Cryptography Reference
In-Depth Information
Algorithm 2.1:
Key masking
Input
:
K
NVM
=
(
k
0
⊕
r
0
,...,
k
15
⊕
r
15
)
r
=
(
r
0
,
r
1
,...,
r
15
)
,
R
K
RAM
Output
:
=
(
k
0
⊕
R
,...,
k
15
⊕
R
)
1
for
i
←
0
to
15
do
2
K
RAM
,
i
←
K
NVM
,
i
⊕
R
K
RAM
,
i
←
K
RAM
,
i
⊕
r
i
3
end
4
return
K
RAM
K
RAM
=
(
k
0
⊕
,...,
k
15
⊕
).
R
R
The mask conversion performed during the transfer follows Algorithm 2.1 with
the difference that key bytes are actually processed in a random order. By fault-
ing the loop so that only the first iteration has executed, the uninitialized memory
space storing
K
RAM
physically contains 15 bytes equal to zero and another one
at a random index
i
equal to
k
i
⊕
R
. This corresponds to a logical value of the
form
(
R
,...,
R
,
k
i
,
R
,...,
R
)
, which is the actual key used in the faulty encryption
of
M
0
.
The attack consists in precomputing a dictionary of about 2
20
ciphertexts produced
by the encryption of the reference plaintext
M
0
under all keys of the previous form
where
i
,
k
i
and
R
take all possible values. A search of the faulty ciphertext in the
dictionary immediately reveals
k
i
. Each new faulty execution gives the opportunity
to learn the value of a key byte at a different index. An average of only 54 faults
allows all 16 key bytes to be determined. Note that the dictionary does not depend
on the actual value of the attacked key.
2.2.5 Ineffective Fault Analysis on Externally Encoded DES
Contrarily to Kerckhoffs' principle, many applications of modern cryptography still
adopt the
security by obscurity
paradigm. A particular way of designing a proprietary
algorithm consists in surrounding a well-known and widely used block cipher
E
with
two secret external encoding permutations
P
1
and
P
2
(one-to-one mappings over the
input and output spaces respectively), leading to the new, secret, obfuscated block
cipher
E
=
P
2
◦
E
◦
P
1
. By basing the construction on a well-known block cipher
E
we allow the design to inherit proven or empirical cryptographic strength. Also,
the two secret encodings
P
1
and
P
2
ensure that inputs to and outputs from
E
cannot
be known by an attacker, so physical attacks requiring this knowledge should not be
feasible.
A particular case studied by Clavier [93] depicted in Fig.
2.1
considers
E
instanti-
ated as the DES function. Despite the impossibility of applying classical DFA [49],
