Paper 2009/581

A Diagonal Fault Attack on the Advanced Encryption Standard

Dhiman Saha, Debdeep Mukhopadhyay, and Dipanwita RoyChowdhury


The present paper develops an attack on the AES algorithm, exploiting multiple byte faults in the state matrix. The work shows that inducing a random fault anywhere in one of the four diagonals of the state matrix at the input of the eighth round of the cipher leads to the deduction of the entire AES key. We also propose a more generalized fault attack which works if the fault induction does not stay confined to one diagonal. To the best of our knowledge, we present for the first time actual chip results for a fault attack on an iterative AES hardware running on a Xilinx FPGA platform. We show that when the fault stays within a diagonal, the AES key can be deduced with a brute force complexity of approximately $2^{32}$, which was successfully performed in about $400$ seconds on an Intel Xeon Server with $8$ cores. We show further that even if the fault induction corrupts two or three diagonals, $2$ and $4$ faulty ciphertexts are necessary to uniquely identify the correct key.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Fault Based Cryptanalysis
Contact author(s)
debdeep @ cse iitkgp ernet in
debdeep mukhopadhyay @ gmail com
2009-12-01: received
Short URL
Creative Commons Attribution


      author = {Dhiman Saha and Debdeep Mukhopadhyay and Dipanwita RoyChowdhury},
      title = {A Diagonal Fault Attack on the Advanced Encryption Standard},
      howpublished = {Cryptology ePrint Archive, Paper 2009/581},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.