International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 03 July 2015

Nahid Farhady Ghalaty, Bilgiday Yuce, Patrick Schaumont
ePrint Report ePrint Report
The traditional fault analysis techniques developed over the past decade rely on a fault

model, a rigid assumption about the nature of the fault. A practical challenge for all faults attacks is to identify a fault injection method that achieves the presumed fault model.

In this paper, we analyze a class of more recently proposed fault analysis techniques,

which adopt a biased fault model. Biased fault attacks enable

a more flexible fault model, and are therefore easier to adopt to practice.

The purpose of our analysis is to evaluate the relative efficiency of several recently proposed biased-fault attacks, including Fault Sensitivity Analysis (FSA), Non-Uniform Error Value Analysis (NUEVA), Non-Uniform Faulty Value Analysis (NUFVA), and Differential Fault Intensity Analysis (DFIA).

We compare the relative performance of each technique in a common framework, using a common circuit and using a common fault injection method. We show that, for an identical circuit and an identical fault injection method, the number of faults per attack greatly varies according with the analysis technique.

In particular, DFIA is more efficient than FSA, and FSA is more efficient than both NUEVA and NUFVA. In terms of number of fault injections until full key disclosure, for a typical case, FSA uses 8x more faults than DFIA, and NUEVA uses 33x more faults than DFIA. Hence, the post-processing technique selected in a biased-fault attack has a significant impact on the probability of a successful attack.

Expand

Additional news items may be found on the IACR news page.