Paper 2002/075

Fault based cryptanalysis of the Advanced Encryption Standard

J. Blöemer and J. -P. Seifert

Abstract

In this paper we describe several fault attacks on the Advanced Encryption Standard (AES). First, using optical fault induction attacks as recently publicly presented by Skorobogatov and Anderson \cite{SA}, we present an implementation independent fault attack on AES. This attack is able to determine the complete $128$-bit secret key of a sealed tamper-proof smartcard by generating $128$ faulty cipher texts. Second, we present several implementation-dependent fault attacks on AES. These attacks rely on the observation that due to the AES's known timing analysis vulnerability (as pointed out by Koeune and Quisquater \cite{KQ}), any implementation of the AES must ensure a data independent timing behavior for the so called AES's {\tt xtime} operation. We present fault attacks on AES based on various timing analysis resistant implementations of the {\tt xtime}-operation. Our strongest attack in this direction uses a very liberal fault model and requires only $256$ faulty encryptions to determine a $128$-bit key.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
AESCryptanalysisFault attacksSide-channel attacksSmartcards.
Contact author(s)
Jean-Pierre Seifert @ infineon com
History
2002-06-16: received
Short URL
https://ia.cr/2002/075
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2002/075,
      author = {J.  Blöemer and J. -P.  Seifert},
      title = {Fault based cryptanalysis of the Advanced Encryption Standard},
      howpublished = {Cryptology {ePrint} Archive, Paper 2002/075},
      year = {2002},
      url = {https://eprint.iacr.org/2002/075}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.