Coupon Collector’s Problem for Fault Analysis against AES — High Tolerance for Noisy Fault Injections
In this paper, we propose a new technique for Square Differential Fault Analysis (DFA) against AES that can recover a secret key even with a large number of noisy fault injections, while the previous approaches of the Square DFA cannot work with noise. This makes the attack more realistic because assuming the 100% accuracy of obtaining intended fault injections is usually impossible. Our success lies in the discovery of a new mechanism of identifying the right key guess by exploiting the coupon collector’s problem and its variant. Our attack parameterizes the number of noisy fault injections. If the number of noisy faults is set to 0, the analysis becomes exactly the same as the previous Square DFAs. Then, our attack can work even with a large number of noisy faults. Thus our work can be viewed as a generalization of the previous Square DFAs with respect to the number of tolerable noisy fault injections.
KeywordsAES Fault analysis DFA Noisy fault model SQUARE DFA Coupon collector’s problem
Unable to display preview. Download preview PDF.
- 1.Fischer, W.: Aspects of the development of secure and fault-resistant hardware. In: FDTC, pp. 18–22 (2008)Google Scholar
- 2.Guilley, S., Sauvage, L., Danger, J.L., Selmane, N.: Fault injection resilience. In: FDTC, pp. 51–65 (2010)Google Scholar
- 9.Daemen, J., Rijmen, V.: AES Proposal: Rijndael (1998)Google Scholar
- 12.Kim, C.H.: Efficient methods for exploiting faults induced at AES middle rounds. Cryptology ePrint Archive, Report 2011/349 (2011)Google Scholar