Differential fault attack (DFA) is a distinctive methodology for acquiring the key to block ciphers, which comprises two distinct strategies: DFA on the state and DFA on the key schedule. Given the widespread adoption of the Advanced Encryption Standard (AES), it has emerged as a prominent target for DFA. This paper presents an efficient DFA on the AES, utilizing a two−byte fault model that induces faults at the state with discontiguous rows. The experiment demonstrates that, based on the proposed fault model, the key for AES–128, AES–192, and AES–256 can be successfully recovered by exploiting two, two, and four faults, respectively, without the need for exhaustive research. Notably, in the case of AES–256, when considering exhaustive research, two (or three) faults are needed with 232 (or 216) exhaustive searches. In comparison to the currently available DFA on the AES state, the proposed attack method shows a higher efficiency due to the reduced induced faults.
Read full abstract