CryptoDB
Fault based cryptanalysis of the Advanced Encryption Standard
Authors: | |
---|---|
Download: | |
Abstract: | In this paper we describe several fault attacks on the Advanced Encryption Standard (AES). First, using optical fault induction attacks as recently publicly presented by Skorobogatov and Anderson \cite{SA}, we present an implementation independent fault attack on AES. This attack is able to determine the complete $128$-bit secret key of a sealed tamper-proof smartcard by generating $128$ faulty cipher texts. Second, we present several implementation-dependent fault attacks on AES. These attacks rely on the observation that due to the AES's known timing analysis vulnerability (as pointed out by Koeune and Quisquater \cite{KQ}), any implementation of the AES must ensure a data independent timing behavior for the so called AES's {\tt xtime} operation. We present fault attacks on AES based on various timing analysis resistant implementations of the {\tt xtime}-operation. Our strongest attack in this direction uses a very liberal fault model and requires only $256$ faulty encryptions to determine a $128$-bit key. |
BibTeX
@misc{eprint-2002-11599, title={Fault based cryptanalysis of the Advanced Encryption Standard}, booktitle={IACR Eprint archive}, keywords={secret-key cryptography / AES, Cryptanalysis, Fault attacks, Side-channel attacks, Smartcards.}, url={http://eprint.iacr.org/2002/075}, note={ Jean-Pierre.Seifert@infineon.com 11853 received 15 Jun 2002}, author={Johannes Blömer and J.-P.\ Seifert}, year=2002 }