Paper 2020/671

Persistent Fault Analysis With Few Encryptions

Sebastien Carre, Sylvain Guilley, and Olivier Rioul


Persistent fault analysis (PFA) consists in guessing block cipher secret keys by biasing their substitution box. This paper improves the original attack of Zhang et al. on AES-128 presented at CHES 2018. By a thorough analysis, the exact probability distribution of the ciphertext (under a uniformly distributed plaintext) is derived, and the maximum likelihood key recovery estimator is computed exactly. Its expression is turned into an attack algorithm, which is shown to be twice more efficient in terms of number of required encryptions than the original attack of Zhang et al. This algorithm is also optimized from a computational complexity standpoint. In addition, our optimal attack is naturally amenable to key enumeration, which expedites full 16- bytes key extraction. Various tradeoffs between data and computational complexities are investigated.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. COSADE 2020
PFAfault attackAES
Contact author(s)
sebastien carre @ secure-ic com
2020-06-11: last of 2 revisions
2020-06-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sebastien Carre and Sylvain Guilley and Olivier Rioul},
      title = {Persistent Fault Analysis With Few Encryptions},
      howpublished = {Cryptology ePrint Archive, Paper 2020/671},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.