Journal of Cryptographic Engineering

, Volume 3, Issue 2, pp 73–97 | Cite as

Differential fault analysis of AES: towards reaching its limits

  • Sk Subidh AliEmail author
  • Debdeep Mukhopadhyay
  • Michael Tunstall
Regular Paper


In this paper, we present a theoretical analysis of the limits of the differential fault analysis (DFA) of AES by developing an inter-relationship between conventional cryptanalysis of AES and DFAs. We show that the existing attacks have not reached these limits and present techniques to reach these. More specifically, we propose optimal DFA on states of AES-128 and AES-256. We also propose attacks on the key schedule of the three versions of AES, and demonstrate that these are some of the most efficient attacks on AES to date. Our attack on AES-128 key schedule is optimal, and the attacks on AES-192 and AES-256 key schedule are very close to optimal. Detailed experimental results have been provided for the developed attacks. The work has been compared to other works and also the optimal limits of DFA of AES.


AES AES key schedule  Differential fault analysis  Fault model 



The work described in this paper has been supported in part by the European Commission through the ICT Programme under Contract ICT-2007-216676 ECRYPT II and the EPSRC via grant EP/I005226/1.


  1. 1.
    Ali, S., Mukhopadhyay, D., Tunstall, M.: Differential Fault Analysis of AES using a Single Multiple-Byte Fault. Cryptology ePrint Archive, Report 2010/636 (2010).
  2. 2.
    Barenghi, A., Bertoni, G., Breveglieri, L., Pellicioli, M., Pelosi, G.: Low Voltage Fault Attacks to AES and RSA on General Purpose Processors. Cryptology ePrint Archive, Report 2010/130 (2010).
  3. 3.
    Biham, E.: New types of cryptanalytic attacks using related keys. In: Helleseth, T. (ed.) EUROCRYPT ’93. LNCS, vol. 765, pp. 398–409. Springer, Berlin (1993)Google Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski, B.S. (ed.) Advances in Cryptology—CRYPTO ’97. LNCS, vol. 1294, pp. 513–525. Springer, Berlin (1997)Google Scholar
  5. 5.
    Blömer, J., Seifert, J.P.: Fault Based Cryptanalysis of the Advanced Encryption Standard (AES). In: Wright, R.N. (ed.) Financial Cryptography. Lecture Notes in Computer Science, vol. 2742, pp. 162–181. Springer, Berlin (2003)Google Scholar
  6. 6.
    Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique Cryptanalysis of the Full AES. Cryptology ePrint Archive, Report 2011/449 (2011).
  7. 7.
    Boneh, D., DeMillo, R., Lipton, R.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) Advances in Cryptology—EUROCRYPT ’97. LNCS, vol. 1233, pp. 37–51. Springer, Berlin (1997)Google Scholar
  8. 8.
    Chen, C.N., Yen, S.M.: Differential fault analysis on AES key schedule and some countermeasures. In: Goos, G., Hartmanis, J., van Leeuwen, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 118–129. Springer, Berlin (2003)Google Scholar
  9. 9.
    Giraud, C.: DFA on AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES Conference. Lecture Notes in Computer Science, vol. 3373, pp. 27–41. Springer, Berlin (2004)Google Scholar
  10. 10.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential Fault Analysis on AES. Cryptology ePrint Archive, Report 2003/010 (2003).
  11. 11.
    FIPS PUB 197: Advanced encryption standard (AES). Federal Information Processing Standards Publication 197, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA (2001)Google Scholar
  12. 12.
    Floissac, N., L’Hyver, Y.: From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks. Cryptology ePrint Archive, Report 2010/396 (2010).
  13. 13.
    Fukunaga, T., Takahashi, J.: Practical fault attack on a cryptographic LSI with ISO/IEC 18033-3 block ciphers. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC, pp. 84–92. IEEE Computer Society (2009) Google Scholar
  14. 14.
    Giraud, C., Thillard, A.: Piret and Quisquater’s DFA on AES Revisited. Cryptology ePrint Archive, Report 2010/440 (2010).
  15. 15.
    Kim, C.: Improved differential fault analysis on AES key schedule. IEEE Trans. Inf. Forensics Secur. (99), 1 (2011). doi: 10.1109/TIFS.2011.2161289
  16. 16.
    Kim, C.H.: Differential fault analysis against AES-192 and AES-256 with minimal faults. In: Breveglieri, L., Joye, M., Koren, I., Naccache, D., Verbauwhede, I. (eds.) Fault Diagnosis and Tolerance in Cryptography—FDTC 2010, pp. 3–9. IEEE Computer Society (2010)Google Scholar
  17. 17.
    Kim, C.H., Quisquater, J.J.: New differential fault analysis on AES key schedule: two faults are enough. In: Grimaud, G., Standaert, F.X. (eds.) CARDIS. LNCS, vol. 5189, pp. 48–60. Springer, Berlin (2008)Google Scholar
  18. 18.
    Li, W., Gu, D., Wang, Y., Li, J., Liu, Z.: An extension of differential fault analysis on AES. In: Third International Conference on Network and System Security, pp. 443–446. NSS (2009)Google Scholar
  19. 19.
    Li, Y., Gomisawa, S., Sakiyama, K., Ohta, K.: An Information Theoretic Perspective on the Differential Fault Analysis against AES. Cryptology ePrint Archive, Report 2010/032 (2010).
  20. 20.
    Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A generalized method of differential fault attack against AES cryptosystem. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 91–100. Springer, Berlin (2006)Google Scholar
  21. 21.
    Nyberg, K.: Differentially uniform mappings for cryptography. In: EUROCRYPT, pp. 55–64 (1993)Google Scholar
  22. 22.
    Peacham, D., Thomas, B.: A DFA attack against the AES key schedule. SiVenture White Paper 001, 26 October 2006Google Scholar
  23. 23.
    Piret, G., Quisquater, J.J.: A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES. Lecture Notes in Computer Science, vol. 2779, pp. 77–88. Springer, Berlin (2003)Google Scholar
  24. 24.
    Saha, D., Mukhopadhyay, D., RoyChowdhury, D.: A Diagonal Fault Attack on the Advanced Encryption Standard. Cryptology ePrint Archive, Report 2009/581 (2009).
  25. 25.
    Selmane, N., Guilley, S., Danger, J.L.: Practical setup time violation attacks on AES. In: EDCC, pp. 91–96 (2008)Google Scholar
  26. 26.
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES. Lecture Notes in Computer Science, vol. 2523, pp. 2–12. Springer, Berlin (2002)Google Scholar
  27. 27.
    Takahashi, J., Fukunaga, T.: Differential fault analysis on AES with 192 and 256-bit keys. Cryptology ePrint Archive, Report 2010/023 (2010).
  28. 28.
    Takahashi, J., Fukunaga, T., Yamakoshi, K.: DFA mechanism on the AES key schedule. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC, pp. 62–74. IEEE Computer Society (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Sk Subidh Ali
    • 1
    Email author
  • Debdeep Mukhopadhyay
    • 1
  • Michael Tunstall
    • 2
  1. 1.Department of Computer Science and EngineeringIndian Institute of TechnologyKharagpurIndia
  2. 2.Department of Computer ScienceUniversity of BristolBristolUK

Personalised recommendations