A method for fault recognition in the last three rounds of Advanced Encryption Standard

Abstract

A large number of studies are there for Advanced Encryption Standard (AES) fault attack analysis, but less for fault recognition. This paper presents a recognition method for single-byte fault which is induced in the last three rounds of AES. Studying the differential characteristics of Sbox, the single byte fault induced in ninth round or tenth round will be identified respectively with 9.3 and 9.1 ciphertexts. For the fault induced in eighth round, the fault value can be obtained with 188.5 ciphertexts by analyzing the differential features of two Sboxes and MixColumns. As an auxiliary means for fault attacks, this method is used to realize the byte or bit level physical positioning of confidential data in the encryption chip, which is beneficial to reduce the blindness of the attacker's experiments and obtain the sensitive area of fault attack.