- The paper demonstrates a two-stage deep learning framework that accurately localizes faults in lightweight stream ciphers using tailored MLPs for each cipher.
- The methodology achieves near-optimal accuracies (up to 99.99% on ACORNv3 and MORUSv2) while significantly reducing fault injection counts and computational overhead.
- The study underscores the limitations of current DFA on robust designs like ATOM, prompting new defensive considerations in IoT cipher design.
Deep Learning-Assisted Enhanced Differential Fault Attacks on Lightweight Stream Ciphers
Introduction
This work, "Deep Learning-Assisted Improved Differential Fault Attacks on Lightweight Stream Ciphers" (2603.29382), methodically advances the application of deep learning (DL) to the cryptanalysis of lightweight stream ciphers, particularly within a fault attack paradigm where the adversary lacks control over fault injection locality. The investigation centers on ACORNv3, MORUSv2, and ATOM—ciphers with varied characteristics and security margins—which are central to deployed IoT security protocols.
Central to this contribution is a two-stage framework: first, leveraging multilayer perceptron (MLP) architectures for robust and precise fault location identification; second, implementing a threshold-driven fault injection and equation generation strategy to optimize recovery of cipher internal states or secret keys. The study delivers the first empirical DFA results for ATOM and demonstrates substantial improvements in attack complexity on ACORNv3 and MORUSv2 over existing approaches.
Deep Learning-Based Fault Location Identification
The authors characterize the criticality of accurate fault localization, especially under no control models. Misidentification yields incorrect algebraic equations, undermining state recovery. For each cipher, large datasets of differential keystream traces versus fault locations are generated via extensive simulation, supporting supervised MLP training.
For ACORNv3 and MORUSv2, the trained MLPs exhibit reliability approaching theoretical optima, achieving accuracies of 0.99988 and 0.99923 respectively—well above signature-based baselines and set-based techniques.
Figure 1: Threshold-based secret recovery process.
The models' architectures are tailored per cipher and input length, and hyperparameters are subject to exhaustive search over network topology and regularization. The interdependence of modern stream cipher operations (bitwise logic, diffusion, state rotations) renders the propagation of single-bit faults a highly non-linear, cipher-dependent function—an appropriate scenario for capacity-rich, regularized neural models. These improvements in classification accuracy directly decrease the requirement for redundant fault injection, reducing operational overhead and detection risk.
On ATOM, the problem is distinguished by double key filtering and variable keystream mapping, lowering MLP identification reliability to 0.8236. Nonetheless, this still outperforms classical alternatives, and the difficulty in achieving high accuracy underscores ATOM's increased security margin.
Differential Fault Attack Framework
The practical attack proceeds iteratively: for each unique fault injection, the differential keystream trace is processed through the MLP for fault localization, then the corresponding high-degree algebraic equations are constructed. A tunable threshold on equation count controls when to attempt system-solving—using SageMath's Gr\"obner basis engine—maximizing the probability of rapid, complete state recovery.
Figure 2: Number of faults and threshold used in the experiments to recover the initial state of ACORNv3.
The threshold is empirically chosen for each cipher. On ACORNv3, a threshold of 150 linear equations balances fault injection cost and equation solvability; on MORUSv2, this number increases to 896 due to the state size and algebraic density.
Figure 3: Number of linear differential equations produced by each fault location in ACORNv3.
Selective injection at state positions producing denser linear equations accelerates recovery on ACORNv3, but such selectivity is not available in the no-control model. Full state recovery is realized in 98% of ACORNv3 trials, requiring 21–34 fault injections—lower than existing methods, which either require more faults or exponential additional key assumptions.
On MORUSv2, successful attacks require 213–248 faults; in the presence of equation underdetermination, at most 6 bits must be brute-guessed, reducing total complexity to 26 candidate solutions, versus a far higher complexity for non-DL or control-dependent methods.
Figure 4: Frequency of each number of faults used in the successful attacks.
In the case of ATOM, even with optimized MLP-driven processes, the security architecture (notably, the double key filter and highly non-deterministic state update functions) precludes full recovery under a no-control fault model. Under theoretically advantageous precise-control, partial NFSR state recovery is achievable with ≥46 faults, but a time complexity of at least 260 remains due to requisite key bit guessing and insufficient information density.
Numerical Results and Comparative Analysis
The empirical analysis across hundreds of simulation-based attacks substantiates the following claims:
- ACORNv3: State recovery with only 21–34 faults, without any reliance on guess-and-determine strategies, and with negligible computation time for the equation solving phase. This marks a significant reduction in both data and time complexity compared to prior art, where state bit guessing and higher numbers of faults are common requirements.
- MORUSv2: Full-state recovery is achievable with 213–248 fault injections in 81% of runs, with the rest impeded by MLP misidentification. The need for limited state guesses (≤6 bits) is a pronounced improvement over previously incomplete or unimplemented theoretical analyses.
- ATOM: Under the realistic assumption set, even with enhanced MLP-based location identification, practical full recovery is infeasible, providing concrete experimental evidence for ATOM's superior resilience in this attack class.
These results, particularly regarding ACORNv3 and MORUSv2, highlight the synergistic effect of deep learning-based localization—facilitating the practical construction and solution of non-linear differential equation systems—and thresholded equation inclusion for complexity minimization.
Practical and Theoretical Implications
From a practical perspective, the results establish the necessity for cipher designers to consider DL-augmented cryptanalytic models in their threat assumptions. The negligible time complexity and reduced fault requirements directly degrade the real-world security of stream ciphers such as ACORNv3 and MORUSv2 in open, adversarial environments.
Theoretically, the work demonstrates the feasibility and value of applying machine learning to phases of cryptanalysis hitherto considered too structured for substantial gain, namely fault localization under non-deterministic models. Furthermore, it confirms that equation system composition, including higher-degree algebraic relations, can synergize with modern algebraic solvers to bypass complexity barriers that stymied traditional approaches reliant on linearization or guessing.
On ATOM, the limits encountered highlight architectural features (opaque, non-deterministic key-dependent filtering) that can effectively frustrate even advanced DL-boosted DFA, prompting further study into such defensive mechanisms.
Future Perspectives
The paper points toward further research in attacking primitive designs protected by even less favorable assumptions (e.g., entirely random multi-fault models, increased key dependence). Additional investigative avenues include applying reinforcement learning to dynamically optimize fault injection targeting, automating equation system selection, and extending the framework to block ciphers and a broader class of IoT-specific primitives.
Integrating more expressive models, such as Graph Neural Networks or attention-based architectures, could further improve complex fault propagation learning, especially in ciphers like ATOM. Another open direction is post-mortem recovery—solving system equations even with some degree of localization error, potentially yielding partial state extraction in practical deployments.
Conclusion
This study delivers a formalized, empirically validated framework for augmenting differential fault attacks on state-of-the-art lightweight stream ciphers with neural network-based fault localization and threshold-driven system solving. For ACORNv3 and MORUSv2, the approach dramatically reduces attack cost and complexity below prior work, setting new practical security bounds. Notably, the work exposes the current limitations of DFA on double-filtered constructions like ATOM, underlining relevant design strategies for future lightweight primitives. The confluence of deep learning and algebraic cryptanalytic techniques as demonstrated here is likely to set the direction for subsequent theoretical and applied research at the intersection of ML and hardware-centric cryptanalysis.