Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
DFA Mechanism on the AES Key Schedule
FDTC '07 Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography
A generalized method of differential fault attack against AES cryptosystem
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard
Differential Fault Analysis on DES Middle Rounds
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Differential fault analysis of the advanced encryption standard using a single fault
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
Differential fault analysis of AES-128 key schedule using a single multi-byte fault
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Combined fault and side-channel attack on protected implementations of AES
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Differential fault analysis of AES: Toward reducing number of faults
Information Sciences: an International Journal
Differential fault analysis of ARIA in multi-byte fault models
Journal of Systems and Software
Linear fault analysis of block ciphers
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
Fault analysis study of the block cipher FOX64
Multimedia Tools and Applications
Journal of Systems and Software
A fault-resistant implementation of AES using differential bytes between input and output
The Journal of Supercomputing
Hi-index | 0.00 |
In this paper we show a new differential fault analysis (DFA) on the AES-128 key scheduling process. We can obtain 96 bits of the key with 2 pairs of correct and faulty ciphertexts enabling an easy exhaustive key search of 232keys. Furthermore we can retrieve the entire 128 bits with 4 pairs. To the authors' best knowledge, it is the smallest number of pairs to find the entire AES-128 key with a fault attack on the key scheduling process. Up to now 7 pairs by Takahashi et al. were the best. By corrupting state, not the key schedule, Piret and Quisquater showed 2 pairs are enough to break AES-128 in 2003. The advantage of DFA on the key schedule is that it can defeat some fault-protected AES implementations where the round keys are not rescheduled prior to the check. We implemented our algorithm on a 3.2 GHz Pentium 4 PC. With 4 pairs of correct and faulty ciphertexts, we could find 128 bits less than 2.3 seconds.