Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis
IEEE Transactions on Computers
Observability Analysis - Detecting When Improved Cryptosystems Fail
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
How to Protect DES Against Exhaustive Key Search
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Evaluating Differential Fault Analysis of Unknown Cryptosystems
PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
DES and Differential Power Analysis (The "Duplication" Method)
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Fault analysis of DPA-Resistant algorithms
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Power and Fault Analysis Resistance in Hardware through Dynamic Reconfiguration
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Differential Fault Analysis on DES Middle Rounds
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Differential fault analysis of full LBlock
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
| Hi-index | 0.00 |
Contrarily to Kerckhoffs' principle, many applications of today's cryptography still adopt the security by obscurityparadigm. Furthermore, in order to rely on its proven or empirical security, some realizations are based on a given well known and widely used cryptographic algorithm. In particular, a possible design would obfuscate a standard block cipher Eby surrounding it with two secretexternal encodings P1and P2(one-to-one mappings), leading to the proprietary algorithm E茂戮驴 = P2茂戮驴 E茂戮驴 P1.A claimed advantage of this approach is that, since inputs and outputs of the underlying function Eare not known by a potential attacker, such a construction is usually believed to inherently prevent any kind of transient fault analysis that may apply on the core function E. In this paper, we show that this latter argument is not true, by exhibiting a key recovery attack which applies to the whole class of externally encoded DES or Triple-DES. Moreover, our attack remains applicable even in the presence of the classical counter-measure against fault attacks which consists in executing the algorithm twice and returning an output only if both results are identical.