Cryptography Reference
In-Depth Information
as the differential that may have been produced by a fault. Assuming an attacker can
modify the output
Y
k
of the
k
th round to
Y
k
⊕
ε
where
ε
belongs to a prescribed
set defined by the fault model,
7
a pool of characteristics is created which includes,
for each possible
, the most probable characteristic ending after
k
rounds with a
null differential on the left side and a differential equal to
ε
ε
on the right side. After
obtaining a faulty ciphertext, and for each
ε
, the attacker tries to exhibit a normal
execution which follows the
k
-round
(
0
,ε)
-characteristic belonging to the pool. Pro-
vided that
ε
is the actual differential effect of the fault, a normal execution following
the
th round with the same inter-
mediate data as the faulty one, and results in a colliding ciphertext. Each obtained
collision gives some information about the first round key
K
1
. This information is
gathered by counting how many times each key candidate is suggested by a colliding
pair. An improved version of the attack which makes use of an extended pool of
characteristics can retrieve the whole
K
1
with about 400, 1
(
0
,ε)
-characteristic on
k
rounds starts the
(
k
+
1
)
10
4
and 5
10
6
faulty
×
×
executions
8
when
k
is respectively equal to 2, 3 and 4.
One benefit of this attack is the possibility to attack the DES by fault analysis
even when the implementation is protected against classical DFA by recomputing
the last few rounds of a block cipher with a verification of the result. Note that this is
an advantage only when the attacker does not have access to a decryption function
that uses the same key. In the case where the attacker can both encrypt and decrypt
any data of his choice, the redundancy of the last few rounds only is not sufficient
to prevent DFA. Indeed, an attacker could then decrypt any input
C
while inducing
a fault at the beginning of the algorithm (preferably during the second round) and
obtain the faulty output
M
. Then he can encrypt
M
without fault and get
C
. With
respect to
M
,
C
is a genuine ciphertext, while
C
is a faulty one analogous to what
would have resulted from a classical DFA on the penultimate round.
2.2.4 Defeating a DPA-Resistant AES by Collision
Fault Analysis
Amiel et al. presented several fault attacks which apply to DPA-resistant implemen-
tations of AES and DES [12]. In this section, we describe two of these that are
collision fault analyses applied to AES.
7
The author chose the set of 32 one-bit errors at the end of the round function. While this choice is
naturally suited for a bit-oriented fault model, the author noticed that it also happens to be the best
one for the less restrictive byte-oriented random error fault model.
8
The attack also necessitates 4
×
10
4
,1
.
11
×
10
6
and 8
.
10
×
10
8
normal executions respectively.
