Paper 2011/178
Differential Fault Analysis of AES: Toward Reducing Number of Faults
Chong Hee KIM
Abstract
Differential Fault Analysis (DFA) finds the key of a block cipher using differential information between correct and faulty ciphertexts obtained by inducing faults during the computation of ciphertexts. Among many ciphers AES has been the main target of DFA due to its popularity. DFA of AES has also been diversied into several directions: reducing the required number of faults, applying it to multi-byte fault models, extending to AES-192 and AES-256, or exploiting faults induced at an earlier round. This paper deals with the first three directions together, especially giving weight to reducing the required number of faults. Many previous works show that the required numbers of faults are different although the same fault model is used. This comes from lack of a general method of constructing and solving differential fault equations. Therefore we first present how to generate differential fault equations systematically and reduce the number of candidates of the key with them, which leads us to find the minimum number of faults. Then we extend to multi-byte fault models and AES-192/256.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Full version of the paper published at Information Sciences V.199, pp.43-57 (2012)
- Keywords
- CryptanalysisSide channel attacksDifferential fault analysisBlock ciphersAES
- Contact author(s)
- chhkim7 @ gmail com
- History
- 2012-07-11: last of 2 revisions
- 2011-04-08: received
- See all versions
- Short URL
- https://ia.cr/2011/178
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2011/178,
author = {Chong Hee KIM},
title = {Differential Fault Analysis of AES: Toward Reducing Number of Faults},
howpublished = {Cryptology ePrint Archive, Paper 2011/178},
year = {2011},
note = {\url{https://eprint.iacr.org/2011/178}},
url = {https://eprint.iacr.org/2011/178}
}
