点击次数：

所属单位：电子信息工程学院

发表刊物：IET Circuits Devices Syst.

摘要：One of the well-known physical attacks, i.e. differential fault analysis (DFA), can break the secret key of cryptographic device by using differential information between faulty and correct ciphertexts. Here, the authors propose a random 2-byte fault model, present a novel DFA on AES key schedule, and show how an entire AES-128 key can be cracked by using two pairs of faulty and correct ciphertexts. By inducing a random 2-byte fault in the first column of 9th round key with discontiguous rows, the authors can obtain 64 bits of AES-128 key using one pair of faulty and correct ciphertexts, two pairs of them can retrieve the entire 128-bit key without exhaustive search. The authors implement the proposed attack on HP Intel(R) Core i5-7300HQ Quad-Core 2.5&acirc;&euro;.GHz CPU, 8G RAM. It takes <2&acirc;&euro;.min on average to break the key. Considering the number of faulty ciphertexts, fault-induced depth, and fault model, authors' attack is the most efficient DFA as compared to existing schemes on AES-128 key schedule. &copy; 2019 IET Circuits, Devices and Systems. All rights reserved.

ISSN号：1751-858X

是否译文：否

发表时间：2019-08-01

合写作者：Zhang, Jinbao,Li, Jianhua,周芳

通讯作者：吴宁