Open AccessA novel differential fault analysis using two‐byte fault model on AES Key schedule
Author(s) -
Zhang Jinbao,
Wu Ning,
Li Jianhua,
Zhou Fang
Publication year - 2019
Publication title -
iet circuits, devices and systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.251
H-Index - 49
eISSN - 1751-8598
pISSN - 1751-858X
DOI - 10.1049/iet-cds.2018.5428
Subject(s) - byte , computer science , key (lock) , key schedule , advanced encryption standard , fault (geology) , cryptography , schedule , parallel computing , algorithm , block cipher , theoretical computer science , differential cryptanalysis , computer hardware , computer security , operating system , seismology , geology
One of the well‐known physical attacks, i.e. differential fault analysis (DFA), can break the secret key of cryptographic device by using differential information between faulty and correct ciphertexts. Here, the authors propose a random 2‐byte fault model, present a novel DFA on AES key schedule, and show how an entire AES‐128 key can be cracked by using two pairs of faulty and correct ciphertexts. By inducing a random 2‐byte fault in the first column of 9th round key with discontiguous rows, the authors can obtain 64 bits of AES‐128 key using one pair of faulty and correct ciphertexts, two pairs of them can retrieve the entire 128‐bit key without exhaustive search. The authors implement the proposed attack on HP Intel(R) Core i5‐7300HQ Quad‐Core 2.5 GHz CPU, 8G RAM. It takes <2 min on average to break the key. Considering the number of faulty ciphertexts, fault‐induced depth, and fault model, authors’ attack is the most efficient DFA as compared to existing schemes on AES‐128 key schedule.