Paper 2012/098

Combined Attacks on the AES Key Schedule

François Dassance and Alexandre Venelli

Abstract

We present new combined attacks on the AES key schedule based on the work of Roche et al. The main drawbacks of the original attack are: the need for high repeatability of the fault, a very particular fault model and a very high complexity of the key recovery algorithm. We consider more practical fault models, we obtain improved key recovery algorithms and we present more attack paths for combined attacks on AES. We propose to inject faults on the different operations of the key schedule instead of the key state of round 9 or the corresponding data state. We also consider fault injections in AES constants such as the RCON or the affine transformation of the SubWord. By corrupting these constants, the attacker can easily deduce the value of the error. The key recovery complexity can then be greatly improved. Notably, we can obtain a complexity identical to a classical differential side-channel attack. Our attacks defeat most AES implementations secure against both high-order side-channel attacks and fault attacks.

Metadata
Available format(s)
PDF PS
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
Side-channel analysisFault analysisCombined attackAES
Contact author(s)
avenelli @ insidefr com
History
2012-02-29: received
Short URL
https://ia.cr/2012/098
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/098,
      author = {François Dassance and Alexandre Venelli},
      title = {Combined Attacks on the {AES} Key Schedule},
      howpublished = {Cryptology ePrint Archive, Paper 2012/098},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/098}},
      url = {https://eprint.iacr.org/2012/098}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.