Fault Analysis on Stream Cipher MUGI

This paper proposes differential fault analysis, which is a well-known type of fault analysis, on a stream cipher MUGI, which uses two kinds of update functions of an intermediate state. MUM was proposed by Hitachi, Ltd. in 2002 and it is specified as ISO/IEC 18033-4 for keystream generation. Fault analysis is a side-channel attack that uses the faulty output obtained by inducing faults into secure devices. To the best knowledge of the authors, this is the first paper that proposes applying fault analysis to MUM. The proposed attack uses the relation between two kinds of the update functions that are mutually dependent. As a result, our attack can recover a 128-bit secret key using 12.54 pairs of correct and faulty outputs on average within 1 sec.