Abstract
This paper presents a survey of practical complexity differential cryptanalysis of AES and compares this to attacks that have been proposed for differential fault analysis. Naturally, the attacks in each vein of research are applicable in the other but use different models. In this paper we draw from both topics to improve attacks proposed in the literature. We re-evaluate the so-called Square attack and the use of impossible differentials in terms of differential fault analysis using a weaker model than previously considered in the literature. Furthermore, we propose two new attacks applicable to both differential cryptanalysis and differential fault analysis. The first is a differential cryptanalysis of four-round AES based on a differential that occurs with a non-negligible probability. The second is an application of the Square attack to a five-round AES that requires 28 ciphertexts and a time complexity equivalent to approximately 237.5 AES encryptions.
Similar content being viewed by others
References
Ali, S., Mukhopadhyay, D., Tunstall, M.: Differential fault analysis of AES using a single multiple-byte fault. Cryptology ePrint Archive, Report 2010/636, 2010. http://eprint.iacr.org/
Amiel F., Clavier C., Tunstall M.: Collision fault analysis of DPA-resistant algorithms. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P (eds) FDTC 06. LNCS, vol. 4236, pp. 223–236. Springer, Berlin (2006)
Bar-El H., Choukri H., Naccache D., Tunstall M., Whelan C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)
Biham, E., Keller, N.: Cryptanalysis of reduced variants of Rijndael. 1999 (unpublished). http://www.madchat.fr/crypto/codebreakers/35-ebiham.pdf
Biryukov A., Dunkelman O., Keller N., Khovratovich D., Shamir A.: Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds. In: Gilbert, H (eds) EUROCRYPT 2010. LNCS, vol. 6110., pp. 299–319. Springer, Berlin (2010)
Bouillaguet, C., Derbez, P., Dunkelman, O., Keller, N., Fouque, P.-A.: Low data complexity attacks on AES. Cryptology ePrint Archive, Report 2010/633, 2010. http://eprint.iacr.org/
Cheon J.H., Kim M., Kim K., Lee J.-Y., Kang S.: Improved impossible differential cryptanalysis of Rijndael and Crypton. In: Kim, K (eds) ICISC 2001. LNCS, vol. 2288, pp. 39–49. Springer, Berlin (2002)
Daemen, J., Knudsen, L., Rijmen, V.: The block cipher Square. In: Biham, E. (eds.) FSE ’97. LNCS, vol. 1267, pp. 149–165. Springer, Berlin (1997)
Daemen, J., Rijmen, V.: AES proposal: Rijndael. In: AES Round 1 Technical Evaluation CD-1: Documentation. NIST, August 1998. http://www.nist.gov/aes
Daemen J., Rijmen V.: The Design of Rijndael: AES—The Advanced Encryption Standard. Springer, Berlin (2002)
Demirci H., Taşkin I., Çoban M., Baysal A.: Improved meet-in-the-middle attacks on AES. In: Roy, B., Sendrier, N (eds) INDOCRYPT 2009. LNCS, vol 5922, pp. 144–156. Springer, Berlin (2009)
Dunkelman O., Keller N.: The effects of the omission of last round’s MixColumns on AES. Inf. Process. Lett. 110(8–9), 304–308 (2010)
Ferguson N., Kelsey J., Lucks S., Schneier B., Stay M., Wagner D., Whiting D.: Improved cryptanalysis of Rijndael. In: Schneier, B (eds) FSE 2000. LNCS, vol. 1978, pp. 213–230. Springer, Berlin (2001)
FIPS PUB 197. Advanced encryption standard (AES). Federal Information Processing Standards Publication 197, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA, November 2001
Kim, C.H.: Efficient methods for exploiting faults induced at AES middle rounds. Cryptology ePrint Archive, Report 2011/349, 2011. http://eprint.iacr.org/
Knuth, D.E.: The Art of Computer Programming, vol. 2. In: Seminumerical Algorithms. Addison-Wesley, 2nd edn, 1981
Lu J., Dunkelman O., Keller N., Kim J.: New impossible differential attacks on AES. In: Chowdhury, D.R., Rijmen, V., Das, A (eds) INDOCRYPT 2008. LNCS, vol. 5365, pp. 279–293. Springer, Berlin (2008)
Lucks, S.: Attacking seven rounds of Rijndael under 196-bit and 256-bit keys. In: AES Candidate Conference 2000, 2000. http://csrc.nist.gov/encryption/aes/round2/conf3/aes3conf.htm
Mangard S., Oswald E., Popp T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer-Verlag, New York (2007)
Mukhopadhyay D.: An improved fault based attack of the Advanced Encryption Standard. In: Preneel, B (eds) AFRICACRYPT 2009 LNCS, vol. 5580, pp. 421–434. Springer, Berlin (2009)
Park S., Sung S.H., Chee S., Yoon E.-J., Lim J.: On the security of Rijndael-like structures against differential and linear cryptanalysis. In: Zheng, Y (eds) ASIACRYPT 2002. LNCS, vol. 2501, pp. 176–191. Springer, Berlin (2002)
Phan R.C.W., Yen S.M.: Amplifying side-channel attacks with techniques from block cipher cryptanalysis. In: Domingo-Ferrer, J., Posegga, J., Shreckling, D (eds) CARDIS 2006. LNCS, vol. 3928, pp. 135–150. Springer, Berlin (2006)
Piret G., Quisquater J.J.: A differential fault attack technique against SPN structure, with application to the AES and KHAZAD. In: Walter, C.D., Koç, C.K., Paar, C (eds) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Berlin (2003)
Skorobogatov, S.P.: Semi-invasive attacks: A new approach to hardware security analysis. Technical Report UCAM-CL-TR-630, Computer Laboratory, University of Cambridge, April 2005
Tunstall M., Mukhopadhyay D., Subidh A.: Differential fault analysis of the Advanced Encryption Standard using a single fault. In: Ardagna, C.A., Zhou, J (eds) WISTP 2011. LNCS, vol. 6633, pp. 224–233. Springer, Berlin (2011)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Tunstall, M. Practical complexity differential cryptanalysis and fault analysis of AES. J Cryptogr Eng 1, 219–230 (2011). https://doi.org/10.1007/s13389-011-0018-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-011-0018-7