Paper 2009/581

A Diagonal Fault Attack on the Advanced Encryption Standard

Dhiman Saha, Debdeep Mukhopadhyay, and Dipanwita RoyChowdhury

Abstract

The present paper develops an attack on the AES algorithm, exploiting multiple byte faults in the state matrix. The work shows that inducing a random fault anywhere in one of the four diagonals of the state matrix at the input of the eighth round of the cipher leads to the deduction of the entire AES key. We also propose a more generalized fault attack which works if the fault induction does not stay confined to one diagonal. To the best of our knowledge, we present for the first time actual chip results for a fault attack on an iterative AES hardware running on a Xilinx FPGA platform. We show that when the fault stays within a diagonal, the AES key can be deduced with a brute force complexity of approximately $2^{32}$, which was successfully performed in about $400$ seconds on an Intel Xeon Server with $8$ cores. We show further that even if the fault induction corrupts two or three diagonals, $2$ and $4$ faulty ciphertexts are necessary to uniquely identify the correct key.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
Fault Based Cryptanalysis
Contact author(s)
debdeep @ cse iitkgp ernet in
debdeep mukhopadhyay @ gmail com
History
2009-12-01: received
Short URL
https://ia.cr/2009/581
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/581,
      author = {Dhiman Saha and Debdeep Mukhopadhyay and Dipanwita RoyChowdhury},
      title = {A Diagonal Fault Attack on the Advanced Encryption Standard},
      howpublished = {Cryptology ePrint Archive, Paper 2009/581},
      year = {2009},
      note = {\url{https://eprint.iacr.org/2009/581}},
      url = {https://eprint.iacr.org/2009/581}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.