In recent studies, a fault analysis method, called persistent fault analysis (PFA), is proposed for cracking block ciphers. Unlike widely used differential fault analysis methods, PFA does not require correct cihpertexts and precise time control of fault injection. The existing PFA methods mainly assume single fault, i.e., the fault injection process induces a single fault in the target cipher devices. However, the existing low-cost fault injection attack (FIA) techniques, such as clock glitch injection and electromagnetic pulse (EMP) injection usually induce multiple faults per injection. Given multiple faults, the existing PFA methods are either not applicable or faced with high computational complexity in practice. In this article, a new PFA method, called MPFA, is proposed for multiple persistent faults, which reduces both the computational complexity and the required ciphertexts. MPFA can be applied to the ciphertexts-only attack scenario, where all fault positions, fault values, and fault quantity are unknown. The experiments show that compared to the existing PFA methods, the MPFA method reduces the required ciphertexts for cracking AES by at least 57.5% and reduces the computational complexity <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$NF^{16}$ </tex-math></inline-formula> times for <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$NF$ </tex-math></inline-formula> faults. The proposed MPFA is also evaluated on the block ciphers LED and PRINCE. Moreover, a real EMP FIA is carried out and the key of AES-128 is successfully cracked by the MPFA method, demonstrating its validity and efficiency.
Read full abstract