We explain how a differential fault analysis (DFA) works on AES 128, 192 or 256 bits.

Characterization of all possible faults in a cryptosystem exploitable for fault attacks is a problem which is of both theoretical and practical interest for the cryptographic community. The complete knowledge of exploitable fault space is desirable while designing optimal countermeasures for any given crypto-implementation. In this paper, we address the exploitable fault characterization proble...

Commercial ventures and financial institutions have proposed and are relying upon smartcards and other security processors as a method for storing and transacting electronic currency. As users begin to accept electronic wallets as a viable option for storing their assets, the security community has placed these devices under closer scrutiny. The idea of using computational faults to break tampe...

Differential Fault Analysis (DFA) finds the key of a block cipher using differential information between correct and faulty ciphertexts obtained by inducing faults during the computation of ciphertexts. Among many ciphers AES has been the main target of DFA due to its popularity. DFA of AES has also been diversified into several directions: reducing the required number of faults, applying it to...

Differential Fault Analysis against AES has been actively studied these years. Based on similar assumptions of the fault injection, different DFA attacks against AES have been proposed. However, it is difficult to understand how different attack results are obtained for the same fault injection. It is also difficult to understand the relationship between similar assumptions of fault injection a...

This paper examines the strength of CLEFIA against multiple bytes differential fault attack. Firstly, it presents the principle of CLEFIA algorithm and differential fault analysis; then, according to injecting faults into the r,r1,r-2 CLEFIA round three conditions, proposes three fault models and corresponding analysis methods; finally, all of the fault model and analysis methods above have bee...

Recently [1], Biham and Shamir announced an attack (Differential Fault Analysis, DFA for short) that recovers keys of arbitrary cryptosystems in polynomial (quadratic) complexity. In this paper, we show that under slightly modified assumptions, DFA is not polynomial and would simply result in the loss of some key-bits. Additionally, we prove the existence of cryptosystems on which DFA cannot re...