International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Fault based cryptanalysis of the Advanced Encryption Standard

Johannes Blömer
J.-P.\ Seifert
Search ePrint
Search Google
Abstract: In this paper we describe several fault attacks on the Advanced Encryption Standard (AES). First, using optical fault induction attacks as recently publicly presented by Skorobogatov and Anderson \cite{SA}, we present an implementation independent fault attack on AES. This attack is able to determine the complete $128$-bit secret key of a sealed tamper-proof smartcard by generating $128$ faulty cipher texts. Second, we present several implementation-dependent fault attacks on AES. These attacks rely on the observation that due to the AES's known timing analysis vulnerability (as pointed out by Koeune and Quisquater \cite{KQ}), any implementation of the AES must ensure a data independent timing behavior for the so called AES's {\tt xtime} operation. We present fault attacks on AES based on various timing analysis resistant implementations of the {\tt xtime}-operation. Our strongest attack in this direction uses a very liberal fault model and requires only $256$ faulty encryptions to determine a $128$-bit key.
  title={Fault based cryptanalysis of the Advanced Encryption Standard},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / AES, Cryptanalysis, Fault attacks, Side-channel attacks, Smartcards.},
  note={ 11853 received 15 Jun 2002},
  author={Johannes Blömer and J.-P.\ Seifert},