Side Channel Attacks Database
|
|
|
|
|
|
New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough |
 |
|
|
Chong Hee Kim, Jean-Jacques Quisquater, |
|
|
CARDIS 2008 |
|
| Abstract: |
|
In this paper we show a new differential fault analysis (DFA) on the AES-128 key scheduling process. We can obtain 96 bits of the key with 2 pairs of correct and faulty ciphertexts enabling an easy exhaustive key search of 232 keys. Furthermore we can retrieve the entire 128 bits with 4 pairs. To the authors’ best knowledge, it is the smallest number of pairs to find the entire AES-128 key with a fault attack on the key scheduling process. Up to now 7 pairs by Takahashi et al. were the best. By corrupting state, not the key schedule, Piret and Quisquater showed 2 pairs are enough to break AES-128 in 2003. The advantage of DFA on the key schedule is that it can defeat some fault-protected AES implementations where the round keys are not rescheduled prior to the check. We implemented our algorithm on a 3.2 GHz Pentium 4 PC. With 4 pairs of correct and faulty ciphertexts, we could find 128 bits less than 2.3 seconds.
|
|
| Paper Available At: |
|
http://www.springerlink.com/content/p531v7r49t5q031h/?p=1aadc02421da46... |
|
|
|
|
|
|
|
|
|
|
|
|
Cited By: |
|
|
|
|
|
|
|
|
|
Sort: |
|
This paper has been referenced 0 times, showing 1-10 |
Page 1 of 0
|
|
|
|
|
|
|
|
|
|
|
|
| Comments About Paper |
|
|
|
|
| Post a Comment |
|
|
 Enter the code shown:
|
| Name: |
|
| Email (optional) |
|
| Comment: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Direct any
comments, questions, omissions, criticizm here |
 |
|
|
|