Skip to main content
SpringerLink
Log in

Persistent Fault Analysis with Few Encryptions

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12244))

Abstract

Persistent fault analysis (PFA) consists in guessing block cipher secret keys by biasing their substitution box. This paper improves the original attack of Zhang et al. on AES-128 presented at CHES 2018. By a thorough analysis, the exact probability distribution of the ciphertext (under a uniformly distributed plaintext) is derived, and the maximum likelihood key recovery estimator is computed exactly. Its expression is turned into an attack algorithm, which is shown to be twice more efficient in terms of number of required encryptions than the original attack of Zhang et al. This algorithm is also optimized from a computational complexity standpoint. In addition, our optimal attack is naturally amenable to key enumeration, which expedites full 16-bytes key extraction. Various tradeoffs between data and computational complexities are investigated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)

    Article  Google Scholar 

  2. Bhattacharya, S., Mukhopadhyay, D.: Curious case of rowhammer: flipping secret exponent bits using timing analysis. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 602–624. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_29

    Chapter  Google Scholar 

  3. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052259

    Chapter  Google Scholar 

  4. Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_19

    Chapter  Google Scholar 

  5. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_4

    Chapter  Google Scholar 

  6. Caforio, A., Banik, S.: A study of persistent fault analysis. In: Bhasin, S., Mendelson, A., Nandi, M. (eds.) SPACE 2019. LNCS, vol. 11947, pp. 13–33. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35869-3_4

    Chapter  Google Scholar 

  7. Carré, S., Desjardins, M., Facon, A., Guilley, S.: OpenSSL Bellcore’s protection helps fault attack. In: Novotný, M., Konofaos, N., Skavhaug, A. (eds.) 21st Euromicro Conference on Digital System Design, DSD 2018, Prague, Czech Republic, 29–31 August 2018, pp. 500–507. IEEE Computer Society (2018)

    Google Scholar 

  8. Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45203-4_23

    Chapter  Google Scholar 

  9. Gruss, D., Maurice, C., Mangard, S.: Rowhammer.js: a remote software-induced fault attack in JavaScript. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 300–321. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_15

    Chapter  Google Scholar 

  10. Jain, S., Agrawal, V.D.: Statistical fault analysis. IEEE Design Test Comput. 2(1), 38–44 (1985)

    Article  Google Scholar 

  11. Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of dram disturbance errors. SIGARCH Comput. Archit. News 42(3), 361–372 (2014)

    Article  Google Scholar 

  12. Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 320–334. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_22

    Chapter  Google Scholar 

  13. Murdock, K., Oswald, D., Garcia, F.D., Van Bulck, J., Gruss, D., Piessens, F.: Plundervolt: software-based fault injection attacks against Intel SGX. Tracked as CVE-2019-11157 (2020)

    Google Scholar 

  14. Mutlu, O., Kim, J.S.: Rowhammer: a retrospective (2019). arXiv:1904.09724 [cs.CR]

  15. NIST. AES Proposal: Rijndael (now FIPS PUB 197), 9 April 2003. http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf. Accessed 19 Apr 2020

  16. Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and Khazad. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45238-6_7

    Chapter  MATH  Google Scholar 

  17. Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., Bos, H.: Flip Feng Shui: hammering a needle in the software stack. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 1–18. USENIX Association, Austin, August 2016

    Google Scholar 

  18. Rivain, M.: Differential fault analysis on DES middle rounds. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 457–469. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_32

    Chapter  Google Scholar 

  19. Roscian, C., Dutertre, J.M., Tria, A.: Frontside laser fault injection on cryptosystems - application to the AES’ last round. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 119–124, June 2013

    Google Scholar 

  20. Schmidt, J.M., Hutter, M., Plos, T.: Optical fault attacks on AES: a threat in violet. In: 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 13–22, September 2009

    Google Scholar 

  21. Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 224–233. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21040-2_15

    Chapter  Google Scholar 

  22. Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 126–141. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_8

    Chapter  Google Scholar 

  23. Zhang, F., et al.: Persistent fault analysis on block ciphers. IACR Trans. Cryptogr. Hardware Embed. Syst. 2018(3), 150–172 (2018)

    Article  Google Scholar 

  24. Zhang, F., et al.: Persistent fault attack in practice. IACR Trans. Cryptogr. Hardware Embed. Syst. 2020(2), 172–195 (2020)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Secure-IC S.A.S., Think Ahead Business Line, Paris, France

    Sébastien Carré & Sylvain Guilley

  2. LTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France

    Sébastien Carré, Sylvain Guilley & Olivier Rioul

  3. DIENS, École normale supérieure, CNRS, PSL University, Paris, France

    Sylvain Guilley

Authors
  1. Sébastien Carré
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Olivier Rioul
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sylvain Guilley .

Editor information

Editors and Affiliations

  1. RD, Security Pattern SRL, Brescia, Brescia, Italy

    Guido Marco Bertoni

  2. AlaRI, Università della Svizzera italiana, Lugano, Switzerland

    Francesco Regazzoni

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Carré, S., Guilley, S., Rioul, O. (2021). Persistent Fault Analysis with Few Encryptions. In: Bertoni, G.M., Regazzoni, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2020. Lecture Notes in Computer Science(), vol 12244. Springer, Cham. https://doi.org/10.1007/978-3-030-68773-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-68773-1_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-68772-4

  • Online ISBN: 978-3-030-68773-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation