FUNDAE: Fault Template Attack on SUNDAE-GIFT AEAD Scheme

Fault Attacks (FA) have garnered a lot of attention from industry and academic research due to their practical and wide impact. In the framework of symmetric key cryptography, designing countermeasures against fault attacks is still an open problem with recent developments of advanced fault injection techniques. Recently proposed Fault Template Attack (FTA) has shown that without access to any ciphertext of a crypto execution, an adversary can still recover the secret key just by knowing if the computation is faulty or not. Additionally, usage of Authenticated Encryption with Associated Data (AEAD), a kind of symmetric-key operating mode, has gained momentum and become the standard for secret key communications. In this work, we first show how an adversary can very efficiently launch FTA using a combination of the right fault model and proper selection of an encryption block in AEAD operation, where we could recover full master key using 25 percent less fault requirements when compared to classical fault template attack. Then we propose a generic area redundant countermeasure scheme to thwart FTA in AEADs, where our countermeasure enabled circuit occupied only 16 percent additional area than unprotected circuit. We use SUNDAE-GIFT as the benchmark circuit for all our experiments.