Differential Fault Analysis on DES Middle Rounds

Differential Fault Analysis (DFA) is a powerful cryptanalytic technique that disturbs cryptographic computations and exploits erroneous results to infer secret keys. Over the last decade, many works have described and improved DFA techniques against block ciphers thus showing an inherent need to protect their implementations. A simple and widely used solution is to perform the computation twice and to check that the same result is obtained. Since DFA against block ciphers usually targets the last few rounds, one does not need to protect the whole ciphering thus saving computation time. However the number of rounds to protect must be chosen very carefully in order to prevent security flaws. To determine this number, one must study DFA targeting middle rounds of the cipher. In this paper, we address this issue for the Data Encryption Standard (DES) algorithm. We describe an attack that breaks DES by introducing some faults at the end of round 9, 10, 11 or 12, more or less efficiently depending on the fault model and the round number.

[1]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[2]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[3]  Jean-Jacques Quisquater,et al.  New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough , 2008, CARDIS.

[4]  Christophe Clavier,et al.  Fault Analysis Study of IDEA , 2008, CT-RSA.

[5]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[6]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2003 , 2003, Lecture Notes in Computer Science.

[7]  Ludger Hemme,et al.  A Differential Fault Attack Against Early Rounds of (Triple-)DES , 2004, CHES.

[8]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[9]  Sung-Ming Yen,et al.  Amplifying Side-Channel Attacks with Techniques from Block Cipher Cryptanalysis , 2006, CARDIS.

[10]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[11]  Mehdi-laurent Akkar Attaques et méthodes de protections de systèmes cryptographiques embarqués , 2004 .

[12]  Eltayeb Salih Abuelyaman,et al.  Differential Fault Analysis , 2005, International Conference on Internet Computing.

[13]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[14]  Christophe Clavier,et al.  Secret External Encodings Do Not Prevent Transient Fault Analysis , 2007, CHES.

[15]  Moti Yung,et al.  A Comparative Cost/Security Analysis of Fault Attack Countermeasures , 2006, FDTC.

[16]  Bruno Robisson,et al.  Differential Behavioral Analysis , 2007, CHES.

[17]  Israel Koren,et al.  Fault Diagnosis and Tolerance in Cryptography, Third International Workshop, FDTC 2006, Yokohama, Japan, October 10, 2006, Proceedings , 2006, FDTC.

[18]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[19]  Kimihiro Yamakoshi,et al.  DFA Mechanism on the AES Key Schedule , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[20]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[21]  Tal Malkin Topics in Cryptology - CT-RSA 2008, The Cryptographers' Track at the RSA Conference 2008, San Francisco, CA, USA, April 8-11, 2008. Proceedings , 2008, CT-RSA.

[22]  Israel Koren,et al.  Workshop on fault diagnosis and tolerance in cryptography , 2004, International Conference on Dependable Systems and Networks, 2004.

[23]  Johann Großschädl,et al.  Cryptographic Hardware and Embedded Systems --- CHES 2007 , 2007 .

[24]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[25]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[26]  Hua Chen,et al.  Differential Fault Analysis on CLEFIA , 2007, ICICS.

[27]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[28]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[29]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[30]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[31]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[32]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[33]  Sung-Ming Yen,et al.  Differential Fault Analysis on AES Key Schedule and Some Coutnermeasures , 2003, ACISP.

[34]  Helena Handschuh,et al.  Masking Does Not Protect Against Differential Fault Attacks , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[35]  Christophe Giraud Attaques de cryptosystèmes embarqués et contre-mesures associées , 2007 .