Cryptography Reference
In-Depth Information
have been selected, (
3.3
) is involved to distinguish
K
16
. As in the previous attack, this is done for each S-box independently. From (
3.3
),
we have
Once a few candidates for
ε
L
16
)
⊕
P
−
1
i
(Δ
R
16
⊕
ε)
=
S
i
(
E
i
(
L
16
)
⊕
K
16
,
i
)
⊕
S
i
(
E
i
(
K
16
,
i
).
(3.5)
6
for
K
16
,
i
which do not satisfy (
3.5
) for any of the
This time, only the values in
{
0
,
1
}
(28 over 32) we have
P
−
1
i
selected
ε
are discarded. Since for most
ε
(Δ
R
16
⊕
ε)
=
P
−
1
i
, the discrimination of
K
16
,
i
is only slightly less efficient than in the
previous attack. On the other hand, more S-boxes are active in the 16th round (since
Δ
(Δ
R
16
)
=
Δ
f
15
often has a Hamming weight greater than 1), which speeds up the
overall discrimination of
K
16
.
In contrast to the attack on the 16th round, this one does not work for every
L
16
.
Indeed, the assumption that a single bit is flipped (or only a few bits are flipped) is
necessary for the attacker to be able to isolate
ε
from among a small set of candidates
and hence to obtain an efficient discrimination from (
3.5
).
ε
3.3.3 Attack Results
The attack described in [49] assumes that one bit of the right half of the DES internal
state is flipped at a random position during some random round. The attack first
identifies whether the fault occurs in one of the last rounds by checking
Δ
L
16
.For
instance, if
L
16
has a single bit set to 1, then it is likely that the fault occurred in
the 16th round (since in that case
Δ
L
16
that equal
1 only output from one or two S-boxes, then it is likely that the fault occurred in
the 15th round according to (
3.4
). Once the round where the fault occurred has been
identified, the attacker can distinguish between the wrong key values as described
above. In [49], it is also argued that the faults occurring in the 14th round can be
exploited using counting methods, but very few details are given. According to the
authors, their attack enables one to recover the full last round key using between 50
and 200 ciphertexts pairs when the fault occurs at a random position in the right half
of the DES internal state in a random round. If the attacker is able to choose the exact
fault position, then three ciphertexts pair are sufficient.
These results demonstrate the sensitivity of DES to fault analysis. It appears
that one must protect at least the last three or four rounds of DES against DFA,
for instance by computing them twice and comparing the outputs. However, some
questions remain open: First, to what extent can DFA exploit faults occurring in the
middle rounds of DES? Also, is DFA tolerant to more general fault models where
several bits of the DES internal state are flipped? These issues are addressed in the
next section.
Δ
L
16
=
ε
). Also, if the bits of
Δ
