{"title":"从AES-128到AES-192和AES-256,如何适应密钥扩展的差分故障分析攻击","authors":"Noémie Floissac, Yann L'Hyver","doi":"10.1109/FDTC.2011.15","DOIUrl":null,"url":null,"abstract":"Since its announcement, AES has been subject to different DFA attacks. Most of these attacks target the AES with 128-bit key. However, the two other variants are nowadays deployed in various applications and are also submitted to the same attack path. In this paper, we adapt DFA techniques originally used on AES-128 in order to retrieve the whole keys of AES-192 and AES-256. The two main kinds of injection localization have been analyzed: faults during cipher and during Key Expansion computations. Analysis of this last case highlights different fault diffusion problems requiring to be solved to exploit the differential faults. Finally, we propose the first attack on AES-192 and AES-256 on Key Expansion. This attack leads finding the whole initial key with 16 fault injections in both cases.","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":"{\"title\":\"From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks on Key Expansion\",\"authors\":\"Noémie Floissac, Yann L'Hyver\",\"doi\":\"10.1109/FDTC.2011.15\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Since its announcement, AES has been subject to different DFA attacks. Most of these attacks target the AES with 128-bit key. However, the two other variants are nowadays deployed in various applications and are also submitted to the same attack path. In this paper, we adapt DFA techniques originally used on AES-128 in order to retrieve the whole keys of AES-192 and AES-256. The two main kinds of injection localization have been analyzed: faults during cipher and during Key Expansion computations. Analysis of this last case highlights different fault diffusion problems requiring to be solved to exploit the differential faults. Finally, we propose the first attack on AES-192 and AES-256 on Key Expansion. This attack leads finding the whole initial key with 16 fault injections in both cases.\",\"PeriodicalId\":150423,\"journal\":{\"name\":\"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-09-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"38\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FDTC.2011.15\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FDTC.2011.15","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks on Key Expansion
Since its announcement, AES has been subject to different DFA attacks. Most of these attacks target the AES with 128-bit key. However, the two other variants are nowadays deployed in various applications and are also submitted to the same attack path. In this paper, we adapt DFA techniques originally used on AES-128 in order to retrieve the whole keys of AES-192 and AES-256. The two main kinds of injection localization have been analyzed: faults during cipher and during Key Expansion computations. Analysis of this last case highlights different fault diffusion problems requiring to be solved to exploit the differential faults. Finally, we propose the first attack on AES-192 and AES-256 on Key Expansion. This attack leads finding the whole initial key with 16 fault injections in both cases.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
