From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks on Key Expansion

Since its announcement, AES has been subject to different DFA attacks. Most of these attacks target the AES with 128-bit key. However, the two other variants are nowadays deployed in various applications and are also submitted to the same attack path. In this paper, we adapt DFA techniques originally used on AES-128 in order to retrieve the whole keys of AES-192 and AES-256. The two main kinds of injection localization have been analyzed: faults during cipher and during Key Expansion computations. Analysis of this last case highlights different fault diffusion problems requiring to be solved to exploit the differential faults. Finally, we propose the first attack on AES-192 and AES-256 on Key Expansion. This attack leads finding the whole initial key with 16 fault injections in both cases.

[1]  Junko Takahashi,et al.  Differential Fault Analysis on AES with 192 and 256-Bit Keys , 2010, IACR Cryptol. ePrint Arch..

[2]  Juanru Li,et al.  A New Differential Fault Attack on SPN Structure, with Application to AES Cipher , 2011, J. Comput..

[3]  Sung-Ming Yen,et al.  Differential Fault Analysis on AES Key Schedule and Some Coutnermeasures , 2003, ACISP.

[4]  Debdeep Mukhopadhyay,et al.  An Improved Fault Based Attack of the Advanced Encryption Standard , 2009, AFRICACRYPT.

[5]  Amir Moradi,et al.  A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.

[6]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[7]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[8]  Junko Takahashi,et al.  DFA Mechanism on the AES Key Schedule , 2007 .

[9]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[10]  Alessandro Barenghi,et al.  Low Voltage Fault Attacks to AES and RSA on General Purpose Processors , 2010, IACR Cryptol. ePrint Arch..

[11]  Chong Hee Kim,et al.  Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults , 2010, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[12]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[13]  Chong Hee Kim,et al.  Differential fault analysis of AES: Toward reducing number of faults , 2012, Inf. Sci..

[14]  Christophe Giraud,et al.  Piret and Quisquater's DFA on AES Revisited , 2010, IACR Cryptol. ePrint Arch..

[15]  Jean-Jacques Quisquater,et al.  New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough , 2008, CARDIS.

[16]  Debdeep Mukhopadhyay,et al.  A Diagonal Fault Attack on the Advanced Encryption Standard , 2009, IACR Cryptol. ePrint Arch..