Cryptographic Hardware and Embedded Systems - CHES 2009 pp 457-469

Differential Fault Analysis on DES Middle Rounds

  • Matthieu Rivain
Conference paper

DOI: 10.1007/978-3-642-04138-9_32

Volume 5747 of the book series Lecture Notes in Computer Science (LNCS)


Differential Fault Analysis (DFA) is a powerful cryptanalytic technique that disturbs cryptographic computations and exploits erroneous results to infer secret keys. Over the last decade, many works have described and improved DFA techniques against block ciphers thus showing an inherent need to protect their implementations. A simple and widely used solution is to perform the computation twice and to check that the same result is obtained. Since DFA against block ciphers usually targets the last few rounds, one does not need to protect the whole ciphering thus saving computation time. However the number of rounds to protect must be chosen very carefully in order to prevent security flaws. To determine this number, one must study DFA targeting middle rounds of the cipher. In this paper, we address this issue for the Data Encryption Standard (DES) algorithm. We describe an attack that breaks DES by introducing some faults at the end of round 9, 10, 11 or 12, more or less efficiently depending on the fault model and the round number.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Matthieu Rivain
    • 1
  1. 1.Oberthur Technologies & University of LuxembourgLuxembourg