Skip to main content
SpringerLink
Log in

Right or wrong collision rate analysis without profiling: full-automatic collision fault attack

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

In CHES 2010, Fault Sensitivity Analysis (FSA) on Advanced Encryption Standard (AES) hardware circuit based on S-box setup-time acquired by injecting clock glitches is proposed. Soon after, some improvements of FSA were presented such as colliding timing characteristics from Moradi et al. However, the acquisition of timing characteristics requires complex procedure due to the very gradual decrease of clock glitch cycle and the heavy requirements of setup-time samples. In HOST 2015, Wang et al. presented template-based right or wrong collision rate attack to improve the efficiency of FSA, but its profiling and plaintexts-choice procedures required too many encryptions. In this paper, we fix only one specific clock glitch cycle, and take the right or wrong collision rate as a collision distinguisher. So, the whole process is a non-profiling collision attack which can be executed automatically without massive pre-computations and interactions between PC and signal generator. According to the experiments, 256 encryptions are enough for exactly deciding whether two plaintext bytes can induce an S-box collision. Compared with the existing power analysis and FSA-based attacks on AES hardware, it costs negligible time (about 6.65 s) and storage space (only one byte), and no offline computations for finding the collision between two masked S-boxes. Furthermore, our study shows that the signal-to-noise ratio in FSA-based attacks is much higher than power-based attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Kocher P. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Advances in Cryptology—CRYPTO’96. Berlin: Springer, 1996. 104–113

    Google Scholar 

  2. Bogdanov A. Improved side-channel collision attacks on AES. In: Selected Areas in Cryptography. Berlin: Springer, 2007. 84–95

    Chapter  Google Scholar 

  3. Bogdanov A. Multiple-differential side-channel collision attacks on AES. In: Cryptographic Hardware and Embedded Systems—CHES 2008. Berlin: Springer, 2008. 30–44

    Chapter  Google Scholar 

  4. Schramm K, Leander G, Felke P, et al. A collision-attack on AES combining side channel- and differential-attack. In: Cryptographic Hardware and Embedded Systems—CHES 2004. Berlin: Springer, 2004. 163–175

    Chapter  Google Scholar 

  5. Schramm K, Wollinger T J, Paar C. A new class of collision attacks and its application to DES. In: Fast Software Encryption. Berlin: Springer, 2003. 206–222

    Chapter  Google Scholar 

  6. Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems—CHES 2004. Berlin: Springer, 2004. 16–29

    Chapter  Google Scholar 

  7. Bogdanov A, Kizhvatov I. Beyond the limits of DPA: combined side-channel collision attacks. IEEE Trans Comput, 2012, 61: 1153–1164

    Article  MathSciNet  MATH  Google Scholar 

  8. Clavier C, Feix B, Gagnerot G, et al. Improved collision-correlation power analysis on first order protected AES. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 49–62

    Chapter  Google Scholar 

  9. Oswald E, Mangard S, Herbst C, et al. Practical second-order DPA attacks for masked smart card implementations of block ciphers. In: Topics in Cryptology—CT-RSA 2006. Berlin: Springer, 2006. 192–207

    Chapter  Google Scholar 

  10. Chair S, Rao J R, Rohatgi P. Template attacks. In: Cryptographic Hardware and Embedded Systems—CHES 2002. Berlin: Springer, 2003. 13–28

    Chapter  Google Scholar 

  11. Biham E, Shamir A. Differential fault analysis of secret key cryptosystems. In: Advances in Cryptology—CRYPTO’97. Berlin: Springer, 1997. 513–525

    Google Scholar 

  12. Ege B, Eisenbarth T, Batina L. Near collision side channel attacks. In: Selected Areas in Cryptography—SAC 2015 Cryptology. Berlin: Springer. 2015. 277–292

    Google Scholar 

  13. Ye X, Chen C, Eisenbarth T. Non-linear collision analysis. In: Radio Frequency Identification: Security and Privacy Issues. Berlin: Springer, 2014. 198–214

    Google Scholar 

  14. Li Y, Sakiyama K, Gomisawa S, et al. Fault sensitivity analysis. In: Cryptographic Hardware and Embedded Systems, CHES 2010. Berlin: Springer, 2010. 320–334

    Chapter  Google Scholar 

  15. Moradi A, Mischke O, Eisenbarth T. Correlation-enhanced power analysis collision attack. In: Cryptographic Hardware and Embedded Systems, CHES 2010. Berlin: Springer, 2010. 125–139

    Chapter  Google Scholar 

  16. Moradi A, Mischke O, Paar C, et al. On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 292–311

    Chapter  Google Scholar 

  17. Wang A, Chen M, Wang Z Y, et al. Fault rate analysis: breaking masked AES hardware implementations efficiently. IEEE Trans Circ Syst, 2013, 60: 517–521

    Google Scholar 

  18. Ren Y T,Wang A, Wu L J. Transient-steady effect attack on block ciphers. In: Cryptographic Hardware and Embedded Systems—CHES 2015. Berlin: Springer, 2015. 433–450

    Chapter  Google Scholar 

  19. Wang Q, Wang A, Wu L J, et al. Template attack on masking AES based on fault sensitivity analysis. In: Proceedings of IEEE International Symposium on Hardware Oriented Security and Trust (HOST 2015), Washington, 2015. 96–99

    Chapter  Google Scholar 

  20. Mangard S, Aigner M, Dominikus S. A highly regular and scalable AES hardware architecture. IEEE Trans Comput, 2003, 52: 483–491

    Article  Google Scholar 

  21. Canright D. A very compact S-box for AES. In: Cryptographic Hardware and Embedded Systems—CHES 2005. Berlin: Springer, 2005. 441–455

    Chapter  Google Scholar 

  22. Paar C. Efficient VLSI architectures for bit-parallel computation in Galois fields. Dissertation for Ph.D. Degree. Essen: University of Essen, 1994

    Google Scholar 

  23. Rudra A, Dubey P K, Jutla C S, et al. Efficient Rijdael encryption implementation with composite field arithmetic. In: Cryptographic Hardware and Embedded Systems—CHES 2001. Berlin: Springer, 2001. 171–184

    Chapter  Google Scholar 

  24. Morioka S, Satoh A. An optimized S-box circuit architecture for low power AES design. In: Cryptographic Hardware and Embedded Systems—CHES 2002. Berlin: Springer, 2003. 172–186

    Chapter  Google Scholar 

  25. Canright D, Batina L. A very compact “perfectly masked” S-box for AES. In: Applied Cryptography and Network Security. Berlin: Springer, 2008. 446–459

    Chapter  Google Scholar 

  26. Genelle L, Prouff E, Quisquater M. Thwarting higher-order side channel analysis with additive and multiplicative maskings. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 240–255

    Chapter  Google Scholar 

  27. Kim H, Hong S, Lim J. A fast and provably secure higher-order masking of AES S-box. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 95–107

    Chapter  Google Scholar 

  28. Endo S, Sugawara T, Homma N, et al. An on-chip glitchy-clock generator for testing fault injection attacks. J Cryptogr Eng, 2011, 1: 265–270

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by National Natural Science Foundation of China (Grant Nos. 61402252, 61402536), Beijing Natural Science Foundation (Grant No. 4162053), Foundation of Science and Technology on Information Assurance Laboratory (Grant No. KJ-15-005), and Beijing Institute of Technology Research Fund Program for Young Scholars.

Author information

Authors and Affiliations

  1. School of Computer Science, Beijing Institute of Technology, Beijing, 100081, China

    An Wang, Yu Zhang & Liehuang Zhu

  2. State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, 100878, China

    An Wang

  3. College of Bioengineering, Beijing Polytechnic, Beijing, 100176, China

    Weina Tian

  4. Department of Electrical and Computer Engineering, University of Maryland, College Park, MD, 20740, USA

    Qian Wang

  5. Science and Technology on Information Assurance Laboratory, Beijing, 100072, China

    Guoshuang Zhang

Authors
  1. An Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Weina Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Qian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guoshuang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Liehuang Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Liehuang Zhu.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, A., Zhang, Y., Tian, W. et al. Right or wrong collision rate analysis without profiling: full-automatic collision fault attack. Sci. China Inf. Sci. 61, 032101 (2018). https://doi.org/10.1007/s11432-016-0616-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11432-016-0616-4

Keywords

Search

Navigation