{"title":"Revisit fault sensitivity analysis on WDDL-AES","authors":"Yang Li, K. Ohta, K. Sakiyama","doi":"10.1109/HST.2011.5955013","DOIUrl":null,"url":null,"abstract":"This paper revisits and improves the fault sensitivity analysis (FSA) attack on WDDL-AES. At CHES 2010, the FSA attack on WDDL-AES was proposed by Li et al. based on the delay timing difference for complementary wires. In their attack, the vulnerability of WDDL-AES mainly comes from the implementation deficiency rather than the WDDL technique itself. On the contrary, we explain that a well-implemented WDDL-AES also has the vulnerability against the FSA attack due to the input-data dependency for the critical delay of the WDDL S-box. We explain the observed ciphertext-bit dependency for the fault sensitivity (FS) data when the clock glitch is injected at the final AES round. By proposing a new distinguisher, our FSA attack can successfully retrieve the secret key information for WDDL-AES on SASEBO-R.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2011.5955013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 16
Abstract
This paper revisits and improves the fault sensitivity analysis (FSA) attack on WDDL-AES. At CHES 2010, the FSA attack on WDDL-AES was proposed by Li et al. based on the delay timing difference for complementary wires. In their attack, the vulnerability of WDDL-AES mainly comes from the implementation deficiency rather than the WDDL technique itself. On the contrary, we explain that a well-implemented WDDL-AES also has the vulnerability against the FSA attack due to the input-data dependency for the critical delay of the WDDL S-box. We explain the observed ciphertext-bit dependency for the fault sensitivity (FS) data when the clock glitch is injected at the final AES round. By proposing a new distinguisher, our FSA attack can successfully retrieve the secret key information for WDDL-AES on SASEBO-R.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
