Reduction in the Number of Fault Injections for Blind Fault Attack on SPN Block Ciphers

In 2014, a new fault analysis called blind fault attack (BFA) was proposed, in which attackers can only obtain the number of different faulty outputs without knowing the public data. The original BFA requires 480,000 fault injections to recover a 128-bit AES key. This work attempts to reduce the number of fault injections under the same attack assumptions. We analyze BFA from an information theoretical perspective and introduce a new probability-based distinguisher. Three approaches are proposed for different attack scenarios. The best one realized a 66.8% reduction of the number of fault injections on AES.

[1]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[2]  Georg Sigl,et al.  Ciphertext-Only Fault Attacks on PRESENT , 2014, LightSec.

[3]  Jean-Max Dutertre,et al.  Fault Model Analysis of Laser-Induced Faults in SRAM Memory Cells , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[4]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[5]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[6]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[7]  David Naccache,et al.  Blind Fault Attack against SPN Ciphers , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[8]  Yang Li,et al.  Yet Another Fault-Based Leakage in Non-uniform Faulty Ciphertexts , 2013, FPS.

[9]  Mitsugu Iwamoto,et al.  Information-Theoretic Approach to Optimal Differential Fault Analysis , 2012, IEEE Transactions on Information Forensics and Security.

[10]  An Wang,et al.  Fault Rate Analysis: Breaking Masked AES Hardware Implementations Efficiently , 2013, IEEE Transactions on Circuits and Systems II: Express Briefs.

[11]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[12]  Yang Li,et al.  New Fault-Based Side-Channel Attack Using Fault Sensitivity , 2012, IEEE Transactions on Information Forensics and Security.

[13]  Jean-Max Dutertre,et al.  A DFA on AES Based on the Entropy of Error Distributions , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[14]  Juliane Krämer,et al.  On the Optimality of Differential Fault Analyses on CLEFIA , 2015, MACIS.

[15]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[16]  Adrian Thillard,et al.  Fault Attacks on AES with Faulty Ciphertexts Only , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[17]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[18]  Yang Li,et al.  On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting , 2011, CHES.

[19]  Jie Zhang,et al.  DERA: Yet another differential fault attack on cryptographic devices based on error rate analysis , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[20]  Nahid Farhady Ghalaty,et al.  Differential Fault Intensity Analysis , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[21]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[22]  Karine Heydemann,et al.  Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[23]  Matthew J. B. Robshaw,et al.  Cryptographic Hardware and Embedded Systems – CHES 2014 , 2014, Lecture Notes in Computer Science.