1 Francesco Regazzoni, UCL Crypto Group, Université catholique de Louvain, B-1348 Louvain-la-Neuve, Belgium and ALaRI University of Lugano, CH-6904 Lugano, Switzerland 2 Luca Breveglieri, DEI Politecnico di Milano, 20133 Milano, Italy 3 Paolo Ienne, École Polytechnique Fédérale de Lausanne (EPFL) School of Computer and Communication Sciences CH-1015 Lausanne, Switzerland 4 Israel Koren, Univers...

In this paper several attacks are presented that allow information to be derived on faults injected at the beginning of cryptographic algorithm implementations that use Boolean masking to defend against Differential Power Analysis (DPA). These attacks target the initialisation functions that are used to enable the algorithm to be protected, allowing a fault attack even in the presence of round ...

In this paper we present an enhanced Differential Fault Attack that can be applied to the AES using a single fault. We demonstrate that when a single random byte fault is induced that affects the input of the eighth round, the AES key can be deduced using a two stage algorithm. The first step, would be expected to reduce the possible key hypotheses to 2, and the second step to a mere 2. Further...

Project co-funded by the European Commission within the 6th Framework Programme Dissemination Level PU Public X PP Restricted to other programme participants (including the Commission services) RE Restricted to a group specified by the consortium (including the Commission services) CO Confidential, only for members of the consortium (including the Commission services) The information in this do...

In this paper we present a differential fault attack that can be applied to the AES using a single fault. We demonstrate that when a single random byte fault is induced at the input of the eighth round, the AES key can be deduced using a two stage algorithm. The first step has a statistical expectation of reducing the possible key hypotheses to 2, and the second step to a mere 2.

This paper presents a new and more realistic model for fault attacks and statistical and algebraic techniques to improve fault analysis in general. Our algebraic techniques is an adapted solver for systems of equations based on ElimLin and XSL. We use these techniques to introduce two new fault attacks on the hardware oriented block cipher Katan32 from the Katan family of block ciphers. We are ...

This paper will attempt to explain some of the side-channel attack techniques in a fashion that is easily comprehensible by the layman. What follows is a presentation of three different attacks (power, timing and fault attacks) that can be carried out on cryptographic devices such as smart-cards. For each of the three attacks covered, a puzzle and it‘s solution will be given, which will act as ...

In this paper we analyze practical aspects of the differential fault attack on RSA published by Boneh, Demillo and Lipton from Bellcore. We focus on the CRT variant, which requires only one faulty signature to be entirely broken provided that no DFA countermeasures are in use. Usually the easiest approach for the attacker is to introduce a fault in one of the two RSA-CRT exponentiations. These ...

In this paper we present a speed up of the existing fault attack [2] on the Advanced Encryption Standard (AES) using single faulty cipher. The paper suggests a parallelization technique to reduce the complexity of the attack from 2 to 2.