Cryptology ePrint Archive: Report 2003/008
DFA on AES
Christophe Giraud
Abstract: In this paper we describe two different DFA attacks on the AES. The first one uses a fault model that induces a fault on only one bit of an intermediate result, hence allowing us to obtain the key by using 50 faulty ciphertexts for an AES-128. The second attack uses a more realistic fault model: we assume that we may induce a fault on a whole byte. For an AES-128, this second attack provides the key by using less than 250 faulty ciphertexts. Moreover, this attack has been successfully put into practice on a smart card.
Category / Keywords: AES, DFA, side-channel attacks, smartcards.
Publication Info: The first version of this paper was submitted in April 2002 to CHES'02.
Date: received 20 Jan 2003, last revised 14 May 2003
Contact author: c giraud at oberthurcs com
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation
Note: The first version of this paper was submitted in April 2002 to CHES'02.
Version: 20030514:103011 (All versions of this report)
Short URL: ia.cr/2003/008
[ Cryptology ePrint archive ]