Abstract
This paper describes a DFA attack on the AES key schedule. This fault model assumes that the attacker can induce a single byte fault on the round key. It efficiently finds the key of AES-128 with feasible computation and less than thirty pairs of correct and faulty ciphertexts. Several countermeasures are also proposed. This weakness can be resolved without modifying the structure of the AES algorithm and without decreasing the efficiency.
Supported in part by the National Science Council of the Republic of China under contract NSC 91-2213-E-008-032.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D. Boneh, R.A. DeMillo, and R.J. Lipton, “On the importance of checking cryptographic protocols for faults,” In Advances in Cryptology — EUROCRYPT’ 97, LNCS 1233, pp. 37–51, Springer-Verlag, 1997.
P. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,” In Advances in Cryptology — CRYPTO’ 96, LNCS 1109, pp. 104–113, Springer-Verlag, 1996.
P. Kocher, J. Jaffe and B. Jun, “Introduction to differential power analysis and related attacks,” 1998, available at http://www.cryptography.com/dpa/technical
P. Kocher, J. Jaffe and B. Jun, “Differential power analysis,” In Advances in Cryptology — CRYPTO’99, LNCS 1666, pp. 388–397, Springer-Verlag, 1999.
E. Biham and A. Shamir, “Differential fault analysis of secret key cryptosystems,” In Advances in Cryptology — CRYPTO’ 97, LNCS 1294, pp. 513–525, Springer-Verlag, 1997.
S.M. Yen and J.Z. Chen, “A DFA on Rijndael,” In Information Security Conference 2002, Taiwan, May 2002.
X. Lai, On the Design and security of Block Ciphers, Ph.D. thesis, Swiss Federal Institue of Technology, Zurich, 1992.
P. Dusart, G. Letourneux and O. Vivolo, “Differential Fault Analysis on A.E.S.,” Cryptology ePrint Archive of IACR, No. 010, 2003, available at http://www.eprint.iacr.org/2003/010
C. Giraud, “DFA on AES,” Cryptology ePrint Archive of IACR, No. 008, 2003, available at http://www.eprint.iacr.org/2003/008
J. Daemen and V. Rijmen, “AES Proposal: Rijndael,” AES submission, 1998, available at http://www.csrc.nist.gov/encryption/aes/aes home.htm
NIST, “Federal Information Processing Standards Publication 197 — Announcing the ADVANCED ENCRYPTION STANDARD (AES),” 2001, available at http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf
S. Mangard, “A simple power-analysis (SPA) attack on implementations of the AES key expansion,” In Information Security and Cryptology — ICISC 2002, LNCS 2587, pp. 343–358, Springer-Verlag, 2003.
J. Daemen and V. Rijmen, The Design of Rijndael, AES — The Advanced Encryption Standard, Springer-Verlag, Berlin, 2002.
S.M. Yen, “Amplified differential power cryptanalysis of some enhanced Rijndael implementations,” In the Eighth Australasian Conference on Information Security and Privacy — ACISP 2003, 2003.
J.B. Fraleigh, A First Course in Abstract Algebra, / 5th Edition, Addison-Wesley Publishing Company, 1994. (Corollary 2 of Section 5.6, p.322)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, CN., Yen, SM. (2003). Differential Fault Analysis on AES Key Schedule and Some Countermeasures. In: Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 2003. Lecture Notes in Computer Science, vol 2727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45067-X_11
Download citation
DOI: https://doi.org/10.1007/3-540-45067-X_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40515-3
Online ISBN: 978-3-540-45067-2
eBook Packages: Springer Book Archive