Cryptography Reference
In-Depth Information
Table 6.1
Comparison of area, delay and power between truth-table implementation and
mathematical implementation (ASIC)
Truth table
Mathematical
m
2
]
Area [
µ
1993
1122
Delay of critical path [ns]
1.25 (14 logic levels)
2.45 (25 logic levels)
Average Dynamic Power [mW]
0.136
0.907
6.3 Fault Attacks
As mentioned in the introduction, faults can be intentionally injected into the circuit
in order to retrieve the secret key [55]. Given certain errors resulting from a fault, an
attacker can deduce the key by comparing the result of a normal encryption with the
faulty one.
Faults can be injected into the circuit by different means, such as temperature
variation, clock frequency modification, glitches in power supply, and exposure to
radiation or light [227]. The main advantage of laser-based fault injection is the
localization of the fault in the timing and the spatial domains. Nevertheless, whatever
the means used to inject the fault, the induced errors must satisfy certain conditions in
order to be successfully exploited. This section briefly reviews some of the published
fault attacks on AES and analyzes their conditions on the injected errors. All the
reported attacks have it in common to assume that the error affects the state matrix
at a given instant and presents a particular characteristic in terms of the number and
the locations of erroneous bits.
One of the first cryptanalysis methods using faults on AES was published in [227].
The considered error is a single faulty bit in any of the 128 State bits at the input of the
SubBytes operation during execution of the last encryption round (tenth round). This
error of multiplicity 1 (only one bit is affected) is equivalent to an error of multiplicity
1 appearing on the round key or at the input of the previous AddRoundKey operation.
This error spreads, affects the output of the SubBytes operation and, since the last
round does not include the MixColumns operation, affects one (and only one) byte
of the final output array.
In [55] the authors proposed attacks based on the “safe-error” principle, i.e. “the
error affects the result or not”. The considered fault is a stuck-at-0 affecting one bit
of the key. If the result is faulty, it can be deduced that the actual value of the key
bit is 1. In [51] the authors report another attack based on the injection of an error
of multiplicity 1 which exploits collision effects, i.e. the fact that two messages (one
without, the other with an error) give the same result.
Giraud also proposes a more complex attack with the advantage of considering a
less restrictive error model than errors on a single bit [160]. Here, errors of multiplicity
x
(
x
1) affecting one byte are taken into account. Some other attacks relying on
several fault injections on bytes are reported in [84, 127, 324].
≥
