Paper 2019/1057

A Study of Persistent Fault Analysis

Andrea Caforio and Subhadeep Banik


Persistent faults mark a new class of injections that perturb lookup tables within block ciphers with the overall goal of recovering the encryption key. Unlike earlier fault types persistent faults remain intact over many encryptions until the affected device is rebooted, thus allowing an adversary to collect a multitude of correct and faulty ciphertexts. It was shown to be an efficient and effective attack against substitution-permutation networks. In this paper, the scope of persistent faults is further broadened and explored. More specifically, we show how to construct a key-recovery attack on generic Feistel schemes in the presence of persistent faults. In a second step, we leverage these faults to reverse-engineer AES- and PRESENT-like ciphers in a chosen-key setting, in which some of the computational layers, like substitution tables, are kept secret. Finally, we propose a novel, dedicated, and low-overhead countermeasure that provides adequate protection for hardware implementations against persistent fault injections.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. SPACE 2019
Fault AnalysisPFAFeistel NetworksReverse EngineeringAESPRESENTCountermeasures
Contact author(s)
andrea caforio @ epfl ch
subhadeep banik @ epfl ch
2019-09-18: received
Short URL
Creative Commons Attribution


      author = {Andrea Caforio and Subhadeep Banik},
      title = {A Study of Persistent Fault Analysis},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1057},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.