSI.2020.3033928","article-title":"Area-efficient nano-AES implementation for Internet-of-Things devices","volume":"29","author":"Shahbazi","year":"2020","journal-title":"IEEE Trans. Very Large Scale Integr. (VLSI) Syst."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Lu, M., Fan, A., Xu, J., and Shan, W. (2018, January 1\u20133). A compact, lightweight and low-cost 8-bit datapath AES circuit for IOT applications in 28nm CMOS. Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\/12th IEEE International Conference on Big Data Science And Engineering (TrustCom\/BigDataSE), New York, NY, USA.","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00204"},{"key":"ref_28","unstructured":"Rolfes, C., Poschmann, A., Leander, G., and Paar, C. (2008, January 8\u201311). Ultra-lightweight implementations for smart devices\u2013security for 1000 gate equivalents. Proceedings of the Smart Card Research and Advanced Applications: 8th IFIP WG 8.8\/11.2 International Conference, CARDIS 2008, London, UK. Proceedings 8."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Hanley, N., and ONeill, M. (2012, January 19\u201321). Hardware comparison of the ISO\/IEC 29192-2 block ciphers. Proceedings of the 2012 IEEE Computer Society Annual Symposium on VLSI, Amherst, MA, USA.","DOI":"10.1109\/ISVLSI.2012.25"},{"key":"ref_30","unstructured":"(2019). Information Security\u2014Lightweight Cryptography\u2014Part 2: Block Ciphers (Standard No. ISO\/IEC 29192-2:2019)."},{"key":"ref_31","unstructured":"(2022). Information Security\u2014Encryption Algorithms\u2014Part 7: Format-Preserving Encryption (Standard No. ISO\/IEC 18033-7:2022)."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Tay, J., Wong, M.D., Wong, M., Zhang, C., and Hijazin, I. (2015, January 4\u20135). Compact FPGA implementation of PRESENT with boolean s-box. Proceedings of the 2015 6th Asia Symposium on Quality Electronic Design (ASQED), Penang, Malaysia.","DOI":"10.1109\/ACQED.2015.7274024"},{"key":"ref_33","unstructured":"Zelewski, S. (2013). Komplexit\u00e4tstheorie: Als Instrument zur Klassifizierung und Beurteilung von Problemen des Operations Research, Springer."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Sanal, P., Karagoz, E., Seo, H., Azarderakhsh, R., and Mozaffari-Kermani, M. (2021, January 6\u20139). Kyber on ARM64: Compact implementations of Kyber on 64-bit ARM Cortex-A processors. Proceedings of the International Conference on Security and Privacy in Communication Systems, Virtual.","DOI":"10.1007\/978-3-030-90022-9_23"},{"key":"ref_35","unstructured":"Canto, A.C., Kaur, J., Kermani, M.M., and Azarderakhsh, R. (2023). Algorithmic security is insufficient: A comprehensive survey on implementation attacks haunting post-quantum security. arXiv."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/9\/2\/30\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:30:36Z","timestamp":1760031036000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/9\/2\/30"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,10]]},"references-count":35,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2025,6]]}},"alternative-id":["cryptography9020030"],"URL":"https:\/\/doi.org\/10.3390\/cryptography9020030","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2025,5,10]]}}}