论文信息 - Differential Fault Analysis on the AES Key Schedule

Differential Fault Analysis on the AES Key Schedule

This letter proposes a dierential fault analysis on the AES key schedule and shows how an entire 128-bit AES key can be retrieved. In the workshop at FDTC 2007, we presented the DFA mechanism on the AES key schedule and proposed general attack rules. Using our proposed rules, we showed an ecient attack that can retrieve 80 bits of the 128-bit key. Recently, we have found a new attack that can obtain an additional 8 bits compared with our previous attack. As a result, we present most ecient attack for retrieving 88 bits of the 128-bit key using approximately two pairs of correct and faulty ciphertexts.

Junko Takahashi | Toshinori Fukunaga

[1] Vincent Rijmen,et al. Advanced Encryption Standard - AES, 4th International Conference, AES 2004, Bonn, Germany, May 10-12, 2004, Revised Selected and Invited Papers , 2005, AES Conference.

[2] Eli Biham,et al. Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[3] Pierre Dusart,et al. Differential Fault Analysis on A.E.S , 2003, ACNS.

[4] Jean-Jacques Quisquater,et al. A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[5] Christophe Giraud,et al. DFA on AES , 2004, AES Conference.

[6] Kimihiro Yamakoshi,et al. DFA Mechanism on the AES Key Schedule , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[7] Sung-Ming Yen,et al. Differential Fault Analysis on AES Key Schedule and Some Coutnermeasures , 2003, ACISP.

[8] Amir Moradi,et al. A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.