Fault analysis of Kuznyechik

We present two fault analysis attacks on the new cipher Kuznyechik. In the differential fault attack the attacker is assumed to be able to fault a random byte in rounds seven and eight. It enables the attacker to recover the master key using an average of four faults. Another attack considers the cipher with a secret S-box. Utilizing an ineffective fault analysis in the byte stuck-at-zero fault model, we present an attack to recover both the master key and the secret S-box parameters. Both attacks demonstrate the importance of protecting the hardware and software implementations of the new standard even if its S-box is kept secret.