Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis
IEEE Transactions on Computers
Observability Analysis - Detecting When Improved Cryptosystems Fail
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Differential Cryptanalysis of DES-like Cryptosystems
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Fault analysis of DPA-Resistant algorithms
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Differential Fault Analysis on DES Middle Rounds
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Differential fault analysis on Camellia
Journal of Systems and Software
Differential fault analysis of AES: Toward reducing number of faults
Information Sciences: an International Journal
Differential fault analysis of ARIA in multi-byte fault models
Journal of Systems and Software
Linear fault analysis of block ciphers
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Fault detection of the macguffin cipher against differential fault attack
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Fault analysis study of the block cipher FOX64
Multimedia Tools and Applications
Hi-index | 0.00 |
We present a study of several fault attacks against the block cipher IDEA. Such a study is particularly interesting because of the target cipher's specific property to employ operations on three different algebraic groups while not using substitution tables. We observe that the attacks perform very different in terms of efficiency. Although requiring a restrictive fault model, the first attack can not reveal a sufficient amount of key material to pose a real threat, while the second attack requires a large number of faults in the same model to achieve this goal. In the general random fault model, i.e. we assume that the fault has a random and a priori unknown effect on the target value, the third attack, which is the first Differential Fault Analysis of IDEA to the best of our knowledge, recovers 93 out of 128 key bits exploiting about only 10 faults. For this particular attack, we can also relax the assumption of cycle accurate fault injection to a certain extend.