Paper 2002/075

Fault based cryptanalysis of the Advanced Encryption Standard

J. Blöemer and J. -P. Seifert


In this paper we describe several fault attacks on the Advanced Encryption Standard (AES). First, using optical fault induction attacks as recently publicly presented by Skorobogatov and Anderson \cite{SA}, we present an implementation independent fault attack on AES. This attack is able to determine the complete $128$-bit secret key of a sealed tamper-proof smartcard by generating $128$ faulty cipher texts. Second, we present several implementation-dependent fault attacks on AES. These attacks rely on the observation that due to the AES's known timing analysis vulnerability (as pointed out by Koeune and Quisquater \cite{KQ}), any implementation of the AES must ensure a data independent timing behavior for the so called AES's {\tt xtime} operation. We present fault attacks on AES based on various timing analysis resistant implementations of the {\tt xtime}-operation. Our strongest attack in this direction uses a very liberal fault model and requires only $256$ faulty encryptions to determine a $128$-bit key.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
AESCryptanalysisFault attacksSide-channel attacksSmartcards.
Contact author(s)
Jean-Pierre Seifert @ infineon com
2002-06-16: received
Short URL
Creative Commons Attribution


      author = {J.  Blöemer and J. -P.  Seifert},
      title = {Fault based cryptanalysis of the Advanced Encryption Standard},
      howpublished = {Cryptology ePrint Archive, Paper 2002/075},
      year = {2002},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.