Abstract
One of the well-known physical attacks, i.e. differential fault analysis (DFA), can break the secret key of cryptographic device by using differential information between faulty and correct ciphertexts. Here, the authors propose a random 2-byte fault model, present a novel DFA on AES key schedule, and show how an entire AES-128 key can be cracked by using two pairs of faulty and correct ciphertexts. By inducing a random 2-byte fault in the first column of 9th round key with discontiguous rows, the authors can obtain 64 bits of AES-128 key using one pair of faulty and correct ciphertexts, two pairs of them can retrieve the entire 128-bit key without exhaustive search. The authors implement the proposed attack on HP Intel(R) Core i5-7300HQ Quad-Core 2.5 GHz CPU, 8G RAM. It takes <2 min on average to break the key. Considering the number of faulty ciphertexts, fault-induced depth, and fault model, authors’ attack is the most efficient DFA as compared to existing schemes on AES-128 key schedule.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
