Cryptology ePrint Archive: Report 2019/1057

A Study of Persistent Fault Analysis

Andrea Caforio and Subhadeep Banik

Abstract: Persistent faults mark a new class of injections that perturb lookup tables within block ciphers with the overall goal of recovering the encryption key. Unlike earlier fault types persistent faults remain intact over many encryptions until the affected device is rebooted, thus allowing an adversary to collect a multitude of correct and faulty ciphertexts. It was shown to be an efficient and effective attack against substitution-permutation networks. In this paper, the scope of persistent faults is further broadened and explored. More specifically, we show how to construct a key-recovery attack on generic Feistel schemes in the presence of persistent faults. In a second step, we leverage these faults to reverse-engineer AES- and PRESENT-like ciphers in a chosen-key setting, in which some of the computational layers, like substitution tables, are kept secret. Finally, we propose a novel, dedicated, and low-overhead countermeasure that provides adequate protection for hardware implementations against persistent fault injections.

Category / Keywords: secret-key cryptography / Fault Analysis, PFA, Feistel Networks, Reverse Engineering, AES, PRESENT, Countermeasures

Original Publication (in the same form): SPACE 2019

Date: received 17 Sep 2019

Contact author: andrea caforio at epfl ch, subhadeep banik at epfl ch

Available format(s): PDF | BibTeX Citation

Version: 20190918:124139 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]