Cryptology ePrint Archive: Report 2017/788

Attack on AES Implementation Exploiting Publicly-visible Partial Result

William Diehl

Abstract: Although AES is designed to be secure against a wide variety of linear and differential attacks, security ultimately depends on a combination of the engineering implementation and proper application by intended users. In this work, we attack a publicly-available VHDL implementation of AES by exploiting a partial result visible at the top-level public interface of the implementation. The vulnerability renders the security of the implementation equivalent to a one-round version of AES. An algorithm is presented that exploits this vulnerability to recover the secret key in 2^31 operations. The algorithm is coded in an interpreted high-level language and successfully recovers secret keys, with one set of known plaintext, using a general-purpose CPU in an average of 30 minutes.

Category / Keywords: Encryption, cipher, cryptography, cryptanalysis, field programmable gate array, AES

Date: received 20 Aug 2017, last revised 20 Aug 2017

Contact author: wdiehl at gmu edu

Available format(s): PDF | BibTeX Citation

Note: Rev 1 - No change to .pdf file. Changed "231 operations" to "2^31 operations" in submission abstract.

Version: 20170821:133645 (All versions of this report)

Short URL: ia.cr/2017/788

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]