Paper Info
Title
Fault Sensitivity Analysis Meets Zero-Value Attack
Abstract
Previous works have shown that the combinatorial path delay of a cryptographic function, e.g., The AES S-box, depends on its input value. Since the relation between critical path delay and input value seems to be relatively random and highly dependent on the routing of the circuit, up to now only template or some collision attacks could reliably extract the used secret key of implementations not protected against fault attacks. Here we present a new attack which is based on the fact that, because of the zero-to-zero mapping of the AES Sbox inversion circuit, the critical path when processing the zero input is notably shorter than for all other inputs. Applying the attack to an AES design protected by an state-of-the-art fault detection scheme, we are able to fully recover the secret key in less than eight hours. Note that we neither require a known key measurement step (template case) nor a high similarity between different S-box instances (collision case). The only information gathered from the device is whether a fault occurred when processing a chosen plaintext.
Year
DOI
Venue
2014
10.1109/FDTC.2014.16
Fault Diagnosis and Tolerance in Cryptography
Keywords
Field
DocType
cryptography,fault diagnosis,telecommunication network routing,AES S-box,AES Sbox inversion circuit,collision attacks,combinatorial path delay,cryptographic function,fault detection scheme,fault sensitivity analysis,zero-to-zero mapping,zero-value attack,AES,Fault Attack,Fault Collision,Fault Sensitivity,Zero Value
Stuck-at fault,Fault coverage,Fault detection and isolation,Computer science,Cryptography,Real-time computing,Critical path method,Plaintext,Fault indicator,Differential fault analysis
Conference
Citations 
PageRank 
References 
6
0.45
18
Authors
3
Name
Order
Citations
PageRank
Oliver Mischke120411.53
Amir Moradi296080.66
Tim Güneysu392477.37