This paper introduces Multi-Stage Fault Attacks, which allow Differential Fault Analysis of block ciphers having independent subkeys. Besides the specification of an algorithm implementing the technique, we show concrete applications to LED-128 and PRINCE and demonstrate that in both cases approximately 3 to 4 fault-injections are enough to reconstruct the full 128-bit key. Keywords-cryptanalys...

After attacking the RSA by injecting fault and corresponding countermeasures, works appear now about the need for protecting RSA public elements against fault attacks. We provide here an extension of a recent attack [BCG08] based on the public modulus corruption. The difficulty to decompose the ”Left-To-Right” exponentiation into partial multiplications is overcome by modifying the public modul...

General fault attacks on multivariate public key cryptosystems

In this paper, we propose a new technique for Square Differential Fault Analysis (DFA) against AES that can recover a secret key even with a large number of noisy fault injections, while the previous approaches of the Square DFA cannot work with noise. This makes the attack more realistic because assuming the 100% accuracy of obtaining intended fault injections is usually impossible. Our succes...

Recently, various studies of attack methods of round reduction differential fault analysis (DFA) using fault injection in block cipher-implemented microcontrollers have been reported. However, few studies have focused on the quantitative evaluation method of round reduction DFA vulnerability using detailed fault injection timing dependency of attack success rate. This is required to improve mic...

Seifert recently described a new fault attack against an implementation of RSA signature verification. Here we give a simplified analysis of Seifert’s attack and gauge its practicality against RSA moduli of practical sizes. We suggest an improvement to Seifert’s attack which has the following consequences: if an adversary is able to cause random faults in only 4 bits of a 1024-bit RSA modulus s...

This article considers the use of magnetic pulses to inject transient faults into the calculations of a RISC micro-controller running the AES algorithm. A magnetic coil is used to generate the pulses. It induces computational faults without any physical contact with the device. The injected faults are proved to be constant (i.e. data independent) under certain experimental conditions. This beha...

LEX is a stream cipher based on the round transformation of the AES block cipher, and it was selected for the final phase evaluation of the eSTREAM project. LEX is 2.5 times faster than AES both in software and in hardware. In this paper, we present a differential fault attack on LEX. The fault model assumes that the attacker is able to flip a random bit of the internal state of the cipher but ...

Trivium is a hardware-oriented stream cipher designed in 2005 by de Cannière and Preneel for the European project eStream, and it has successfully passed the first and the second phase of this project. Its design has a simple and elegant structure. Although Trivium has attached a lot of interest, it remains unbroken. In this paper we present differential fault analysis of Trivium and propose tw...

Sosemanuk is a software-based stream cipher which supports a variable key length of either 128 or 256 bits and 128-bit initial values. It has passed all three stages of the ECRYPT stream cipher project and is a member of the eSTREAM software portfolio. In this paper, we present a fault analysis attack on Sosemanuk. The fault model in which we analyze the cipher is the one in which the attacker ...