Skip to main content
SpringerLink
Log in

SPSA: Semi-Permanent Stuck-At fault analysis of AES Rijndael SBox

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Fault attacks have gained particular attention in recent years as they present a severe threat to security in rapidly rising Internet-of-Things (IoT) devices. IoT devices generally are security-critical with resource constraints, such as small area footprint, low power, and memory consumption. Combinational circuit implementations of SBox are more efficient in terms of area, power, and memory requirements and, thus, preferable over look-up table implementation in these resource-constrained environments. In this work, we analyze an optimized combinatorial circuit implementation of AES SBox against a novel fault analysis technique, semi-permanent stuck-at (SPSA) fault analysis. We pinpoint SPSA hotspots in a combinational implementation of AES SBox that weaken the cryptographic properties of the SBox, leading to key recovery attacks. We present a key recovery attack based on improbable candidate elimination termed as SPSA attack. We observe that the hotspots can be categorized based on the method used for key recovery. The categories comprise hotspots vulnerable to direct key recovery, hotspots vulnerable against presented SPSA attacks, and hotspots vulnerable to other classical cryptanalysis techniques. Threshold implementation (TI) is among the widely adopted countermeasures to thwart power-based side-channel attacks. We evaluate a TI of AES SBox against the proposed SPSA fault analysis. In addition, we demonstrate the proposed attack on a low-latency cipher, PRINCE. Our work investigates new vulnerabilities against fault analysis in combinational circuit implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 37–51 (1997). Springer

  2. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S., (ed.) Advances in Cryptology—CRYPTO ’97. pp. 513–525 (1997). Springer, Berlin

  3. Courtois, N., Ware, D., Jackson, K.: Fault-algebraic attacks on inner rounds of des. In: Proceedings of the eSmart 2010, pp. 22–24 (2010)

  4. Fuhr, T., Jaulmes, É., Lomné, V., Thillard, A.: Fault attacks on AES with faulty ciphertexts only. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, Los Alamitos, CA, USA, August 20, 2013, pp. 108–118 (2013)

  5. Dobraunig, C., Eichlseder, M., Groß, H., Mangard, S., Mendel, F., Primas, R.: Statistical ineffective fault attacks on masked AES with fault countermeasures. In: Advances in Cryptology—ASIACRYPT 2018. Springer

  6. Zhang, F., Lou, X., Zhao, X., Bhasin, S., He, W., Ding, R., Qureshi, S., Ren, K.: Persistent fault analysis on block ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 150–172 (2018)

    Article  Google Scholar 

  7. Saha, S., Bag, A., Roy, D.B., Patranabis, S., Mukhopadhyay, D.: Fault template attacks on block ciphers exploiting fault propagation. In: Canteaut, A., Ishai, Y. (eds.) Advances in Cryptology—EUROCRYPT 2020—39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings, Part I. Lecture Notes in Computer Science, vol. 12105, pp. 612–643. Springer (2020). https://doi.org/10.1007/978-3-030-45721-1_22

  8. Raghuraman, S., Nazhandali, L.: Does gate count matter? Hardware efficiency of logic-minimization techniques for cryptographic primitives. In: NIST-LWC Lightweight Cryptography Workshop (2019). https://csrc.nist.gov/CSRC/media/Events/lightweight-cryptography-workshop-2019/documents/papers/does-gate-count-matter-lwc2019.pdf

  9. Anceau, S., Bleuet, P., Clédière, J., Maingault, L., Rainard, J., Tucoulou, R.: Nanofocused x-ray beam to reprogram secure circuits. In: Fischer, W., Homma, N. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2017 (2017). Springer

  10. W. Yu, J., D. Aagaard, M.: Benchmarking and optimizing AES for lightweight cryptography on ASICs. In: NIST-LWC Lightweight Cryptography Workshop (2019). https://csrc.nist.gov/Events/2019/lightweight-cryptography-workshop-2019

  11. Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: A very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) Advances in Cryptology—EUROCRYPT 2011, pp. 69–88. Springer, Berlin (2011)

    Chapter  Google Scholar 

  12. Naito, Y., Matsui, M., Sugawara, T., Suzuki, D.: SAEB: a lightweight blockcipher-based AEAD mode of operation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 192–217 (2018). https://doi.org/10.13154/tches.v2018.i2.192-217

    Article  Google Scholar 

  13. Bogdanov, A., Mendel, F., Regazzoni, F., Rijmen, V., Tischhauser, E.: ALE: AES-based lightweight authenticated encryption. In: Moriai, S. (ed.) Fast Software Encryption, pp. 447–466. Springer, Berlin (2014)

    Chapter  MATH  Google Scholar 

  14. Eduardo Marsola do Nascimento1, J.A.M.X.: FlexAEAD—a lightweight cipher with integrated authentication. In: NIST-LWC Lightweight Cryptography Workshop (2019). https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/FlexAEAD-spec.pdf

  15. Schmidt, J., Hutter, M., Plos, T.: Optical fault attacks on AES: A threat in violet. In: Breveglieri, L., Koren, I., Naccache, D., Oswald, E., Seifert, J. (eds.) Sixth International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009, Lausanne, Switzerland, 6 September 2009, pp. 13–22. IEEE Computer Society (2009). https://doi.org/10.1109/FDTC.2009.37

  16. Aldaya, A.C., Sarmiento, A.C., Sánchez-Solano, S.: AES t-box tampering attack. J. Cryptogr. Eng. 6(1), 31–48 (2016). https://doi.org/10.1007/s13389-015-0103-4

    Article  Google Scholar 

  17. Shah, T., Matrosova, A.Y., Fujita, M., Singh, V.: Multiple stuck-at fault testability analysis of ROBDD based combinational circuit design. J. Electron. Test. 34(1), 53–65 (2018)

    Article  Google Scholar 

  18. Tan, Y., Gong, G., Zhu, B.: Enhanced criteria on differential uniformity and nonlinearity of cryptographically significant functions. Cryptogr. Commun. 8(2), 291–311 (2016). https://doi.org/10.1007/s12095-015-0141-x

    Article  MathSciNet  MATH  Google Scholar 

  19. Baksi, A., Bhasin, S., Breier, J., Khairallah, M., Peyrin, T., Sarkar, S., Sim, S.M.: DEFAULT: cipher level resistance against differential fault attack. In: IACR Cryptology ePrint Archive, vol. 712 (2021)

  20. Mesnager, S., Tang, C., Xiong, M.: On the boomerang uniformity of quadratic permutations. Des. Codes Cryptogr. 88(10), 2233–2246 (2020). https://doi.org/10.1007/s10623-020-00775-2

    Article  MathSciNet  MATH  Google Scholar 

  21. Mukhopadhyay, D.: Faultless to a fault? The case of threshold implementations of crypto-systems vs fault template attacks. In: IEEE/ACM International Conference on Computer Aided Design, ICCAD 2020. IEEE

  22. Kiddie, B.T., Robinson, W.H., Limbrick, D.B.: Single-event multiple-transient characterization and mitigation via alternative standard cell placement methods. ACM Trans. Des. Autom. Electr. Syst. 20(4), 60–16022 (2015). https://doi.org/10.1145/2740962

    Article  Google Scholar 

  23. Oldham, T.R., McLean, F.B.: Total ionizing dose effects in MOS oxides and devices. IEEE Trans. Nuclear Sci. 50(3), 483–499 (2003)

    Article  Google Scholar 

  24. Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) Advances in Cryptology—EUROCRYPT ’93. Springer

  25. Leander, G., Abdelraheem, M.A., AlKhzaimi, H., Zenner, E.: A cryptanalysis of printcipher: the invariant subspace attack. In: Rogaway, P. (ed.) Advances in Cryptology—CRYPTO 2011 (2011). Springer. https://doi.org/10.1007/978-3-642-22792-9_12

  26. Li, W., Liao, L., Gu, D., Li, C., Ge, C., Guo, Z., Liu, Y., Liu, Z.: Ciphertext-only fault analysis on the LED lightweight cryptosystem in the internet of things. IEEE Trans. Dependable Secur. Comput. 16(3), 454–461 (2019)

    Article  Google Scholar 

  27. Daemen, J., Rijmen, V.: The block cipher Rijndael. In: Quisquater, J., Schneier, B. (eds.) Smart Card Research and Applications, This International Conference, CARDIS ’98, Louvain-la-Neuve, Belgium, September 14–16, 1998, Proceedings (1998). Springer

  28. J.Boyar, Peralta, R.: A small depth-16 circuit for the AES s-box. In: Information Security and Privacy Research—27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, June 4–6, 2012. (2012). Springer

  29. Canright, D.: A very compact s-box for AES. In: Rao, J.R., Sunar, B. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2005 (2005). Springer. https://doi.org/10.1007/11545262_32

  30. Carré, S., Guilley, S., Rioul, O.: Persistent fault analysis with few encryptions. In: Bertoni, G.M., Regazzoni, F. (eds.) Constructive Side-Channel Analysis and Secure Design—11th International Workshop, COSADE 2020, Lugano, Switzerland, April 1–3, 2020, Revised Selected Papers. Lecture Notes in Computer Science, vol. 12244, pp. 3–24. Springer (2020). https://doi.org/10.1007/978-3-030-68773-1_1

  31. Blömer, J., Seifert, J.: Fault based cryptanalysis of the advanced encryption standard (AES). In: Wright, R.N. (ed.) Financial Cryptography, 7th International Conference, FC 2003, Guadeloupe, French West Indies, January 27–30, 2003, Revised Papers. Lecture Notes in Computer Science, vol. 2742, pp. 162–181 (2003). Springer. https://doi.org/10.1007/978-3-540-45126-6_12

  32. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2001, Third International Workshop, Paris, France, May 14–16, 2001, Proceedings (2001). Springer. https://doi.org/10.1007/3-540-44709-1_21

  33. Blömer, J., Guajardo, J., Krummel, V.: Provably secure masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) Selected Areas in Cryptography, 11th International Workshop, SAC 2004, Waterloo, Canada, August 9–10, 2004, Revised Selected Papers (2004). Springer. https://doi.org/10.1007/978-3-540-30564-4_5

  34. Golic, J.D., Tymen, C.: Multiplicative masking and power analysis of AES. In: Jr., B.S.K., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers (2002). Springer. https://doi.org/10.1007/3-540-36400-5_16

  35. Goubin, L., Patarin, J.: DES and differential power analysis (the “duplication” method). In: Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems, First International Workshop, CHES’99, Worcester, MA, USA, August 12–13, 1999, Proceedings (1999). Springer. https://doi.org/10.1007/3-540-48059-5_15

  36. Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) Information and Communications Security, 8th International Conference, ICICS 2006, Raleigh, NC, USA, December 4–7, 2006, Proceedings (2006). Springer. https://doi.org/10.1007/11935308_38

  37. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979). https://doi.org/10.1145/359168.359176

    Article  MathSciNet  MATH  Google Scholar 

  38. Desmedt, Y.: Some recent research aspects of threshold cryptography. In: Okamoto, E., Davida, G.I., Mambo, M. (eds.) Information Security, First International Workshop, ISW ’97, Tatsunokuchi, Japan, September 17–19, 1997, Proceedings. Lecture Notes in Computer Science, vol. 1396, pp. 158–173 (1997). Springer

  39. Yao, A.C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, USA, 3–5 November 1982, pp. 160–164 (1982). IEEE Computer Society

  40. Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds.) Progress in Cryptology - AFRICACRYPT 2014. Lecture Notes in Computer Science, vol. 8469, pp. 267–284 (2014). Springer. https://doi.org/10.1007/978-3-319-06734-6_17

  41. Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2005. Lecture Notes in Computer Science, vol. 3659, pp. 157–171 (2005). Springer. https://doi.org/10.1007/11545262_12

  42. Ghoshal, A., Cnudde, T.D.: Several masked implementations of the boyar-peralta AES s-box. In: Patra, A., Smart, N.P. (eds.) Progress in Cryptology—INDOCRYPT 2017. Lecture Notes in Computer Science, vol. 10698, pp. 384–402 (2017). Springer. https://doi.org/10.1007/978-3-319-71667-1_20

  43. Dobraunig, C., Eichlseder, M., Korak, T., Lomné, V., Mendel, F.: Statistical fault attacks on nonce-based authenticated encryption schemes. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 369–395 (2016). Springer

  44. Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçın, T.: Prince—a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) Advances in Cryptology—ASIACRYPT 2012, pp. 208–225. Springer, Berlin (2012)

    Chapter  Google Scholar 

  45. Joshi, P., Mazumdar, B.: Extpfa: extended persistent fault analysis for deeper rounds of bit permutation based ciphers with a case study on gift. In: Security. Privacy, and Applied Cryptography Engineering, pp. 101–122. Springer, Cham (2020)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Indore, Indore, India

    Priyanka Joshi & Bodhisatwa Mazumdar

Authors
  1. Priyanka Joshi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bodhisatwa Mazumdar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Priyanka Joshi.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Joshi, P., Mazumdar, B. SPSA: Semi-Permanent Stuck-At fault analysis of AES Rijndael SBox. J Cryptogr Eng 13, 201–222 (2023). https://doi.org/10.1007/s13389-022-00301-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-022-00301-1

Keywords

Search

Navigation