Differential Fault Analysis on AES Variants - PowerPoint Presentation

1. Differential Fault Analysis on AES VariantsKazuo Sakiyama, Yang LiThe University of Electro-Communications2012-8-29 @ Nagoya, Japan

2. ContentsBackgroundPhysical Attacks and Differential Fault AnalysisAdvanced Encryption StandardFault Model in this discussion1-byte random fault in known byte positionDFA Attack on AES VariantsDFA on AES-128 with 1 fault injection DFA on AES-192 with 3/2 fault injections DFA on AES-256 with 3/2 fault injectionsChallenge to be practically feasibleConclusion

3. Cryptanalytic AttacksMathematical ApproachPhysical Approach Keep the proposed attack feasible 3 =?Physical Information ChannelsInputOutputCryptographic device(Secret key inside)InputOutput =?InputOutput

4. Classification of Physical AttacksDirection of information channel4 =?Cryptographic device(Secret key inside)InputOutputPassive AttacksActive AttacksInput, Output KnownNon-Invasive Passive Attacks(Side-Channel Analysis)Time, Power Consumption,Electromagnetic RadiationNon-Invasive Active Attacks(Fault Analysis)Inject computational faults

5. Differential Fault Analysis (DFA) on AES EncryptionDFA (Most discussed fault analysis)Attack Procedures 5PAES AESC’CII’IΔI = I I’ C’CKey Guess: KgAES DecryptionAES DecryptionKg-based Correct Intermediate Value: IgKg-based FaultyIntermediate Value: I’gΔIgΔIMatch?PFault Model: Space of ΔIe.g. 1-byte random fault at a known byte position

6. Advanced Encryption StandardSubstitution permutation network Symmetric algorithm128-bit input block3 versions 128-bit key (10 Rounds)192-bit key (12 Rounds)256-bit key (14 Rounds)SBSRMCAKAES Round Operation

7. AES Key ScheduleFK0K1… …K10AES-128FK0… …K12AES-192K1K2

8. AES Key ScheduleF… …K13AES-256SubWordK0K1K3K2K14

9. Fault Model in this presentationFault model: 1-byte random fault modelRandom faulty value at a known byte position 1 S-box calculation has a faulty resultFault injection based on setup-time violationClock glitchLess time for a certain clock cycle (round operation)

10. DFA attacks on AES VariantsThe minimal times of fault injections but still within a practical key recovery complexity DFA on AES-128 with 1 fault injectionCHES03, Africa09, WISTP11DFA on AES-192 with 3 fault injectionsFDTC11DFA on AES-256 with 3 fault injectionsFDTC11DFA on AES-192 with 2 fault injectionsImproved a little from FDTC11DFA on AES-256 with 2 fault injectionsIEEE Trans. on Info. F&S

11. DFA on AES-128SB8SR8MC8AK8SB93412SR93412MC91423142314231423AK9SB10SR10AK10142314231423142314231423142314233241213414234312CC’2-82322823228232282322821282820Without considering K9, we can reduce K10 space to 232

12. DFA Attacks on AES-192 (simple attack, 3 faults) SB9SR9MC9AK9SB10SR10MC10AK10SB11SR11MC11AK11SB12SR12AK12C1C1’SB9SR9MC9AK9SB10SR10MC10AK10SB11SR11MC11AK11SB12SR12AK12C2C2’SB9SR9MC9AK9SB10SR10MC10AK10SB11SR11MC11AK11SB12SR12AK12C3C3’Identify K12 first using (C1,C1’) and (C1,C2’), then recover K11

13. DFA Attacks on AES-256 (simple attack, 3 faults) SB11SR11MC11AK11SB12SR12MC12AK12SB13SR13MC13AK13SB14SR14AK14C1C1’SB11SR11MC11AK11SB12SR12MC12AK12SB13SR13MC13AK13SB14SR14AK14C3C3’SB11SR11MC11AK11SB12SR12MC12AK12SB13SR13MC13AK13SB14SR14AK14C2C2’Identify K14 first using (C1,C1’) and (C1,C2’), then recover K13

14. Space of KgMaybe 2 faults are enough for AES-192 and AES-256C’CKey Guess: KgAES DecryptionAES DecryptionKg-based Correct Intermediate Value: IgKg-based FaultyIntermediate Value: I’gΔIgΔIMatch?Space of ΔISatisfy zero-difference bytesin intermediate statusAES 128: 128-bit  8-bit AES 192: 192-bit  72-bit  0 bitAES 256: 256-bit  136-bit  16-bitKeep the proposed attack feasible!

15. DFA Attacks on AES-192 (2 faults) SB9SR9MC9AK9SB10SR10MC10AK10SB11SR11MC11AK11SB12SR12AK12C1C1’SB9SR9MC9AK9SB10SR10MC10AK10SB11SR11MC11AK11SB12SR12AK12C2C2’Restrict K12 to 232

16. Some property for AES-192 key ScheduleFK10K12AES-192K11For AES-192:K12left 2 columns of K11K12right 1 column of K10

17. DFA Attacks on AES-192 (2 faults) SB9SR9MC9AK9SB10SR10MC10AK10SB11SR11MC11AK11SB12SR12AK12C1C1’SB9SR9MC9AK9SB10SR10MC10AK10SB11SR11MC11AK11SB12SR12AK12C2C2’Restrict K12 to 232Given a K12 candidate, leftmost 2 columns of K11 is fixed, we have 5 more 2-8 conditions to satisfy. So we can identify K12Identify the rest of K11SB11SR11MC11AK11MC10AK10SB11SR11MC11AK11MC10AK10

18. DFA Attacks on AES-256 (2 faults) Restrict K14 to 232SB11SR11MC11AK11SB12SR12MC12AK12SB13SR13MC13AK13SB14SR14AK14C2C2’SB11SR11MC11AK11SB12SR12MC12AK12SB13SR13MC13AK13SB14SR14AK14C1C1’

19. AES S-box Differential TableFor an AES S-box, given a pair of input/output difference, this difference exists with probability of about ½. If this difference pair exist, one can find 2 pairs of solution.Given N pairs of input/output difference, we can expect N real value solutions Used in the inbound of Rebound AttackOutbound Inbound Outbound

20. Some property for AES-256 key ScheduleFAES-256K12K13K14For AES-256:K12right 3 columns of K12

21. DFA Attacks on AES-256 (2 faults) Restrict K14 to 232Pick up a K14, calculate the difference at SB13out, and restrict real values in each column to 28 Then we know the rightmost 3 columns of K12, calculate the blue bytes in SB12in, check 2 conditions of 2-8. Space of SB13out is reduced to 216. Then K13 is reduced to 216(Complexity about 248, key recovery using FPGA takes 8 days to finish) MC12AK12SB13SR13SB11SR11MC11AK11SB12SR12MC12AK12SB13SR13MC13AK13SB14SR14AK14C2C2’SB11SR11MC11AK11SB12SR12MC12AK12SB13SR13MC13AK13SB14SR14AK14C1C1’MC12AK12SB13SR13SR12SB12AK11MC11

22. ConclusionIn side-channel attacks especially fault analysis, cryptanalysis techniques can help.For AES-256, DFA attack with two 1-byte random faults at known position are feasible for strong attackersCan we make DFA with unknown positions faults feasible?

23. Thank you for your attentions!