Journal of Computers, Vol 6, No 2 (2011), 216-223, Feb 2011
doi:10.4304/jcp.6.2.216-223

A New Differential Fault Attack on SPN Structure, with Application to AES Cipher

Wei Li, Xiaoling Xia, Dawu Gu, Zhiqiang Liu, Juanru Li, Ya Liu

Abstract


The Substitution-Permutation Network (SPN) is a main type of structure in block ciphers. This paper proposes a new and practical differential fault attack technique on SPN structure. As an instance of SPN cipher, AES-256 can be recovered by 4 faulty ciphertexts. Compared with the previous techniques, our work can recover all subkeys of an SPN cipher with all key sizes. Therefore, our attacking method on AES not only improves the efficiency of fault injection, but also decreases the number of faulty ciphertexts. It provides a new approach for fault analysis on block ciphers.


Keywords


Cryptanalysis; Side channel attacks; Differential fault analysis; SPN; AES

References


[1] Bertoni G., Breveglieri L., Koren I., et al. Error analysis and detection procedures for a hardware implementation of the Advanced Encryption Standard, IEEE Transactions on Computers, 52(4) (2003), pp. 492-505.
doi:10.1109/TC.2003.1190590

[2] Boneh D., DeMillo R., Lipton R. On the importance of checking cryptographic Protocols for faults. Journal of Cryptology, 14(2) (2001), pp. 101-119.
doi:10.1007/s001450010016

[3] Biham E., Dunkelman O., Keller N. The rectangle attack--rectangling the Serpent. In: EUROCRYPT 2001, LNCS, vol. 2045, 2001, pp. 340-357.

[4] Biham E., Dunkelman O., Keller N. Linear Cryptanalysis of reduced round Serpent. In: Fast Software Encryption--FSE 2001, LNCS, vol. 2355, 2001, pp. 16-27.

[5] Biham E., Dunkelman O., Keller N. Differential-linear cryptanalysis of Serpent. In: Fast Software Encryption--FSE 2003, LNCS, vol. 2887, 2003, pp. 9-21.

[6] Biham E., Dunkelman O., Keller N. New Results on boomerang and rectangle attacks. In: Fast Software Encryption-FSE 2002, LNCS, vol. 2501, 2002, pp. 254-266.

[7] Biham E., Shamir A. Differential fault analysis of secret key cryptosystems. In: Advances in Cryptology--CRYPTO'97, LNCS, vol. 1294, 1997, pp. 513--525.

[8] Blomer J., Seifert J. P. Fault based cryptanalysis of the advanced encryption standard (AES). In: Financial Cryptography-FC 2003, LNCS, vol. 2742, 2003, pp. 162--181.
doi:10.1007/978-3-540-45126-6_12

[9] Christophe C., Benedikt G., Ingrid V. Fault analysis study of IDEA. In: Topics in Cryptography-CT-RSA 2008, LNCS, vol. 4964, 2008, pp. 247-287.

[10] Collard B., Standaert F.- X., Quisquater J.- J.. Improved and multiple linear cryptanalysis of reduced round Serpent. Inscrypt 2007, Lecture Notes in Computer Science 4990 (Springer, Heidelberg, 2008), pp. 51-65.

[11] Chen H., Wu W., Feng, D. Differential fault analysis on CLEFIA. In: International Conference on Information and Communication Security-ICICS 2007, LNCS, vol. 4861, 2007, pp. 284-295.

[12] Chen C. N., Yen S. M. Differential fault analysis on AES key schedule and some countermeasures. In: Proceedings of the Australasian Conference on Information Security and Privacy-ACISP 2003, LNCS, vol. 2727, 2003, pp. 118--129.

[13] Dunkelman O., Indesteege S., Keller N. A Differential--linear attack on 12--Round Serpent, In: INDOCRYPT 2008, LNCS 5365, 2008, pp. 308-321.

[14] Duo L., Li C., Feng K. New observation on Camellia. In: Selected Areas in Cryptography--SAC 2005, LNCS, vol. 3897, 2005, pp. 51-64.

[15] Dusart P., Letourneux G., Vivolo O. Differential fault analysis on AES. In: Applied Cryptography and Network Security-ACNS 2003, LNCS, vol. 2846, 2003, pp. 293--306.
doi:10.1007/978-3-540-45203-4_23

[16] Giraud C. DFA on AES. In: Advanced Encryption Standard--AES, LNCS, vol. 3373, 2005, pp. 27-41.
doi:10.1007/11506447_4

[17] Hemme L. A differential fault analysis against early rounds of (Triple-) DES. In: Cryptographic Hardware and Embedded Systems-CHES 2004, LNCS, vol. 3156, 2004, pp. 254-267.

[18] Kim C. H., Quisquater J. J. Faults, injection methods, and fault attacks. IEEE Design&Test of Computers, 24(6) (2007), pp. 544-545.
doi:10.1109/MDT.2007.186

[19] Kelsey J., Schneier B., Wagner D., et al. Side channel cryptanalysis of product ciphers. In: ESORICS '98 Proceedings, LNCS, vol. 1485, 1998, pp. 97-110.

[20] Li W., Gu D., Li J. Differential fault analysis on the ARIA algorithm. Information Sciences, 10(178)(2008), pp. 3727--3737.
doi:10.1016/j.ins.2008.05.031

[21] Li W., Gu D., Wang Y. Differential fault analysis on the contracting UFN structure, with application to SMS4 and MacGuffin. Journal of Systems and Software, 82(2009), pp. 346-354.
doi:10.1016/j.jss.2008.06.032

[22] Kelsey J., Kohno T., Schneier B. Amplified boomerang attacks against reduced-round MARS and Serpent. In: Fast Software Encryption-FSE 2001, LNCS, vol. 1978, 2001, pp. 75-93.
doi:10.1007/3-540-44706-7_6

[23] Kohno T., Kelsey J., Schneier B. Preliminary Cryptanalysis of Reduced--Round Serpent. In: AES Candidate Conference, 2000, pp. 195-211.

[24] Moradi A., Shalmani, M. T. M., Salmasizadeh M. A generalized method of differential fault attack against AES cryptosystem. In: Cryptographic Hardware and Embedded Systems-CHES 2006, LNCS, vol. 4249, 2006, pp. 91-100.
doi:10.1007/11894063_8

[25] Piret G., Quisquater J. J. A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Cryptographic Hardware and Embedded Systems-CHES 2003, LNCS, vol. 2779, 2003, pp. 77-88.
doi:10.1007/978-3-540-45238-6_7


Full Text: PDF


Journal of Computers (JCP, ISSN 1796-203X)

Copyright @ 2006-2012 by ACADEMY PUBLISHER – All rights reserved.