Fault attacks on Tiaoxin-346.

This paper describes two different fault injection attacks on the authenticated encryption stream cipher Tiaoxin-346, a third round candidate in the CAESAR cryptographic competition. The first type of fault injection uses a bit-flipping fault model to conduct a forgery attack. The number of faulty bits required for this forgery attack is twice the number of bit modifications made in the input message. The second type of fault injection uses a random fault model in a differential fault attack to recover the secret key of the cipher. A successful attack can be performed with 36 random multi-byte faults and a computational complexity of 2 36 . This second attack improves on the previous key recovery attack of Dey et. al., as the random fault model we use is more practical than the bit flipping model used in their attack.