Cryptology ePrint Archive: Report 2007/480

Differential Fault Analysis on the AES Key Schedule

Junko Takahashi and Toshinori Fukunaga

Abstract: This letter proposes a differential fault analysis on the AES key schedule and shows how an entire 128-bit AES key can be retrieved. In the workshop at FDTC 2007, we presented the DFA mechanism on the AES key schedule and proposed general attack rules. Using our proposed rules, we showed an efficient attack that can retrieve 80 bits of the 128-bit key. Recently, we have found a new attack that can obtain an additional 8 bits compared with our previous attack. As a result, we present most efficient attack for retrieving 88 bits of the 128-bit key using approximately two pairs of correct and faulty ciphertexts.

Category / Keywords: secret-key cryptography / DFA, AES, Side Channel Analysis

Date: received 27 Dec 2007

Contact author: takahashi junko at lab ntt co jp

Available format(s): PDF | BibTeX Citation

Version: 20071228:045139 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]