Paper 2017/788

Attack on AES Implementation Exploiting Publicly-visible Partial Result

William Diehl

Abstract

Although AES is designed to be secure against a wide variety of linear and differential attacks, security ultimately depends on a combination of the engineering implementation and proper application by intended users. In this work, we attack a publicly-available VHDL implementation of AES by exploiting a partial result visible at the top-level public interface of the implementation. The vulnerability renders the security of the implementation equivalent to a one-round version of AES. An algorithm is presented that exploits this vulnerability to recover the secret key in 2^31 operations. The algorithm is coded in an interpreted high-level language and successfully recovers secret keys, with one set of known plaintext, using a general-purpose CPU in an average of 30 minutes.

Note: Rev 1 - No change to .pdf file. Changed "231 operations" to "2^31 operations" in submission abstract.

Metadata
Available format(s)
PDF
Publication info
Preprint.
Keywords
Encryptionciphercryptographycryptanalysisfield programmable gate arrayAES
Contact author(s)
wdiehl @ gmu edu
History
2017-08-21: received
Short URL
https://ia.cr/2017/788
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/788,
      author = {William Diehl},
      title = {Attack on AES Implementation Exploiting Publicly-visible Partial Result},
      howpublished = {Cryptology ePrint Archive, Paper 2017/788},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/788}},
      url = {https://eprint.iacr.org/2017/788}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.