differential analysis of round reduced aes faulty
play

Differential Analysis of Round-Reduced AES Faulty Ciphertexts - PowerPoint PPT Presentation

Nov 11, 2022 •436 likes •591 views

DFT 2013 Differential Analysis of Round-Reduced AES Faulty Ciphertexts Amir-Pasha Mirbaha Jean-Max Dutertre Assia Tria Outline Introduction State-of-the-art of the Round Reduction Analysis Theory of our attacks and the realizations

  1. DFT 2013 Differential Analysis of Round-Reduced AES Faulty Ciphertexts Amir-Pasha Mirbaha Jean-Max Dutertre Assia Tria

  2. Outline • Introduction • State-of-the-art of the Round Reduction Analysis • Theory of our attacks and the realizations • Summary and conclusion 2

  3. Introduction AES-128 • is a widely-used symmetric encryption algorithm • includes 10 rounds (after a short initial round) • uses a 128-bit key K and ten derived round keys 3

  4. Problem • Many symmetric cryptographic algorithms are based on the iteration of identical transformation sequences (rounds). • A significant part of these algorithms’ strength against cryptanalysis is based on their iterated rounds. • How much the round reduction attacks are realistic and threatening? Context: Laser fault injection on an unprotected 8-bit 16 MHz 0.35 µ m microcontroller with an embedded AES 4

  5. Fault Injection Means K ¡ Vcc 0 5

  6. Round Reduction Analysis A Round Reduction is an attack for skipping one or several iterative rounds due to a fault injection. A Round Reduction Analysis is a technique for finding the secret key. The technique compares a round-reduced ciphertext to a corresponding reference value (e.g. the corresponnding plaintext or the correct ciphertext). 6

  7. The State-of-the-Art of RRA Three RRA on AES are reported since 2005: They resort to the DFA (Differential Fault Analysis) and use the corresponding plaintext or ciphertext as the reference. • Is there any other potential RR attack and analysis? • Does protecting the two first and the two last rounds suffice to disable the RRA threats? 7

  8. Attack Scenarios R max is a variable in order to select between 128, 192 and 256 versions 8

  9. A General RRA • In theory, two corresponding round-reduced encryptions which differ in only one round may be analyzed in order to reveal the key. The differential analysis requires two texts. • In practice, the analysis is feasible when the Rmax is targeted. However, when the fault is injected into the RC , the encryption includes invalid round key values. Thus, two corresponding round-reduced encryptions which differ in two rounds are needed in order to reveal the key. 9

  10. A General RRA Because, the fault increases the RC to higher than the Rmax value. Thus, the algorithm searches for the invalid key values in the memory. For instance: 10

  11. MicroPackS Laser Bench 11

  12. Summary 12

  13. Conclusion • RR attacks are more realistic and more threatening than what they are usually considered on the unprotected circuit. • They can be carried out at any round by targeting the round- controlling values. • Protecting only the two first and the two last rounds does not suffice to disable the RRA threats. • In this study, we reported our improvement for one former technique and we realized 3 new attacks. 13

  14. Thank you for your attention assia.tria@cea.fr 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Truncated Differential Analysis of Reduced-Round LBlock Sareh Emami, Cameron McDonald, Josef

Truncated Differential Analysis of Reduced-Round LBlock Sareh Emami, Cameron McDonald, Josef

Truncated Differential Analysis of Reduced-Round LBlock Sareh Emami, Cameron McDonald, Josef Pieprzyk and Ron Steinfeld Joint work between Macquarie University , Qualcomm Inc. Australia and Monash University CANS 2013, Paraty, Brazil Outline

429 views • 30 slides
Practical Analysis of Reduced-Round K ECCAK Mar a Naya-Plasencia, Andrea R ock and Willi

Practical Analysis of Reduced-Round K ECCAK Mar a Naya-Plasencia, Andrea R ock and Willi

Practical Analysis of Reduced-Round K ECCAK Mar a Naya-Plasencia, Andrea R ock and Willi Meier Indocrypt 2011 1 / 28 Overview Sponge construction and K ECCAK Previous analysis results Differentials in K ECCAK Differential

311 views • 28 slides
New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 ,

New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 ,

New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 , Leibo Li 2 , Dawu Gu 1 , Xiaoyun Wang 2,3 , Zhiqiang Liu 1 , Jiazhe Chen 2 , Wei Li 4 1. Shanghai Jiao Tong University, 2. Shangdong University 3.

472 views • 25 slides
Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced

Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced

Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced AES Lorenzo Grassi, IAIK, TU Graz (Austria) March, 2019 www.iaik.tugraz.at Motivation At Eurocrypt 2017, the first secret-key distinguisher for

576 views • 42 slides
Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and Memory Complexities Orr Dunkelman Achiya Bar-On Eyal Ronen Nathan Keller Adi Shamir AES AES is the best known and most widely used secret

863 views • 58 slides
Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations

Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations

Description of PRINT CIPHER Differential Cryptanalysis Computing roots of permutations Summary Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations Mohamed Abdelraheem, Gregor Leander and Erik Zenner DTU

639 views • 21 slides
Multiple Differential Cryptanalysis of Round-Reduced Prince Anne Canteaut 1 , Thomas Fuhr 2 ,

Multiple Differential Cryptanalysis of Round-Reduced Prince Anne Canteaut 1 , Thomas Fuhr 2 ,

Multiple Differential Cryptanalysis of Round-Reduced Prince Anne Canteaut 1 , Thomas Fuhr 2 , Henri Gilbert 2 , Mara Naya-Plasencia 1 , Jean-Ren Reinhard 2 1 INRIA, France 2 ANSSI, France FSE 2014 - March 5, 2014 Canteaut, Fuhr, Gilbert,

507 views • 35 slides
Differential Cryptanalysis of Round-Reduced Simon and Speck Farzaneh Abed Eik List Stefan Lucks

Differential Cryptanalysis of Round-Reduced Simon and Speck Farzaneh Abed Eik List Stefan Lucks

Differential Cryptanalysis of Round-Reduced Simon and Speck Farzaneh Abed Eik List Stefan Lucks Jakob Wenzel Bauhaus-Universitt Weimar FSE 2014 March 27, 2014 March 27, 2014 Agenda Motivation Simon and Speck Our Method Results

533 views • 31 slides
Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Introduction Demirci and Sel cuk Attack Differential Enumeration Technique Conclusion Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez 1 Pierre-Alain Fouque 1 , 2 Ecole Normale Sup

1.25k views • 60 slides
Reduced Basis Collocation Methods for Partial Differential Equations with Random Coefficients

Reduced Basis Collocation Methods for Partial Differential Equations with Random Coefficients

Preliminary: Spectral Methods for PDEs with Uncertain Coefficients Reduced Basis Methods Reduced Basis + Sparse Grid Collocation Iterative Solution of Reduced Problem Concluding Remarks Reduced Basis Collocation Methods for Partial Differential

476 views • 43 slides
/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of SKINNY Zero-Correlation Linear Cryptanalysis of SKINNY MILP model for SKINNY64 cipher Using MILP in Impossible differential

420 views • 31 slides
Differential Cryptanalysis The first method which reduced the complexity of attacking DES below

Differential Cryptanalysis The first method which reduced the complexity of attacking DES below

Differential Cryptanalysis The first method which reduced the complexity of attacking DES below (half of) exhaustive search. Differential Cryptanalysis Note : In all the following discussion we ignore the existence of the initial and the final

330 views • 8 slides
Cryptanalysis of Round-Reduced LED Ivica Nikoli, Lei Wang and Shuang Wu FSE 2013 Singapore

Cryptanalysis of Round-Reduced LED Ivica Nikoli, Lei Wang and Shuang Wu FSE 2013 Singapore

Cryptanalysis of Round-Reduced LED Ivica Nikoli, Lei Wang and Shuang Wu FSE 2013 Singapore March 11, 2013 1 Outline Backgrounds Specification Previous Analysis Slidex Attack Application Multicollision Application

744 views • 42 slides
Branching Heuristics in Differential Collision Search: Application to SHA-512 Maria Eichlseder

Branching Heuristics in Differential Collision Search: Application to SHA-512 Maria Eichlseder

Branching Heuristics in Differential Collision Search: Application to SHA-512 Maria Eichlseder Florian Mendel Martin Schl affer IAIK, Graz University of Technology, Austria FSE 2014 Practical Collisions for Round-Reduced Hash Functions

602 views • 23 slides
Von Neumann stability analysis In numerical algorithms for differential equations the concern is

Von Neumann stability analysis In numerical algorithms for differential equations the concern is

Von Neumann stability analysis In numerical algorithms for differential equations the concern is the growth of round-off errors and/or initially small fluctuations in initial data which might cause a large deviation of final answers from the

763 views • 6 slides
Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X.

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X.

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X. Standaert , J.-J. Quisquater UCL Crypto Group Microelectronics Laboratory Catholic University of Louvain - UCL Belgium FSE 2008 Collard B. (UCL

448 views • 33 slides
Fault Sensitivity Analysis Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Kazuo Ohta The University

Fault Sensitivity Analysis Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Kazuo Ohta The University

Fault Sensitivity Analysis Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Kazuo Ohta The University of Electro-Communications liyang@ice.uec.ac.jp Toshinori Fukunaga, Junko Takahashi NTT Information Sharing Platform Laboratories 19 Aug 2010 CHES

2.17k views • 28 slides
Differential Fault Analysis of Trivium Michal Hojsk 1 , 3 and Bohuslav Rudolf 2 , 3 1The Selmer

Differential Fault Analysis of Trivium Michal Hojsk 1 , 3 and Bohuslav Rudolf 2 , 3 1The Selmer

Differential Fault Analysis of Trivium Michal Hojsk 1 , 3 and Bohuslav Rudolf 2 , 3 1The Selmer Center, University of Bergen, Norway 2National Security Authority, Czech Republic 3Department of Algebra, Charles University in Prague, Czech

390 views • 19 slides
A study of microjets Fr ed eric Dreyer work in progress with Gavin Salam, Matteo Cacciari,

A study of microjets Fr ed eric Dreyer work in progress with Gavin Salam, Matteo Cacciari,

A study of microjets Fr ed eric Dreyer work in progress with Gavin Salam, Matteo Cacciari, Mrinal Dasgupta & Gregory Soyez eorique et Hautes Laboratoire de Physique Th Energies LHCPhenoNet Paris, June 2014 Outline Introduction

565 views • 45 slides
Contents: 1. Introduction 1.1 Hybrid Video Coding 1.2 Object Oriented Coding 1.3 Advanced

Contents: 1. Introduction 1.1 Hybrid Video Coding 1.2 Object Oriented Coding 1.3 Advanced

The Hong Kong Polytechnic University Department of Electronic and Information Engineering, Centre for Multimedia Signal Processing Prof. W.C. Siu, Chair Professor and Centre Director 8 June, 2008 ICNNSP2008: IEEE International Conference on

685 views • 40 slides
Explaining Differential Fault Analysis on DES Christophe Clavier Michael Tunstall 5/18/2006

Explaining Differential Fault Analysis on DES Christophe Clavier Michael Tunstall 5/18/2006

Explaining Differential Fault Analysis on DES Christophe Clavier Michael Tunstall 5/18/2006 References Bull & Innovatron Patents 2 Fault I njection Equipment: Laser 3 Bull & Innovatron Patents Fault I njection Equipment: CLI O

423 views • 39 slides
Automatic Search for Linear Trails of the SPECK Family Yuan Yao 1 , 2 Bin Zhang 2 Wenling Wu 2 1

Automatic Search for Linear Trails of the SPECK Family Yuan Yao 1 , 2 Bin Zhang 2 Wenling Wu 2 1

Introduction Linear Cryptanalysis Against SPECK An Implementation of Wallns Algorithm Summary Automatic Search for Linear Trails of the SPECK Family Yuan Yao 1 , 2 Bin Zhang 2 Wenling Wu 2 1 TCA Laboratory, Institute of Software, Chinese

531 views • 41 slides
Differential Power Analysis (DPA) With Key Ranking and Enumeration Martijn Stam COINS

Differential Power Analysis (DPA) With Key Ranking and Enumeration Martijn Stam COINS

Differential Power Analysis (DPA) With Key Ranking and Enumeration Martijn Stam COINS Winterschool in Finse, May 2019 The Rise of Side-Channels The Ideal World 2 Modern Cryptology From Katz and Lindells Classic Textbook Three Principles

913 views • 46 slides
A Cost Benefit Analysis of Faster Transmission System Protection Schemes and Ground Grid Design

A Cost Benefit Analysis of Faster Transmission System Protection Schemes and Ground Grid Design

A Cost Benefit Analysis of Faster Transmission System Protection Schemes and Ground Grid Design Brian Ehsani SEPTEMBER 5 - 7, 2018 Agenda Example System And Clearing Times Ground Grid Design Cost Analysis Additional Conclusions

909 views • 32 slides

More recommend