Cryptology ePrint Archive: Report 2011/178

Differential Fault Analysis of AES: Toward Reducing Number of Faults

Chong Hee KIM

Abstract: Differential Fault Analysis (DFA) finds the key of a block cipher using differential information between correct and faulty ciphertexts obtained by inducing faults during the computation of ciphertexts. Among many ciphers AES has been the main target of DFA due to its popularity. DFA of AES has also been diversi ed into several directions: reducing the required number of faults, applying it to multi-byte fault models, extending to AES-192 and AES-256, or exploiting faults induced at an earlier round. This paper deals with the first three directions together, especially giving weight to reducing the required number of faults. Many previous works show that the required numbers of faults are different although the same fault model is used. This comes from lack of a general method of constructing and solving differential fault equations. Therefore we first present how to generate differential fault equations systematically and reduce the number of candidates of the key with them, which leads us to find the minimum number of faults. Then we extend to multi-byte fault models and AES-192/256.

Category / Keywords: secret-key cryptography / Cryptanalysis, Side channel attacks, Differential fault analysis, Block ciphers, AES

Publication Info: Full version of the paper published at Information Sciences V.199, pp.43-57 (2012)

Date: received 5 Apr 2011, last revised 11 Jul 2012

Contact author: chhkim7 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20120711:082836 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]