Abstract
In this paper we describe a differential fault attack technique working against Substitution-Permutation Networks, and requiring very few faulty ciphertexts. The fault model used is realistic, as we consider random faults affecting bytes (faults affecting one only bit are much harder to induce). We implemented our attack on a PC for both the AES and Khazad. We are able to break the AES-128 with only 2 faulty ciphertexts, assuming the fault occurs between the antepenultimate and the penultimate MixColumn; this is better than the previous fault attacks against AES [6][10][11]. Under similar hypothesis, Khazad is breakable with 3 faulty ciphertexts.
Chapter PDF
Similar content being viewed by others
References
Anderson, R., Kuhn, M.: Tamper resistance – a cautionary note. In: Proc. of the second USENIX workshop on electronic commerce, Oakland, California, November 18-21, pp. 1–11 (1996)
Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)
Barreto, P.S.L.M., Rijmen, V.: The Khazad Legacy-Level Block Cipher, Available at http://www.cryptonessie.org
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology 4(1), 3–72 (1991)
Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)
Blömer, J., Seifert, J.-P.: Fault based cryptanalysis of the Advanced Encryption Standard. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 162–181. Springer, Heidelberg (2003) (to appear), Also available at http://eprint.iacr.org/ , 2002/075
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract). In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Eliminating Errors in Cryptographic Computations. Journal of Cryptology 14(2), 101–120 (2001)
Daemen, J., Rijmen, V.: AES proposal: Rijndael. In: Proc. first AES conference (August 1998), Available on-line from the official AES page http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf
Dusart, P., Letourneux, G., Vivolo, O.: Differential Fault Analysis on A.E.S., Available at http://eprint.iacr.org/ , 2003/010
Giraud, C.: DFA on AES, Available at http://eprint.iacr.org/ , 2003/008
Koeune, F., Quisquater, J.-J.: A timing attack against Rijndael. Technical report (1999), available at http://www.dice.ucl.ac.be/crypto/techreports.html
Skorobogatov, S., Anderson, R.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Piret, G., Quisquater, JJ. (2003). A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad . In: Walter, C.D., Koç, Ç.K., Paar, C. (eds) Cryptographic Hardware and Embedded Systems - CHES 2003. CHES 2003. Lecture Notes in Computer Science, vol 2779. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45238-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-45238-6_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40833-8
Online ISBN: 978-3-540-45238-6
eBook Packages: Springer Book Archive