Case study of a fault attack on asynchronous DES crypto-processors

Authors:
Yannick Monnet;Marc Renaudin;Régis Leveugle;Christophe Clavier;Pascal Moitrel
Affiliations:
TIMA Laboratory, Grenoble, France;TIMA Laboratory, Grenoble, France;TIMA Laboratory, Grenoble, France;Gemalto La Vigie, La Ciotat, France;Gemalto La Vigie, La Ciotat, France
Venue:
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Year:
2006

Citing 6
Cited 2

Asynchronous circuits and systems: a promising design alternative

Proceedings of MIGAS fourth session on Microelectronics for telecommunications : managing high complexity and mobility: managing high complexity and mobility
Differential-Linear Cryptanalysis

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Low Cost Attacks on Tamper Resistant Devices

Proceedings of the 5th International Workshop on Security Protocols
Fault Detection and Isolation Techniques for Quasi Delay-Insensitive Circuits

DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Hardening Techniques against Transient Faults for Asynchronous Circuits

IOLTS '05 Proceedings of the 11th IEEE International On-Line Testing Symposium
Practical Evaluation of Fault Countermeasures on an Asynchronous DES Crypto Processor

IOLTS '06 Proceedings of the 12th IEEE International Symposium on On-Line Testing

Differential Behavioral Analysis

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Secure multipliers resilient to strong fault-injection attacks using multilinear arithmetic codes

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a practical fault attack on two asynchronous DES crypto-processors, a reference version and a hardened version, using round reduction. Because of their specific architecture, asynchronous circuits have a very specific behavior in the presence of faults. Previous works show that they are an interesting alternative to design robust systems. However, this paper demonstrates that there are weaknesses left, and that we are able both to identify and exploit them. The effect of the fault is to reduce the number of rounds by corrupting the multi-rail round counter protected by alarm cells. The fault injection mean is a laser. A description of the fault injection process is presented, followed by how the results can be used to retrieve the key. Weaknesses are theoretically identified and analyzed. Finally, possible counter-measures are described.