Papers
Topics
Authors
Recent
Search
2000 character limit reached

Deep Learning-Assisted Improved Differential Fault Attacks on Lightweight Stream Ciphers

Published 31 Mar 2026 in cs.CR and cs.LG | (2603.29382v1)

Abstract: Lightweight cryptographic primitives are widely deployed in resource-constraint environment, particularly in the Internet of Things (IoT) devices. Due to their public accessibility, these devices are vulnerable to physical attacks, especially fault attacks. Recently, deep learning-based cryptanalytic techniques have demonstrated promising results; however, their application to fault attacks remains limited, particularly for stream ciphers. In this work, we investigate the feasibility of deep learning assisted differential fault attack on three lightweight stream ciphers, namely ACORNv3, MORUSv2 and ATOM, under a relaxed fault model, where a single-bit bit-flipping fault is injected at an unknown location. We train multilayer perceptron (MLP) models to identify the fault locations. Experimental results show that the trained models achieve high identification accuracies of 0.999880, 0.999231 and 0.823568 for ACORNv3, MORUSv2 and ATOM, respectively, and outperform traditional signature-based methods. For the secret recovery process, we introduce a threshold-based method to optimize the number of fault injections required to recover the secret information. The results show that the initial state of ACORN can be recovered with 21 to 34 faults; while MORUS requires 213 to 248 faults, with at most 6 bits of guessing. Both attacks reduce the attack complexity compared to existing works. For ATOM, the results show that it possesses a higher security margin, as majority of state bits in the Non-linear Feedback Shift Register (NFSR) can only be recovered under a precise control model. To the best of our knowledge, this work provides the first experimental results of differential fault attacks on ATOM.

Summary

  • The paper demonstrates a two-stage deep learning framework that accurately localizes faults in lightweight stream ciphers using tailored MLPs for each cipher.
  • The methodology achieves near-optimal accuracies (up to 99.99% on ACORNv3 and MORUSv2) while significantly reducing fault injection counts and computational overhead.
  • The study underscores the limitations of current DFA on robust designs like ATOM, prompting new defensive considerations in IoT cipher design.

Deep Learning-Assisted Enhanced Differential Fault Attacks on Lightweight Stream Ciphers

Introduction

This work, "Deep Learning-Assisted Improved Differential Fault Attacks on Lightweight Stream Ciphers" (2603.29382), methodically advances the application of deep learning (DL) to the cryptanalysis of lightweight stream ciphers, particularly within a fault attack paradigm where the adversary lacks control over fault injection locality. The investigation centers on ACORNv3, MORUSv2, and ATOM—ciphers with varied characteristics and security margins—which are central to deployed IoT security protocols.

Central to this contribution is a two-stage framework: first, leveraging multilayer perceptron (MLP) architectures for robust and precise fault location identification; second, implementing a threshold-driven fault injection and equation generation strategy to optimize recovery of cipher internal states or secret keys. The study delivers the first empirical DFA results for ATOM and demonstrates substantial improvements in attack complexity on ACORNv3 and MORUSv2 over existing approaches.

Deep Learning-Based Fault Location Identification

The authors characterize the criticality of accurate fault localization, especially under no control models. Misidentification yields incorrect algebraic equations, undermining state recovery. For each cipher, large datasets of differential keystream traces versus fault locations are generated via extensive simulation, supporting supervised MLP training.

For ACORNv3 and MORUSv2, the trained MLPs exhibit reliability approaching theoretical optima, achieving accuracies of 0.99988 and 0.99923 respectively—well above signature-based baselines and set-based techniques. Figure 1

Figure 1: Threshold-based secret recovery process.

The models' architectures are tailored per cipher and input length, and hyperparameters are subject to exhaustive search over network topology and regularization. The interdependence of modern stream cipher operations (bitwise logic, diffusion, state rotations) renders the propagation of single-bit faults a highly non-linear, cipher-dependent function—an appropriate scenario for capacity-rich, regularized neural models. These improvements in classification accuracy directly decrease the requirement for redundant fault injection, reducing operational overhead and detection risk.

On ATOM, the problem is distinguished by double key filtering and variable keystream mapping, lowering MLP identification reliability to 0.8236. Nonetheless, this still outperforms classical alternatives, and the difficulty in achieving high accuracy underscores ATOM's increased security margin.

Differential Fault Attack Framework

The practical attack proceeds iteratively: for each unique fault injection, the differential keystream trace is processed through the MLP for fault localization, then the corresponding high-degree algebraic equations are constructed. A tunable threshold on equation count controls when to attempt system-solving—using SageMath's Gr\"obner basis engine—maximizing the probability of rapid, complete state recovery. Figure 2

Figure 2: Number of faults and threshold used in the experiments to recover the initial state of ACORNv3.

The threshold is empirically chosen for each cipher. On ACORNv3, a threshold of 150 linear equations balances fault injection cost and equation solvability; on MORUSv2, this number increases to 896 due to the state size and algebraic density. Figure 3

Figure 3: Number of linear differential equations produced by each fault location in ACORNv3.

Selective injection at state positions producing denser linear equations accelerates recovery on ACORNv3, but such selectivity is not available in the no-control model. Full state recovery is realized in 98% of ACORNv3 trials, requiring 21–34 fault injections—lower than existing methods, which either require more faults or exponential additional key assumptions.

On MORUSv2, successful attacks require 213–248 faults; in the presence of equation underdetermination, at most 6 bits must be brute-guessed, reducing total complexity to 262^6 candidate solutions, versus a far higher complexity for non-DL or control-dependent methods. Figure 4

Figure 4: Frequency of each number of faults used in the successful attacks.

In the case of ATOM, even with optimized MLP-driven processes, the security architecture (notably, the double key filter and highly non-deterministic state update functions) precludes full recovery under a no-control fault model. Under theoretically advantageous precise-control, partial NFSR state recovery is achievable with ≥46 faults, but a time complexity of at least 2602^{60} remains due to requisite key bit guessing and insufficient information density.

Numerical Results and Comparative Analysis

The empirical analysis across hundreds of simulation-based attacks substantiates the following claims:

  • ACORNv3: State recovery with only 21–34 faults, without any reliance on guess-and-determine strategies, and with negligible computation time for the equation solving phase. This marks a significant reduction in both data and time complexity compared to prior art, where state bit guessing and higher numbers of faults are common requirements.
  • MORUSv2: Full-state recovery is achievable with 213–248 fault injections in 81% of runs, with the rest impeded by MLP misidentification. The need for limited state guesses (≤6 bits) is a pronounced improvement over previously incomplete or unimplemented theoretical analyses.
  • ATOM: Under the realistic assumption set, even with enhanced MLP-based location identification, practical full recovery is infeasible, providing concrete experimental evidence for ATOM's superior resilience in this attack class.

These results, particularly regarding ACORNv3 and MORUSv2, highlight the synergistic effect of deep learning-based localization—facilitating the practical construction and solution of non-linear differential equation systems—and thresholded equation inclusion for complexity minimization.

Practical and Theoretical Implications

From a practical perspective, the results establish the necessity for cipher designers to consider DL-augmented cryptanalytic models in their threat assumptions. The negligible time complexity and reduced fault requirements directly degrade the real-world security of stream ciphers such as ACORNv3 and MORUSv2 in open, adversarial environments.

Theoretically, the work demonstrates the feasibility and value of applying machine learning to phases of cryptanalysis hitherto considered too structured for substantial gain, namely fault localization under non-deterministic models. Furthermore, it confirms that equation system composition, including higher-degree algebraic relations, can synergize with modern algebraic solvers to bypass complexity barriers that stymied traditional approaches reliant on linearization or guessing.

On ATOM, the limits encountered highlight architectural features (opaque, non-deterministic key-dependent filtering) that can effectively frustrate even advanced DL-boosted DFA, prompting further study into such defensive mechanisms.

Future Perspectives

The paper points toward further research in attacking primitive designs protected by even less favorable assumptions (e.g., entirely random multi-fault models, increased key dependence). Additional investigative avenues include applying reinforcement learning to dynamically optimize fault injection targeting, automating equation system selection, and extending the framework to block ciphers and a broader class of IoT-specific primitives.

Integrating more expressive models, such as Graph Neural Networks or attention-based architectures, could further improve complex fault propagation learning, especially in ciphers like ATOM. Another open direction is post-mortem recovery—solving system equations even with some degree of localization error, potentially yielding partial state extraction in practical deployments.

Conclusion

This study delivers a formalized, empirically validated framework for augmenting differential fault attacks on state-of-the-art lightweight stream ciphers with neural network-based fault localization and threshold-driven system solving. For ACORNv3 and MORUSv2, the approach dramatically reduces attack cost and complexity below prior work, setting new practical security bounds. Notably, the work exposes the current limitations of DFA on double-filtered constructions like ATOM, underlining relevant design strategies for future lightweight primitives. The confluence of deep learning and algebraic cryptanalytic techniques as demonstrated here is likely to set the direction for subsequent theoretical and applied research at the intersection of ML and hardware-centric cryptanalysis.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We found no open problems mentioned in this paper.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.