Fault Analysis on AES: A Property-Based Verification Perspective

IF 5.2 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Tsinghua Science and Technology Pub Date : 2023-09-22 DOI:10.26599/TST.2023.9010035

Xiaojie Dai;Xingxin Wang;Xue Qu;Baolei Mao;Wei Hu

{"title":"Fault Analysis on AES: A Property-Based Verification Perspective","authors":"Xiaojie Dai;Xingxin Wang;Xue Qu;Baolei Mao;Wei Hu","doi":"10.26599/TST.2023.9010035","DOIUrl":null,"url":null,"abstract":"Fault analysis is a frequently used side-channel attack for cryptanalysis. However, existing fault attack methods usually involve complex fault fusion analysis or computation-intensive statistical analysis of massive fault traces. In this work, we take a property-based formal verification approach to fault analysis. We derive fine-grained formal models for automatic fault propagation and fusion, which establish a mathematical foundation for precise measurement and formal reasoning of fault effects. We extract the correlations in fault effects in order to create properties for fault verification. We further propose a method for key recovery, by formally checking when the extracted properties can be satisfied with partial keys as the search variables. Experimental results using both unprotected and masked advanced encryption standard (AES) implementations show that our method has a key search complexity of 2\n<sup>16</sup>\n, which only requires two correct and faulty ciphertext pairs to determine the secret key, and does not assume knowledge about fault location or pattern.","PeriodicalId":60306,"journal":{"name":"Tsinghua Science and Technology","volume":"29 2","pages":"576-588"},"PeriodicalIF":5.2000,"publicationDate":"2023-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/iel7/5971803/10258149/10258165.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Tsinghua Science and Technology","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10258165/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Fault analysis is a frequently used side-channel attack for cryptanalysis. However, existing fault attack methods usually involve complex fault fusion analysis or computation-intensive statistical analysis of massive fault traces. In this work, we take a property-based formal verification approach to fault analysis. We derive fine-grained formal models for automatic fault propagation and fusion, which establish a mathematical foundation for precise measurement and formal reasoning of fault effects. We extract the correlations in fault effects in order to create properties for fault verification. We further propose a method for key recovery, by formally checking when the extracted properties can be satisfied with partial keys as the search variables. Experimental results using both unprotected and masked advanced encryption standard (AES) implementations show that our method has a key search complexity of 2 ¹⁶ , which only requires two correct and faulty ciphertext pairs to determine the secret key, and does not assume knowledge about fault location or pattern.

查看原文本刊更多论文

AES的故障分析：基于属性的验证视角

故障分析是密码分析中经常使用的侧信道攻击。然而，现有的故障攻击方法通常涉及复杂的故障融合分析或大规模故障痕迹的计算密集型统计分析。在这项工作中，我们采用了一种基于属性的形式化验证方法来进行故障分析。我们推导了用于自动故障传播和融合的细粒度形式化模型，为故障影响的精确测量和形式化推理奠定了数学基础。我们提取故障效应中的相关性，以便创建用于故障验证的属性。我们进一步提出了一种密钥恢复方法，通过形式化检查何时可以用部分密钥作为搜索变量来满足提取的属性。使用未保护和屏蔽的高级加密标准（AES）实现的实验结果表明，我们的方法具有216的密钥搜索复杂度，只需要两个正确和错误的密文对来确定密钥，并且不假设知道故障位置或模式。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Tsinghua Science and Technology

CiteScore

12.10

自引率

0.00%

发文量

2340