Fault Sensitivity Analysis

  • Yang Li
  • Kazuo Sakiyama
  • Shigeto Gomisawa
  • Toshinori Fukunaga
  • Junko Takahashi
  • Kazuo Ohta
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6225)


This paper proposes a new fault-based attack called the Fault Sensitivity Analysis (FSA) attack, which unlike most existing fault-based analyses including Differential Fault Analysis (DFA) does not use values of faulty ciphertexts. Fault sensitivity means the critical condition when a faulty output begins to exhibit some detectable characteristics, e.g., the clock frequency when fault operation begins to occur. We explain that the fault sensitivity exhibits sensitive-data dependency and can be used to retrieve the secret key. This paper presents two practical FSA attacks against two AES hardware implementations on SASEBO-R, PPRM1-AES and WDDL-AES. Different from previous work, we show that WDDL-AES is not perfectly secure against setup-time violation attacks.

We also discuss a masking technique as a potential countermeasure against the proposed fault-based attack.


Side-channel attacks Fault Sensitivity Analysis AES WDDL 


  1. 1.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
  2. 2.
    Blömer, J., Seifert, J.-P.: Fault Based Cryptanalysis of the Advanced Encryption Standard (AES). In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 162–181. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Boscher, A., Handschuh, H.: Masking Does Not Protect Against Differential Fault Attacks. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC, pp. 35–40. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  4. 4.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential Fault Analysis on A.E.S., Cryptology ePrint Archive, Report2003/010 (2003)Google Scholar
  5. 5.
    Research Center for Information Security (RCIS). Side-channel Attack Standard Evaluation Board (SASEBO),
  6. 6.
    Giraud, C.: DFA on AES, Cryptology ePrint Archive, Report2003/008 (2003)Google Scholar
  7. 7.
    Li, Y., Gomisawa, S., Sakiyama, K., Ohta, K.: An Information Theoretic Perspective on the Differential Fault Analysis against AES, Cryptology ePrint Archive, Report2010/032 (2010)Google Scholar
  8. 8.
    Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A Generalized Method of Differential Fault Attack Against AES Cryptosystem. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 91–100. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Morioka, S., Satoh, A.: An Optimized S-Box Circuit Architecture for Low Power AES Design. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 172–186. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Mukhopadhyay, D.: An Improved Fault Based Attack of the Advanced Encryption Standard. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 421–434. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Guilley, S., Graba, T., Selmane, N., Bhasin, S., Danger, J.-L.: WDDL is Protected Against Setup Time Violation Attacks. In: FDTC, pp. 73–83. IEEE Computer Society, Los Alamitos (2009)Google Scholar
  12. 12.
    Piret, G., Quisquater, J.-J.: A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Saha, D., Mukhopadhyay, D., RoyChowdhury, D.: A Diagonal Fault Attack on the Advanced Encryption Standard, Cryptology ePrint Archive, Report2009/581 (2009)Google Scholar
  14. 14.
    Sakiyama, K., Yagi, T., Ohta, K.: Fault Analysis Attack against an AES Prototype Chip Using RSL. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 429–443. Springer, Heidelberg (2009)Google Scholar
  15. 15.
    Tiri, K., Verbauwhede, I.: A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation. In: DATE, pp. 246–251. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  16. 16.
    Tunstall, M., Mukhopadhyay, D.: Differential Fault Analysis of the Advanced Encryption Standard using a Single Fault, Cryptology ePrint Archive, Report2009/575 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Yang Li
    • 1
  • Kazuo Sakiyama
    • 1
  • Shigeto Gomisawa
    • 1
  • Toshinori Fukunaga
    • 2
  • Junko Takahashi
    • 1
    • 2
  • Kazuo Ohta
    • 1
  1. 1.Department of InformaticsThe University of Electro-CommunicationsTokyoJapan
  2. 2.NTT Information Sharing Platform LaboratoriesNTT CorporationTokyoJapan

Personalised recommendations