Improved Differential Fault Analysis on AES Key Schedule

Differential fault analysis (DFA) finds the key of a block cipher using differential information between correct and faulty ciphertexts obtained by inducing faults during the computation of ciphertexts. Among many ciphers, advanced encryption standard (AES) has been the main target of DFA due to its popularity. The naive implementation of AES is known to be vulnerable to DFA, which can be split into two categories depending on the fault location: the DFA on the State and the DFA on the Key Schedule. For the first category, much research has been done and very efficient methods were devised. However, there is still a lack of research in the second category. The advantage of DFA on the Key Schedule is that it can even defeat some fault-protected AES implementations. Research on DFA has been diversified into several directions: reducing the number of required faults, changing fault models (from one-byte fault to multibyte fault and vise versa), extending to AES-192 and AES-256, and exploiting faults induced at an earlier round. This paper deals with all these directions together in DFA on AES Key Schedule. We introduce new attacks that find the AES-128 key with two faults in a one-byte fault model without exhaustive search and the AES-192 and the AES-256 keys with six and four faults, respectively.

[1]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[2]  Matthieu Rivain,et al.  Differential Fault Analysis on DES Middle Rounds , 2009, CHES.

[3]  Debdeep Mukhopadhyay,et al.  An Improved Fault Based Attack of the Advanced Encryption Standard , 2009, AFRICACRYPT.

[4]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[5]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[6]  Noémie Floissac,et al.  From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks on Key Expansion , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[7]  Sung-Ming Yen,et al.  Amplifying Side-Channel Attacks with Techniques from Block Cipher Cryptanalysis , 2006, CARDIS.

[8]  Dawu Gu,et al.  Differential fault analysis on the contracting UFN structure, with application to SMS4 and MacGuffin , 2009, J. Syst. Softw..

[9]  Alessandro Barenghi,et al.  Low Voltage Fault Attacks to AES and RSA on General Purpose Processors , 2010, IACR Cryptol. ePrint Arch..

[10]  Amir Moradi,et al.  A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.

[11]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[12]  Ludger Hemme,et al.  A Differential Fault Attack Against Early Rounds of (Triple-)DES , 2004, CHES.

[13]  Junko Takahashi,et al.  Differential Fault Analysis on AES with 192 and 256-Bit Keys , 2010, IACR Cryptol. ePrint Arch..

[14]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[15]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[16]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[17]  Chong Hee Kim,et al.  Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults , 2010, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[18]  Jean-Jacques Quisquater,et al.  New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough , 2008, CARDIS.

[19]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[20]  Debdeep Mukhopadhyay,et al.  Improved Differential Fault Analysis of CLEFIA , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[21]  Junko Takahashi,et al.  Practical Fault Attack on a Cryptographic LSI with ISO/IEC 18033-3 Block Ciphers , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[22]  Junko Takahashi,et al.  Differential Fault Analysis on the AES Key Schedule , 2007, IACR Cryptol. ePrint Arch..

[23]  Kimihiro Yamakoshi,et al.  DFA Mechanism on the AES Key Schedule , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[24]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[25]  Eli Biham,et al.  Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4 , 2005, FSE.

[26]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[27]  Sung-Ming Yen,et al.  Differential Fault Analysis on AES Key Schedule and Some Coutnermeasures , 2003, ACISP.

[28]  Hua Chen,et al.  Differential Fault Analysis on CLEFIA , 2007, ICICS.

[29]  Debdeep Mukhopadhyay,et al.  A Diagonal Fault Attack on the Advanced Encryption Standard , 2009, IACR Cryptol. ePrint Arch..

[30]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[31]  Yong Wang,et al.  An Extension of Differential Fault Analysis on AES , 2009, 2009 Third International Conference on Network and System Security.

[32]  Adi Shamir,et al.  Fault Analysis of Stream Ciphers , 2004, CHES.