The Design of Rijndael
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Low Cost Attacks on Tamper Resistant Devices
Proceedings of the 5th International Workshop on Security Protocols
DFA Mechanism on the AES Key Schedule
FDTC '07 Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography
Two New Techniques of Side-Channel Cryptanalysis
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
High-Performance Concurrent Error Detection Scheme for AES Hardware
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
A Lightweight Concurrent Fault Detection Scheme for the AES S-Boxes Using Normal Basis
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
An Improved Fault Based Attack of the Advanced Encryption Standard
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Differential Fault Analysis on DES Middle Rounds
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Differential fault analysis on AES key schedule and some countermeasures
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Improved side-channel collision attacks on AES
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults
FDTC '10 Proceedings of the 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography
Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis
FDTC '10 Proceedings of the 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography
Automatic search of attacks on round-reduced AES and applications
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Amplifying side-channel attacks with techniques from block cipher cryptanalysis
CARDIS'06 Proceedings of the 7th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Impossible fault analysis of RC4 and differential fault analysis of RC4
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
A generalized method of differential fault attack against AES cryptosystem
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard
Differential fault analysis of full LBlock
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
Linear fault analysis of block ciphers
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
Hi-index | 0.00 |
Since the early work of Piret and Quisquater on fault attacks against AES at CHES 2003, many works have been devoted to reduce the number of faults and to improve the time complexity of this attack. This attack is very efficient as a single fault is injected on the third round before the end, and then it allows to recover the whole secret key in 232 in time and memory. However, since this attack, it is an open problem to know if provoking a fault at a former round of the cipher allows to recover the key. Indeed, since two rounds of AES achieve a full diffusion and adding protections against fault attack decreases the performance, some countermeasures propose to protect only the three first and last rounds. In this paper, we give an answer to this problem by showing two practical cryptographic attacks on one round earlier of AES-128 and for all keysize variants. The first attack requires 10 faults and its complexity is around 240 in time and memory, an improvement allows only 5 faults and its complexity in memory is reduced to 2224 while the second one requires either 1000 or 45 faults depending on fault model and recovers the secret key in around 2240 in time and memory.