## Cryptology ePrint Archive: Report 2002/075

Fault based cryptanalysis of the Advanced Encryption Standard

J.\ Blöemer and J.-P.\ Seifert

Abstract: In this paper we describe several fault attacks on the Advanced Encryption Standard (AES). First, using optical fault induction attacks as recently publicly presented by Skorobogatov and Anderson \cite{SA}, we present an implementation independent fault attack on AES. This attack is able to determine the complete $128$-bit secret key of a sealed tamper-proof smartcard by generating $128$ faulty cipher texts. Second, we present several implementation-dependent fault attacks on AES. These attacks rely on the observation that due to the AES's known timing analysis vulnerability (as pointed out by Koeune and Quisquater \cite{KQ}), any implementation of the AES must ensure a data independent timing behavior for the so called AES's {\tt xtime} operation. We present fault attacks on AES based on various timing analysis resistant implementations of the {\tt xtime}-operation. Our strongest attack in this direction uses a very liberal fault model and requires only $256$ faulty encryptions to determine a $128$-bit key.

Category / Keywords: secret-key cryptography / AES, Cryptanalysis, Fault attacks, Side-channel attacks, Smartcards.