Cryptography Reference
In-Depth Information
Fig. 2.1
A DES obfuscated
by secret layers
P
1
and
P
2
which needs the output of the block cipher, and CFA [178], described in Sect.
2.2.3
,
which needs the control of the DES input, the author devised an ineffective fault
analysis which recovers the secret key and applies to any member of the large class
of unknown (to the attacker) cryptographic functions.
The attack assumes a classical software implementation of DES on an eight-bit
architecture. Also, we assume an attacker is able to precisely control which instruction
is executed when a fault is injected. As for other CFAs/IFAs the fault model assumes
that a fault injected during the execution of an XOR between two eight-bit operands
results in a zero
11
output whatever the input operand values were. Finally, the attacker
is supposed to have control over the input given to the encryption function
E
as well
as knowledge of its output.
12
The attack is somewhat complex and makes use of
pairs
of related ineffective
faults. We now give a sketch of the principle of a basic version of the attack. As we
assume an eight-bit architecture, there are 12 XOR operations per round: eight for the
computation of the inputs of each S-box—denoted by
xor_key
[
j
](
j
8)—
and four others at the end of the round for combining its 32-bit output with the left
part—denoted by
xor_left
[
i
](
i
=
1
,...,
4). The attack intensively uses IFA to
probe the output of these different eight-bit XOR operations that may appear at any
round.
First, suppose that for some arbitrary plaintext
M
, a fault injected during some
xor_left
[
i
] at round
=
1
,...,
turns out to be ineffective (i.e. the ciphertext obtained
with
M
by faulting this XOR is identical to the one obtained with the same input
without fault). This implies that the corresponding output byte is zero. Thus, eight
of the 32 bits at the input of the next round
h
are known to be 0. The subsequent
permutation expands them to 12 bits, which are involved in four adjacent S-Boxes at
round
h
as in Fig.
2.2
. Now, suppose that for another execution with the same plaintext
M
,afaulton
xor_key
[
j
](for
j
(
h
−
1
)
∈{
−
,
}
) at round
h
also turns out to be
ineffective. Then we know that the input
x
j
of this S-box is one of the four preimages
of
S
j
(
2
i
1
2
i
.
13
0
)
As
x
j
is the XOR between a key byte
k
j
and a six-bit value having five
11
Note that the attack works equally well if the faulted XOR output is supposed to be any arbitrary
known constant instead of zero.
12
These assumptions may be relaxed, since an attacker only needs to be able to replay many
different arbitrary inputs, and to detect whether two outputs are equal.
13
As the S-box is a compressive function from six-bit inputs to four-bit outputs, any preimage of
S
j
(
0
)
behaves exactly as the input 0—which has been forced in the faulty execution—and thus
produces the same ciphertext.
