Paper 2018/085

Protecting Block Ciphers against Differential Fault Attacks without Re-keying (Extended Version)

Anubhab Baksi, Shivam Bhasin, Jakub Breier, Mustafa Khairallah, and Thomas Peyrin


In this article, we propose a new method to protect block cipher implementations against Differential Fault Attacks (DFA). Our strategy, so-called ``Tweak-in-Plaintext'', ensures that an uncontrolled value (`tweak-in') is inserted into some part of the block cipher plaintext, thus effectively rendering DFA much harder to perform. Our method is extremely simple yet presents many advantages when compared to previous solutions proposed at AFRICACRYPT 2010 or CARDIS 2015. Firstly, we do not need any Tweakable block cipher, nor any related-key security assumption (we do not perform any re-keying). Moreover, performance for lightweight applications is improved, and we do not need to send any extra data. Finally, our scheme can be directly used with standard block ciphers such as AES or PRESENT. Experimental results show that the throughput overheads, for incorporating our scheme into AES-128, range between $\approx$ 5\% to $\approx$ 26.9\% for software, and between $\approx$ 3.1\% to $\approx$ 25\% for hardware implementations; depending on the tweak-in size.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. MAJOR revision.IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2018
fault attacksblock ciphersprotection
Contact author(s)
anubhab001 @ e ntu edu sg
2018-07-30: last of 4 revisions
2018-01-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Anubhab Baksi and Shivam Bhasin and Jakub Breier and Mustafa Khairallah and Thomas Peyrin},
      title = {Protecting Block Ciphers against Differential Fault Attacks without Re-keying (Extended Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2018/085},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.