Differential Fault Analysis on DES Middle Rounds

  • Matthieu Rivain
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5747)


Differential Fault Analysis (DFA) is a powerful cryptanalytic technique that disturbs cryptographic computations and exploits erroneous results to infer secret keys. Over the last decade, many works have described and improved DFA techniques against block ciphers thus showing an inherent need to protect their implementations. A simple and widely used solution is to perform the computation twice and to check that the same result is obtained. Since DFA against block ciphers usually targets the last few rounds, one does not need to protect the whole ciphering thus saving computation time. However the number of rounds to protect must be chosen very carefully in order to prevent security flaws. To determine this number, one must study DFA targeting middle rounds of the cipher. In this paper, we address this issue for the Data Encryption Standard (DES) algorithm. We describe an attack that breaks DES by introducing some faults at the end of round 9, 10, 11 or 12, more or less efficiently depending on the fault model and the round number.


Error Model Fault Model Block Cipher Fault Injection Fault Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Akkar, M.-L.: Attaques et méthodes de protections de systèmes cryptographiques embarqués. PhD thesis, Université de Versailles Saint-Quentin (October 1, 2004)Google Scholar
  2. 2.
    Akkar, M.-L., Giraud, C.: An Implementation of DES and AES, Secure against Some Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystem. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  4. 4.
    Blömer, J., Seifert, J.-P.: Fault Based Cryptanalysis of the Advanced Encryption Standard. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 162–181. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Boscher, A., Handschuh, H.: Masking Does Not Protect Against Differential Fault AttacksGoogle Scholar
  6. 6.
    Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.-P. (eds.): Fault Diagnosis and Tolerance in Cryptography FDTC 2008. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
  7. 7.
    Chen, C.-N., Yen, S.-M.: Differential Fault Analysis on AES Key Schedule and Some Countermeasures. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 118–129. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Chen, H., Wu, W., Feng, D.: Differential Fault Analysis on CLEFIA. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 284–295. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Clavier, C.: Secret External Encodings Do Not Prevent Transient Fault AnalysisGoogle Scholar
  10. 10.
    Clavier, C., Gierlichs, B., Verbauwhede, I.: Fault Analysis Study of IDEA. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 274–287. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential Fault Analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    FIPS PUB 46-3. Data Encryption Standard (DES). National Institute of Standards and Technology, October 25 (1999)Google Scholar
  13. 13.
    Giraud, C.: DFA on AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 27–41. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Giraud, C.: Attaques de cryptosystémes embarqués et contre-mesures associées. Thése de doctorat, Université de Versailles, Oberthur Card Systems (October 2007)Google Scholar
  15. 15.
    Goubin, L., Patarin, J.: DES and Differential Power Analysis – The Duplication Method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Hemme, L.: A Differential Fault Attack against Early Rounds of (Triple-)DES. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 254–267. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Kim, C.H., Quisquater, J.-J.: New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 48–60. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  19. 19.
    Malkin, T., Standaert, F.-X., Yung, M.: A Comparative Cost/Security Analysis of Fault Attack Countermeasures. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 159–172. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Paillier, P., Verbauwhede, I. (eds.): CHES 2007. LNCS, vol. 4727. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  21. 21.
    Phan, R., Yen, S.-M.: Amplifying Side-Channel Attacks with Techniques from Block Cipher Cryptanalysis. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 135–150. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Piret, G., Quisquater, J.-J.: A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Robisson, B., Manet, P.: Differential Behavioral AnalysisGoogle Scholar
  24. 24.
    Takahashi, J., Fukunaga, T.: Improved Differential Fault Analysis on CLEFIAGoogle Scholar
  25. 25.
    Takahashi, J., Fukunaga, T., Yamakoshi, K.: DFA Mechanism on the AES Key Schedule. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.-P. (eds.) Fault Diagnosis and Tolerance in Cryptography – FDTC 2007, pp. 62–74. IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  26. 26.
    Yen, S.-M., Joye, M.: Checking Before Output Not Be Enough Against Fault-Based Cryptanalysis. IEEE Transactions on Computers 49(9), 967–970 (2000)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Matthieu Rivain
    • 1
  1. 1.Oberthur Technologies & University of LuxembourgLuxembourg

Personalised recommendations