Fault-Injection Based Chosen-Plaintext Attacks on Multicycle AES Implementations

Hardware implementations of cryptographic algorithms offer significantly higher throughput on both encryption and decryption than their software counterparts. Advanced Encryption Standard (AES) is a widely used symmetric block cipher for data encryption. The most commonly used architecture for AES hardware implementations is the multicycle design, where each round uses the same hardware resource multiple times to increase area efficiency. In this paper, we successfully decouple the interdependency of multiple key bytes from the AES encryption. Thus, we solve each key byte separately with an overall attack complexity in O(28). Moreover, we uniquely determine each key byte through a chosen set of three plaintext-ciphertext pairs. We propose two novel chosen-plaintext attacks on multicycle AES implementations. Both attacks can eliminate the key diffusion from the MixColumns and Key Schedule modules. The first attack takes advantage of vulnerable AES implementations where an adversary can observe the output of each round. The second attack is based on fault injection, where a single fault on the completion-indicator register is sufficient to launch the attack. Because no faults are injected in the internal computations of AES, the current fault detection mechanisms are bypassed as no intermediate result has been altered. Lastly, we explore the theoretical aspect for the inherent property of our attacks.