Differential fault analysis (DFA) aiming at the advanced encryption standard (AES) hardware implementations has become a widely research topic. Unlike theoretical model, in real attack scenarios, popular and practical fault injection methods like supply voltage variation will introduce faults with random locations, unknown values and multibyte. For analyzing this kind of faults, the previous fault model needed six pairs of correct and faulty ciphertexts to recover the secret round-key. In this paper, on the premise of accuracy, a more efficient DFA attack with unknown and random faults is proposed. We introduce the concept of theoretical candidate number in the fault analysis. Based on this concept, the correct round-key can be identified in advance, so the proposed attack method can always use the least pairs of correct and faulty ciphertexts to accomplish the DFA attacks. To further support our opinion, random fault attacks based on voltage violation were taken on an FPGA board. Experiment results showed that about 97.3% of the attacks can be completed within 3 pairs of correct and faulty ciphertexts. Moreover, on average only 2.17 pairs of correct and faulty ciphertexts were needed to find out the correct round-key, showing significant advantage of efficiency compared with previous fault models. On the other hand, less amount of computation in the analyses can be realized with a high probability with our model, which also effectively improves the time efficiency in DFA attacks with unknown and random faults.
在针对AES算法的随机类型故障, 传统的多字节故障模型需要分析6个故障密文才能恢复正确的四字节密钥。为了提高分析效率, 本文提出了一种针对随机类型故障的高效率差分分析算法。在保证分析准确性的前提下, 我们利用理论密钥候选值数量的概念, 设计了一种新的故障分析算法, 该算法能够根据实际的故障注入情况, 用最少的故障密文数提前恢复密钥, 并有效减小计算复杂度。针对AES算法的实际攻击结果表明, 该算法平均只需要分析2.17个故障密文即可恢复密钥, 并且97.3%的故障攻击实例都能在3组故障密文分析内完成攻击, 有效提高了分析效率。
This is a preview of subscription content, log in to check access.
Buy single article
Instant access to the full article PDF.
Price includes VAT for USA
Oswald E, Mangard S, Herbst C, et al. Practical second-order DPA attacks for masked smart card implementations of block ciphers. In: Topics in Cryptology–CT-RSA 2006. Berlin: Springer-Verlag, 2006. 192–207
Tiri K, Verbauwhede I. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of the Conference on Design, Automation and Test in Europe, Washington, 2004. 246–251
Boneh D, DeMillo R A, Lipton R J. On the importance of checking cryptographic protocols for faults. In: Advances in Cryptology-EUROCRYPT’97. Berlin: Springer-Verlag, 1997. 37–51
Biham E, Shamir A. Differential fault analysis of secret key cryptosystems. In: Advances in Cryptology-CRYPTO’97. Berlin: Springer-Verlag, 1997. 513–525
Biehl I, Meyer B, Müller V. Differential fault attacks on elliptic curve cryptosystems. In: Advances in Cryptology- CRYPTO 2000. Berlin: Springer-Verlag, 2000. 131–146
Daemen J, Rijmen V. The Design of Rijndael: AES - The Advanced Encryption Standard. New York: Springer Science & Business Media, 2013
Giraud C. DFA on AES. In: Proceedings of the 4th International Conference on Advanced Encryption Standard. Berlin: Springer-Verlag, 2004. 27–41
Blömer J, Seifert J P. Fault based cryptanalysis of the advanced encryption standard (AES). In: Financial Cryptography. Berlin: Springer-Verlag, 2003. 162–181
Dusart P, Letourneux G, Vivolo O. Differential fault analysis on A.E.S. In: Applied Cryptography and Network Security. Berlin: Springer-Verlag, 2003. 293–306
Piret G, Quisquater J J. A differential fault attack technique against SPN structures, with application to the AES and Khazad. In: Cryptographic Hardware and Embedded Systems-CHES 2003. Berlin: Springer-Verlag, 2003. 77–88
Moradi A, Shalmani M T M, Salmasizadeh M. A generalized method of differential fault attack against AES cryptosystem. In: Cryptographic Hardware and Embedded Systems-CHES 2006. Berlin: Springer-Verlag, 2006. 91–100
Agoyan M, Dutertre J M, Mirbaha A P, et al. Single-bit DFA using multiple-byte laser fault injection. In: Proceedings of IEEE International Conference on Technologies for Homeland Security, Waltham, 2010. 113–119
Selmane N, Guilley S, Danger J L. Practical setup time violation attacks on AES. In: Proceedings of the 7th European Dependable Computing Conference, Kaunas, 2008. 91–96
Barenghi A, Bertoni G, Breveglieri L, et al. Low voltage fault attacks to AES and RSA on general purpose processors. International Association for Cryptologic Research (IACR) ePrint Archive, 2010. 130
This work was supported by National Natural Science Foundation of China (Grant No. 61306040), National Basic Research Program of China (973) (Grant No. 2015CB057201), Natural Science Foundation of Beijing (Grant No. 4152020), Natural Science Foundation of Guangdong Province (Grant No. 2015A030313147), and R&D Project of Guangdong Government (Grant No. 2014B090913001).
About this article
Cite this article
Liao, N., Cui, X., Liao, K. et al. Improving DFA attacks on AES with unknown and random faults. Sci. China Inf. Sci. 60, 042401 (2017). https://doi.org/10.1007/s11432-016-0071-7
- DFA attacks
- unknown and random faults
- theoretical candidate number
- voltage violation