从AES-128到AES-192和AES-256，如何适应密钥扩展的差分故障分析攻击

2011 Workshop on Fault Diagnosis and Tolerance in Cryptography Pub Date : 2011-09-29 DOI:10.1109/FDTC.2011.15

Noémie Floissac, Yann L'Hyver

{"title":"从AES-128到AES-192和AES-256，如何适应密钥扩展的差分故障分析攻击","authors":"Noémie Floissac, Yann L'Hyver","doi":"10.1109/FDTC.2011.15","DOIUrl":null,"url":null,"abstract":"Since its announcement, AES has been subject to different DFA attacks. Most of these attacks target the AES with 128-bit key. However, the two other variants are nowadays deployed in various applications and are also submitted to the same attack path. In this paper, we adapt DFA techniques originally used on AES-128 in order to retrieve the whole keys of AES-192 and AES-256. The two main kinds of injection localization have been analyzed: faults during cipher and during Key Expansion computations. Analysis of this last case highlights different fault diffusion problems requiring to be solved to exploit the differential faults. Finally, we propose the first attack on AES-192 and AES-256 on Key Expansion. This attack leads finding the whole initial key with 16 fault injections in both cases.","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":"{\"title\":\"From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks on Key Expansion\",\"authors\":\"Noémie Floissac, Yann L'Hyver\",\"doi\":\"10.1109/FDTC.2011.15\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Since its announcement, AES has been subject to different DFA attacks. Most of these attacks target the AES with 128-bit key. However, the two other variants are nowadays deployed in various applications and are also submitted to the same attack path. In this paper, we adapt DFA techniques originally used on AES-128 in order to retrieve the whole keys of AES-192 and AES-256. The two main kinds of injection localization have been analyzed: faults during cipher and during Key Expansion computations. Analysis of this last case highlights different fault diffusion problems requiring to be solved to exploit the differential faults. Finally, we propose the first attack on AES-192 and AES-256 on Key Expansion. This attack leads finding the whole initial key with 16 fault injections in both cases.\",\"PeriodicalId\":150423,\"journal\":{\"name\":\"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-09-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"38\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FDTC.2011.15\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FDTC.2011.15","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 38

摘要

自从AES发布以来，它一直受到不同的DFA攻击。这些攻击大多以128位密钥的AES为目标。然而，另外两种变体现在部署在各种应用程序中，并且也提交到相同的攻击路径。在本文中，我们采用原来用于AES-128的DFA技术来检索AES-192和AES-256的整个密钥。分析了两种主要的注入定位:密码过程中的故障和密钥扩展计算中的故障。最后一个案例的分析突出了利用微分断层需要解决的不同断层扩散问题。最后，我们提出了对AES-192和AES-256密钥扩展的第一次攻击。在这两种情况下，这种攻击都会通过16次错误注入找到整个初始密钥。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks on Key Expansion

Since its announcement, AES has been subject to different DFA attacks. Most of these attacks target the AES with 128-bit key. However, the two other variants are nowadays deployed in various applications and are also submitted to the same attack path. In this paper, we adapt DFA techniques originally used on AES-128 in order to retrieve the whole keys of AES-192 and AES-256. The two main kinds of injection localization have been analyzed: faults during cipher and during Key Expansion computations. Analysis of this last case highlights different fault diffusion problems requiring to be solved to exploit the differential faults. Finally, we propose the first attack on AES-192 and AES-256 on Key Expansion. This attack leads finding the whole initial key with 16 fault injections in both cases.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 Workshop on Fault Diagnosis and Tolerance in Cryptography

自引率

0.00%

发文量

期刊最新文献

Fault Sensitivity Analysis Against Elliptic Curve Cryptosystems An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs Differential Fault Analysis on the SHA1 Compression Function On Protecting Cryptographic Applications Against Fault Attacks Using Residue Codes Fault Injection, A Fast Moving Target in Evaluations