This paper proposes two Differential Fault Attacks on the lightweight block cipher KLEIN. Variant one targets the intermediate state of the cipher. Using at least five faulty ciphertexts, the attacker is able to determine the last round key. The second variant, which works only on KLEIN-64, injects a byte-fault in the key schedule and requires at least four faulty ciphertexts in order to determine the whole key. Furthermore, we demonstrate the efficiency of both attack methods by simulation.
