pith. sign in

arxiv: 2603.29382 · v2 · pith:YO3CHTL6new · submitted 2026-03-31 · 💻 cs.CR · cs.LG

Deep Learning-Assisted Improved Differential Fault Attacks on Lightweight Stream Ciphers

Kok Ping Lim , Dongyang Jia , Iftekhar Salam This is my paper

Pith reviewed 2026-05-21 10:40 UTC · model grok-4.3

classification 💻 cs.CR cs.LG
keywords differential fault attackdeep learningstream ciphersACORNMORUSATOMfault location identificationMLP
0
0 comments X

The pith

MLP models identify single-bit fault locations in ACORNv3, MORUSv2 and ATOM with accuracies up to 0.99988, enabling state recovery with fewer injections than prior methods.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper trains multilayer perceptron models on simulated single-bit faults at unknown locations to classify fault positions in three lightweight stream ciphers. High classification accuracy then feeds a threshold-based recovery procedure that reconstructs the initial state while limiting the number of required faults and the bits that must be guessed. The approach yields concrete reductions in attack complexity for ACORN and MORUS and shows that ATOM resists recovery unless fault location is known precisely. These results matter for IoT devices that rely on the ciphers, because they demonstrate a practical way to turn physical fault injection into key recovery under a relaxed fault model.

Core claim

Trained MLP models achieve identification accuracies of 0.999880 for ACORNv3, 0.999231 for MORUSv2 and 0.823568 for ATOM; a threshold-based procedure then recovers the initial state of ACORN with 21 to 34 faults and of MORUS with 213 to 248 faults while guessing at most six bits, lowering overall attack complexity relative to earlier differential fault analyses. ATOM exhibits greater resistance because most NFSR state bits require a precise-control fault model.

What carries the argument

Multilayer perceptron models trained to map observed ciphertext differences to the unknown location of a single-bit flip, followed by a threshold-based filtering step that selects consistent fault hypotheses for state recovery.

If this is right

  • ACORN initial state is recoverable with 21-34 faults and at most a few bits of guessing.
  • MORUS initial state is recoverable with 213-248 faults under the same relaxed model.
  • Both recoveries require fewer faults and lower complexity than previously published differential fault attacks on these ciphers.
  • ATOM resists recovery for most NFSR bits unless the attacker can control the exact fault location.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same training-plus-threshold pipeline could be applied to other feedback-shift-register ciphers once suitable simulation data are generated.
  • If the simulation-to-hardware gap proves small, device vendors may need new countermeasures that either hide fault effects or detect deep-learning-assisted analysis.
  • The reported accuracy gap between ATOM and the other two ciphers suggests that register size and nonlinear feedback structure directly affect how much information a single-bit fault leaks.

Load-bearing premise

Models trained only on simulated fault-injection data will generalize to the fault behavior that actually occurs when the same ciphers run on real hardware.

What would settle it

Measure whether the trained MLP still reaches at least 0.99 accuracy when the same ciphers are implemented on an FPGA or microcontroller and subjected to actual laser or voltage-glitch faults whose locations are later verified by side-channel or exhaustive search.

Figures

Figures reproduced from arXiv: 2603.29382 by Dongyang Jia, Iftekhar Salam, Kok Ping Lim.

Figure 1
Figure 1. Figure 1: Threshold-based secret recovery process. rate, and initial learning rate are selected through empirical experiments. The number of neurons is tuned by adjusting the parameters with a power of two, while the dropout rate is adjusted by increasing or decreasing the rate by 0.05. 3.2 Secret Recovery Once the MLP models are trained, we proceed to apply the differential fault attack on the targeted ciphers [PI… view at source ↗
Figure 2
Figure 2. Figure 2: Number of faults and threshold used in the experiments to recover the initial state of ACORNv3. In terms of secret recovery, a total of 400 experiments have been conducted to analyse the performance of the proposed method in recovering the initial state of ACORNv3. Excluding eight experiments that possess the case of error identification of fault location, the remaining experiments shows that the 293-bit i… view at source ↗
Figure 3
Figure 3. Figure 3: Number of linear differential equations produce by each fault location in ACORNv3 [PITH_FULL_IMAGE:figures/full_fig_p016_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Frequency of each number of faults used in the successful attacks. shows that the proposed MLP model outperforms the traditional signature-based method in fault location identification of MORUS. The state update function of MORUS utilizes AND, XOR, and rotation operations to create diffusion and update the state, affecting the propagation of faults within the state. In such case, the MLP model possesses a … view at source ↗
read the original abstract

Lightweight cryptographic primitives are widely deployed in resource-constrained environments, particularly in Internet of Things (IoT) devices. Due to their public accessibility, these devices are vulnerable to physical attacks, especially fault attacks. Recently, deep learning-based cryptanalytic techniques have demonstrated promising results; however, their application to fault attacks remains limited, particularly for stream ciphers. In this work, we investigate the feasibility of deep learning assisted differential fault attacks on three lightweight stream ciphers, namely ACORNv3, MORUSv2, and ATOM, under a relaxed fault model in which a single-bit bit-flipping fault is injected at an unknown location. We develop and train multilayer perceptron (MLP) models to identify the fault locations. Experimental results show that the trained models achieve high identification accuracies of 0.999880, 0.999231, and 0.823568 for ACORNv3, MORUSv2 and ATOM, respectively, and outperform traditional signature-based methods. For the secret recovery process, we introduce a threshold-based method to optimize the number of fault injections required to recover the secret information. The results show that the initial state of ACORN can be recovered with 21 to 34 faults, while MORUS requires 213 to 248 faults, with at most 6 bits of guessing. Both attacks reduce the attack complexity compared to existing works. For ATOM, the results show that it possesses a higher security margin, as the majority of state bits in the Nonlinear Feedback Shift Register (NFSR) can only be recovered under a precise control model. To the best of our knowledge, this work provides the first experimental results of differential fault attacks on ATOM.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 0 minor

Summary. The manuscript presents a deep learning-assisted approach to differential fault attacks on the lightweight stream ciphers ACORNv3, MORUSv2, and ATOM. Using multilayer perceptron (MLP) models trained to identify single-bit fault locations under a relaxed unknown-location model, the authors report identification accuracies of 0.999880, 0.999231, and 0.823568 for the three ciphers. They further introduce a threshold-based stopping rule for fault injections that allows recovery of the initial state with 21-34 faults for ACORN and 213-248 for MORUS, claiming reduced complexity over prior attacks. The work also provides the first DFA results on ATOM, noting its higher security margin.

Significance. Should the empirical results prove robust upon detailed validation, this paper would contribute to the intersection of machine learning and fault cryptanalysis by demonstrating practical improvements in attack efficiency for IoT-relevant primitives. The explicit comparison to signature-based methods and the extension to ATOM are positive aspects. The main limitation in assessing significance is the absence of sufficient experimental methodology details to confirm the reliability of the reported accuracies and fault counts.

major comments (2)
  1. Experimental Setup section: No information is given on the size of the training set for the MLP models, the validation procedure used to obtain the accuracies (e.g., train-test split or cross-validation), or how the baseline signature-based method was implemented for comparison. These omissions directly affect the ability to assess the statistical significance and reproducibility of the central claims regarding model performance (0.999880 for ACORNv3 etc.).
  2. Results and Discussion section: The attack is evaluated exclusively under simulated fault injection with a relaxed single-bit unknown-location model. There is no description of hardware experiments, characterization of actual fault behavior on target devices, or analysis of potential discrepancies between simulated and physical fault distributions. This is a load-bearing issue for the claim that the threshold-based method reduces attack complexity in practice.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive and detailed feedback on our manuscript. We have carefully reviewed the major comments and provide point-by-point responses below, indicating where revisions will be made to enhance reproducibility, clarity, and the discussion of limitations.

read point-by-point responses

  1. Referee: Experimental Setup section: No information is given on the size of the training set for the MLP models, the validation procedure used to obtain the accuracies (e.g., train-test split or cross-validation), or how the baseline signature-based method was implemented for comparison. These omissions directly affect the ability to assess the statistical significance and reproducibility of the central claims regarding model performance (0.999880 for ACORNv3 etc.).

    Authors: We agree that these methodological details are critical for reproducibility and for allowing readers to evaluate the statistical robustness of the reported accuracies. In the revised manuscript, we will expand the Experimental Setup section to specify the training set sizes (number of simulated fault samples per cipher), the validation procedure (including the train-test split ratio and any cross-validation folds used), and a full description of the signature-based baseline implementation, including the extracted features, matching rules, and comparison metrics. These additions will directly support assessment of the model performance claims. revision: yes

  2. Referee: Results and Discussion section: The attack is evaluated exclusively under simulated fault injection with a relaxed single-bit unknown-location model. There is no description of hardware experiments, characterization of actual fault behavior on target devices, or analysis of potential discrepancies between simulated and physical fault distributions. This is a load-bearing issue for the claim that the threshold-based method reduces attack complexity in practice.

    Authors: We acknowledge that the evaluation is performed exclusively via simulation under the stated relaxed single-bit unknown-location fault model, which is a standard approach in differential fault analysis literature to isolate algorithmic contributions. In the revision, we will add an explicit discussion in the Results and Discussion section addressing the simulation assumptions, citing relevant hardware fault characterization studies, and analyzing potential discrepancies (e.g., multi-bit faults or timing effects in real devices). We will also qualify the complexity reduction claims to apply specifically under the simulated model. However, new physical hardware experiments lie outside the scope of the current work, as they would require dedicated equipment and target platforms not available for this study; we will therefore frame the results as demonstrating feasibility and improvements within the defined model rather than claiming direct practical deployment. revision: partial

Circularity Check

0 steps flagged

No significant circularity; results are empirical measurements from ML training and simulation

full rationale

The paper's core claims consist of reported identification accuracies (0.999880 for ACORNv3 etc.) and fault counts (21-34 for ACORN) obtained by training MLP classifiers on simulated single-bit fault data and applying a threshold-based recovery procedure. These quantities are direct experimental outputs measured on held-out test sets or simulation runs rather than algebraic derivations, fitted parameters renamed as predictions, or self-citation chains that reduce the result to its own inputs by construction. No uniqueness theorems, ansatzes smuggled via prior work, or self-definitional loops appear in the abstract or described methodology. The derivation chain is therefore self-contained against external benchmarks such as prior differential fault attack literature.

Axiom & Free-Parameter Ledger

2 free parameters · 0 axioms · 0 invented entities

The central empirical claims rest on the effectiveness of MLP training under a simulated single-bit fault model and on the assumption that the threshold method correctly balances information gain against injection count; these elements are not independently derived from prior literature.

free parameters (2)
  • MLP architecture and training hyperparameters
    Number of layers, hidden units, learning rate and epochs chosen to reach the reported accuracies; not specified in abstract.
  • Threshold values for fault-injection stopping rule
    Values that determine when enough equations have been collected; not given in abstract.

pith-pipeline@v0.9.0 · 5845 in / 1360 out tokens · 76441 ms · 2026-05-21T10:40:17.463867+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

30 extracted references · 30 canonical work pages

  1. [1]

    CAAI Transactions on Intelli- gence Technology6(1), 17–24 (2021).https://doi.org/10.1049/cit2.12027

    Baksi, A., Sarkar, S., Siddhanti, A., Anand, R., Chattopadhyay, A.: Differential fault location identification by machine learning. CAAI Transactions on Intelli- gence Technology6(1), 17–24 (2021).https://doi.org/10.1049/cit2.12027

    work page doi:10.1049/cit2.12027 2021

  2. [2]

    IACR Transactions on Symmetric Cryptology2021(1), 5–36 (Mar 2021).https://doi.org/10.46586/tosc.v2021

    Banik, S., Caforio, A., Isobe, T., Liu, F., Meier, W., Sakamoto, K., Sarkar, S.: Atom: A stream cipher with double key filter. IACR Transactions on Symmetric Cryptology2021(1), 5–36 (Mar 2021).https://doi.org/10.46586/tosc.v2021. i1.5-36

    work page doi:10.46586/tosc.v2021 2021

  3. [3]

    Differential fault analysis of secret key cryptosystems

    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) Advances in Cryptology — CRYPTO ’97. pp. 513–525. Springer, Berlin, Heidelberg (1997).https://doi.org/10.1007/BFb0052259

    work page doi:10.1007/bfb0052259 1997

  4. [4]

    In: Fumy, W

    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking crypto- graphic protocols for faults. In: Fumy, W. (ed.) Advances in Cryptology — EU- ROCRYPT ’97. pp. 37–51. Springer, Berlin, Heidelberg (1997).https://doi.org/ 10.1007/3-540-69053-0_4

    work page doi:10.1007/3-540-69053-0_4 1997

  5. [5]

    Cryptology ePrint Archive, Paper 2023/021 (2023),https://eprint.iacr.org/2023/021

    Cheng, Y., Ou, C., Zhang, F., Zheng, S., Xu, S., Long, J.: DLFA: Deep learn- ing based fault analysis against block ciphers. Cryptology ePrint Archive, Paper 2023/021 (2023),https://eprint.iacr.org/2023/021

    work page 2023

  6. [6]

    In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R

    Dalai, D.K., Roy, D.: A state recovery attack on ACORN-v1 and ACORN-v2. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds.) Network and Sys- tem Security. pp. 332–345. Springer, Cham (2017).https://doi.org/10.1007/ 978-3-319-64701-2_24

    work page 2017

  7. [7]

    In: Advances in Cryptology – CRYPTO 2019: 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2019, Proceed- ings, Part II

    Gohr, A.: Improving attacks on round-reduced Speck32/64 using deep learn- ing. In: Advances in Cryptology – CRYPTO 2019: 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2019, Proceed- ings, Part II. p. 150–179. Springer, Cham (2019).https://doi.org/10.1007/ 978-3-030-26951-7_6

    work page 2019

  8. [8]

    In: Joye, M., Quisquater, J.J

    Hoch, J.J., Shamir, A.: Fault analysis of stream ciphers. In: Joye, M., Quisquater, J.J. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2004. pp. 240–253. Springer, Berlin, Heidelberg (2004).https://doi.org/10.1007/ 978-3-540-28632-5_18

    work page 2004

  9. [9]

    Security and Communication Networks2021(1), 9288229 (2021).https://doi

    Hou, Z., Ren, J., Chen, S.: Improve neural distinguishers of SIMON and SPECK. Security and Communication Networks2021(1), 9288229 (2021).https://doi. org/10.1155/2021/9288229

    work page doi:10.1155/2021/9288229 2021

  10. [10]

    Entropy25(7) (2023)

    Kim, H., Lim, S., Kang, Y., Kim, W., Kim, D., Yoon, S., Seo, H.: Deep-learning- based cryptanalysis of lightweight block ciphers revisited. Entropy25(7) (2023). https://doi.org/10.3390/e25070986

    work page doi:10.3390/e25070986 2023

  11. [11]

    Chinese Journal of Electronics30(3), 534–541 (2021).https://doi.org/10.1049/ cje.2021.04.007

    Ma, Z., Tian, T., Qi, W.: Differential fault attack on the stream cipher LIZARD. Chinese Journal of Electronics30(3), 534–541 (2021).https://doi.org/10.1049/ cje.2021.04.007

    work page 2021

  12. [12]

    Cryptology ePrint Archive, Paper 2015/236 (2015),https://eprint.iacr.org/2015/236

    Maitra, S., Sarkar, S., Baksi, A., Dey, P.: Key recovery from state information of Sprout: application to cryptanalysis and fault attack. Cryptology ePrint Archive, Paper 2015/236 (2015),https://eprint.iacr.org/2015/236

    work page 2015

  13. [13]

    IEEE Transactions on Computers66(10), 1804–1808 (2017).https://doi.org/ 10.1109/TC.2017.2700469

    Maitra, S., Siddhanti, A., Sarkar, S.: A differential fault attack on Plantlet. IEEE Transactions on Computers66(10), 1804–1808 (2017).https://doi.org/ 10.1109/TC.2017.2700469

    work page doi:10.1109/tc.2017.2700469 2017

  14. [14]

    IEEE Transactions on Computers73(6), 1631–1639 (2024)

    Mondal, S.K., Dey, P., Roy, H.S., Adhikari, A., Maitra, S.: Improved fault analysis on Subterranean 2.0. IEEE Transactions on Computers73(6), 1631–1639 (2024). https://doi.org/10.1109/TC.2024.3371784

    work page doi:10.1109/tc.2024.3371784 2024

  15. [15]

    Journal of Cryptographic Engineering 10(2), 189–195 (Jun 2020).https://doi.org/10.1007/s13389-020-00222-x

    Orumiehchiha, M.A., Rostami, S., Shakour, E., Pieprzyk, J.: A differential fault attack on the WG family of stream ciphers. Journal of Cryptographic Engineering 10(2), 189–195 (Jun 2020).https://doi.org/10.1007/s13389-020-00222-x

    work page doi:10.1007/s13389-020-00222-x 2020

  16. [16]

    In: Boyd, C., Safavi-Naini, R., Simpson, L

    Prajasantosa, S.R., Salam, I.: Differential fault analysis of TinyJAMBU. In: Boyd, C., Safavi-Naini, R., Simpson, L. (eds.) Information Security in a Connected World: Celebrating the Life and Work of Ed Dawson. pp. 68–88. Springer, Cham (2025). https://doi.org/10.1007/978-3-031-83490-5_4

    work page doi:10.1007/978-3-031-83490-5_4 2025

  17. [17]

    In: 2025 6th International Conference on Recent Advances in Information Technology (RAIT)

    Radheshwar, R., Roy, D.: Differential fault attack on ChaosForge. In: 2025 6th International Conference on Recent Advances in Information Technology (RAIT). pp. 1–6 (2025).https://doi.org/10.1109/RAIT65068.2025.11089261

    work page doi:10.1109/rait65068.2025.11089261 2025

  18. [18]

    Journal of Cryptographic Engineering15, 3 (Jan 2025)

    Rostami, S., Orumiehchiha, M.A., Shakour, E., Alizadeh, S.: Fault attack on eno- coro stream cipher family. Journal of Cryptographic Engineering15, 3 (Jan 2025). https://doi.org/10.1007/s13389-024-00367-z

    work page doi:10.1007/s13389-024-00367-z 2025

  19. [19]

    Journal of Cryp- tology36(3), 19 (May 2023).https://doi.org/10.1007/s00145-023-09462-6

    Saha, S., Alam, M., Bag, A., Mukhopadhyay, D., Dasgupta, P.: Learn from your faults: Leakage assessment in fault attacks using deep learning. Journal of Cryp- tology36(3), 19 (May 2023).https://doi.org/10.1007/s00145-023-09462-6

    work page doi:10.1007/s00145-023-09462-6 2023

  20. [20]

    IEEE Access9, 72568–72586 (2021).https://doi.org/ 10.1109/ACCESS.2021.3078845

    Salam, I., Ooi, T.H., Xue, L., Yau, W.C., Pieprzyk, J., Phan, R.C.W.: Random differential fault attacks on the lightweight authenticated encryption stream ci- pher Grain-128AEAD. IEEE Access9, 72568–72586 (2021).https://doi.org/ 10.1109/ACCESS.2021.3078845

    work page doi:10.1109/access.2021.3078845 2021

  21. [21]

    Journal of Cryptographic Engineering13, 265–281 (Sep 2023).https://doi.org/10.1007/ s13389-023-00326-0

    Salam, I., Yau, W.C., Phan, R.C.W., Pieprzyk, J.: Differential fault attacks on the lightweight authenticated encryption algorithm CLX-128. Journal of Cryptographic Engineering13, 265–281 (Sep 2023).https://doi.org/10.1007/ s13389-023-00326-0

    work page 2023

  22. [22]

    In: Ali, S.S., Danger, J.L., Eisenbarth, T

    Siddhanti, A., Sarkar, S., Maitra, S., Chattopadhyay, A.: Differential fault attack on Grainv1, ACORNv3 and Lizard. In: Ali, S.S., Danger, J.L., Eisenbarth, T. (eds.) Security, Privacy, and Applied Cryptography Engineering – SPACE 2017. pp. 247–

    work page 2017

  23. [23]

    Springer, Cham (2017).https://doi.org/10.1007/978-3-319-71501-8_14

    work page doi:10.1007/978-3-319-71501-8_14 2017

  24. [24]

    Computers14(12) (2025).https://doi.org/10.3390/computers14120505

    Silva, C., Ten´ orio, N., Bernardino, J.: Lightweight encryption algorithms for IoT. Computers14(12) (2025).https://doi.org/10.3390/computers14120505

    work page doi:10.3390/computers14120505 2025

  25. [25]

    Cryptology ePrint Archive, Paper 2020/022 (2020),https://eprint.iacr.org/2020/022

    Wong, K.K.H., Bartlett, H., Simpson, L., Dawson, E.: Differential random fault attacks on certain CAESAR stream ciphers (supplementary material). Cryptology ePrint Archive, Paper 2020/022 (2020),https://eprint.iacr.org/2020/022

    work page 2020

  26. [26]

    Wu, H.: Acorn: A lightweight authenticated cipher (v3) (2016),https:// competitions.cr.yp.to/round3/acornv3.pdf

    work page 2016

  27. [27]

    Wu, H., Huang, T.: The authenticated cipher MORUS (v2) (2016),https:// competitions.cr.yp.to/round3/morusv2.pdf

    work page 2016

  28. [28]

    International Journal of Intelligent Systems37(10), 7584–7613 (2022).https://doi.org/10.1002/int.22895

    Zahednejad, B., Lyu, L.: An improved integral distinguisher scheme based on neural networks. International Journal of Intelligent Systems37(10), 7584–7613 (2022).https://doi.org/10.1002/int.22895

    work page doi:10.1002/int.22895 2022

  29. [29]

    Security and Communication Networks2017(1), 3834685 (2017).https://doi

    Zhang, X., Feng, X., Lin, D.: Fault attack on the authenticated cipher ACORNv2. Security and Communication Networks2017(1), 3834685 (2017).https://doi. org/10.1155/2017/3834685

    work page doi:10.1155/2017/3834685 2017

  30. [30]

    The Computer Journal 61(8), 1166–1179 (05 2018).https://doi.org/10.1093/comjnl/bxy044

    Zhang, X., Feng, X., Lin, D.: Fault attack on ACORN v3. The Computer Journal 61(8), 1166–1179 (05 2018).https://doi.org/10.1093/comjnl/bxy044

    work page doi:10.1093/comjnl/bxy044 2018