Reverse Engineering of a Secret AES-like Cipher by Ineffective Fault - - PowerPoint PPT Presentation
Introduction Scope of the Attack Attack Steps Conclusion Reverse Engineering of a Secret AES-like Cipher by Ineffective Fault Analysis Antoine Wurcker Christophe Clavier antoine.wurcker@xlim.fr christophe.clavier@unilim.fr Universit e
Introduction Scope of the Attack Attack Steps Conclusion
Antoine Wurcker Christophe Clavier antoine.wurcker@xlim.fr christophe.clavier@unilim.fr
Universit´ e de Limoges
FDTC 2013 20-08-2013
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 1 / 33
Introduction Scope of the Attack Attack Steps Conclusion
1
Introduction Advanced Encryption Standard Ineffective Fault Analysis
2
Scope of the Attack Modifications on AES Constraints on Attacker
3
Attack Steps
4
Conclusion Global Results Future Works
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 2 / 33
Introduction Scope of the Attack Attack Steps Conclusion
1
Introduction Advanced Encryption Standard Ineffective Fault Analysis
2
Scope of the Attack Modifications on AES Constraints on Attacker
3
Attack Steps
4
Conclusion Global Results Future Works
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 3 / 33
Introduction Scope of the Attack Attack Steps Conclusion AES
M AddRoundKey(K0) S0 Sr−1 SubBytes ShiftRows MixColumns AddRoundKey(Kr) Sr S9 SubBytes ShiftRows AddRoundKey(K10) C r = 0 r = 1, . . . , 9 r = 10
Figure: The AES encryption path.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 4 / 33
Introduction Scope of the Attack Attack Steps Conclusion AES
RotWord SubWord
Kr
Figure: The AES key schedule.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 5 / 33
Introduction Scope of the Attack Attack Steps Conclusion IFA
Fault Model: Stuck at 0 a precise byte. Fault effect: Ciphertext not modified ⇒ the value was already 0. Ciphertext modified ⇒ the value was not 0. Remark: IFA by-pass dual-execution countermeasure.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 6 / 33
Introduction Scope of the Attack Attack Steps Conclusion IFA
E5 23 AF 75 77 13 98 1A 08 9C 34 EE B6 59 44 M ⇓ . . . . . . ⇓ C
E5 23 AF 75 77 13 98 1A 08 9C 34 EE B6 59 44 M ⇓ . . . . . . ⇓ C ′
=
Figure: Example of no-occurrence of IFA.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 7 / 33
Introduction Scope of the Attack Attack Steps Conclusion IFA
AB 5F 31 45 4C DE C6 11 58 90 67 6F 78 58 34 M ⇓ . . . . . . ⇓ C
AB 5F 31 45 4C DE C6 11 58 90 67 6F 78 58 34 M ⇓ . . . . . . ⇓ C
=
Figure: Example of occurrence of IFA.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 7 / 33
Introduction Scope of the Attack Attack Steps Conclusion Notations
mi: Byte number i of the input plaintext M. ci: Byte number i of the output ciphertext C. Kr: 128-bit Key of round number r. kr,i: Byte number i of the round key Kr. S(): Function SubBytes. S−1(0) : Preimage of 0 value by S-Box table µi = k0,i ⊕ S−1(0) Xr = {xr,0, . . . , xr,15}: Input state of SubBytes step of round r Yr = {yr,0, . . . , yr,15}: Input state of ShiftRows step of round r Zr = {zr,0, . . . , zr,15}: Input state of MixColumns step of round r Tr = {tr,0, . . . , tr,15}: Input state of AddRoundKey step of round r
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 8 / 33
Introduction Scope of the Attack Attack Steps Conclusion
1
Introduction Advanced Encryption Standard Ineffective Fault Analysis
2
Scope of the Attack Modifications on AES Constraints on Attacker
3
Attack Steps
4
Conclusion Global Results Future Works
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 9 / 33
Introduction Scope of the Attack Attack Steps Conclusion Modifications on AES
The modifications allowed have to respect the constraints from the NIST document describing the AES:
1
The SBOX operation is a permutation table. ⇒ 256! possible SBOX (≃ 21684).
2
The ShiftRows operation keeps shifting rows. ⇒ 28 possible ShiftRows.
3
The MixColumns matrix stays circulant with four parameters (= 0). ⇒ 2554 possible MixColumns (≃ 232).
4
The RotWord operation keeps shifting word. ⇒ 22 possible RotWord.
5
The Rcon vectors keeps the form [ρr−1, 0, 0, 0]. ⇒ 28 possible sets of Rcon vectors.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 10 / 33
Introduction Scope of the Attack Attack Steps Conclusion Modifications on AES
⊳ σ0 ⊳ σ1 ⊳ σ2 ⊳ σ3 α0 α1 α2 α3 α3 α0 α1 α2 α2 α3 α0 α1 α1 α2 α3 α0
Figure: ShiftRows parameters. Figure: MixColumns matrix.
△
η ⊕ ρr−1
Figure: RotWord parameter. Figure: Rcon[r] parameter.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 11 / 33
Introduction Scope of the Attack Attack Steps Conclusion Constraints
We placed main constraints on an attacker:
1
The SBOX table is unknown.
2
The MixColumns coefficients are unknown.
3
The ShiftRows coefficients are unknown.
4
The fault can only be applied on SBOX output.
5
The key K is unknown. The Key-Schedule operation is also constrained:
1
RotWord coefficient is unknown.
2
Rcon parameter is unknown.
3
Unavailable to fault injection (e.g. pre-computation).
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 12 / 33
Introduction Scope of the Attack Attack Steps Conclusion
1
Introduction Advanced Encryption Standard Ineffective Fault Analysis
2
Scope of the Attack Modifications on AES Constraints on Attacker
3
Attack Steps
4
Conclusion Global Results Future Works
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 13 / 33
Introduction Scope of the Attack Attack Steps Conclusion Retrieving K0 up to a Constant Byte
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 14 / 33
Introduction Scope of the Attack Attack Steps Conclusion Retrieving K0 up to a Constant Byte
We obtain µi = k0,i ⊕ S−1(0) by exhausting mi while faulting the output
Eventually an IFA occurs and we obtain the equation: S(mi ⊕ k0,i) = 0 mi ⊕ k0,i = S−1(0) mi = k0,i ⊕ S−1(0) mi = µi We retrieve every µi values by applying this method on each position. ⇒ The set of candidates for K0 is reduced from 2128 to 28.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 14 / 33
Introduction Scope of the Attack Attack Steps Conclusion Lemma: ”Choosing” S-Box Input
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 15 / 33
Introduction Scope of the Attack Attack Steps Conclusion Lemma: ”Choosing” S-Box Input
The knowledge of µi values allows us to choose any value x1,i up to the constant value S−1(0).
Playing value mi = v ⊕ µi implies that: x1,i = mi ⊕ k0,i x1,i = v ⊕ µi ⊕ k0,i x1,i = v ⊕ S−1(0) ⊕ k0,i ⊕ k0,i x1,i = v ⊕ S−1(0) Remark: if v = 0 it implies x1,i = S−1(0) ⇒ y1,i = 0
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 15 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reversing ShiftRows Operation
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 16 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reversing ShiftRows Operation
Fault position: first S-Box of second round. First step: Playing random messages until an IFA occurs. Second step: Playing previous message with only one byte modified each time. On each row 1 position will break the IFA when 3 will not. We play the second step until we get the 4 values that break IFA, revealing the 4 ShiftRows parameters. ⇒ The ShiftRows operation is reversed.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 16 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reversing ShiftRows Operation
⇒ ⊕K0 ⇒ SB ⇒ SR ⇓ MC ⇐ SB ⇐ ⊕K1
Figure: Position of IFA
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 17 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reversing ShiftRows Operation
⇒ ⊕K0 ⇒ SB ⇒ SR ⇓ MC ⇐ SB ⇐ ⊕K1 = = = = = = = = = = = = = = = =
Figure: Proof: shift parameter of second row is not 0
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 17 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reversing ShiftRows Operation
⇒ ⊕K0 ⇒ SB ⇒ SR ⇓ MC ⇐ SB ⇐ ⊕K1 = = = = = = = = = = = = = = = =
Figure: Proof: shift parameter of second row is 1
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 17 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reversing ShiftRows Operation
⇒ ⊕K0 ⇒ SB ⇒ SR ⇓ MC ⇐ SB ⇐ ⊕K1 = = = = = = = = = = = = = = = =
Figure: Proof: shift parameter of second row is not 2
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 17 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reversing ShiftRows Operation
⇒ ⊕K0 ⇒ SB ⇒ SR ⇓ MC ⇐ SB ⇐ ⊕K1 = = = = = = = = = = = = = = = =
Figure: Proof: shift parameter of second row is not 3
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 17 / 33
Introduction Scope of the Attack Attack Steps Conclusion Lemma: Retrieving mki,j Values
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 18 / 33
Introduction Scope of the Attack Attack Steps Conclusion Lemma: Retrieving mki,j Values
mki,j are particular values that verifies: αj ∗ S(mki,j) = k1,i ⊕ S−1(0)
The knowledge of µi values and ShiftRows parameters allows us to calculate any value mki,j up to S−1(0).
We can play a full 0 state as input of first round MixColumns, except the position t = ⌊i/4⌋ + 4 ∗ j . This induces, with chosen v: x2,i = αj ∗ S(v ⊕ S−1(0)) ⊕ k1,i When v provokes an IFA on y2,i : v = mki,j ⊕ S−1(0)
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 18 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reducing MixColumns by Retrieving Cycles Orders
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 19 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reducing MixColumns by Retrieving Cycles Orders
Goal : find multiplicative order of βi,j = αi
αj .
We place ourselves in case where at least one of the 6 orders of values βi,j is equals to 255. It’s concerning to 95.28% of cases. Example : recovery of order of β1,2. Equation given by an IFA on first S-Box of second round :
= α0 ∗ z1,0 ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 x2,0 = S−1(0) ⇒ α0 ∗ z1,0 ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0)
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 19 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reducing MixColumns by Retrieving Cycles Orders
Knowledge of mk0,0 allows to play a plaintext byte value inducing : z1,0 = S(mk0,0) ⇒ α0 ∗ z1,0 = k1,0 ⊕ S−1(0) That clean K1 and S−1(0) from previous equation : α0 ∗ z1,0 ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0) k1,0 ⊕ S−1(0) ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0) α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 = 0 Knowledge of µi values allows to play a plaintext byte value inducing : z1,3 = S(S−1(0)) = 0 ⇒ α3 ∗ z1,3 = 0 That clean α3 from previous equation : α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 = 0 α1 ∗ z1,1 ⊕ α2 ∗ z1,2 = 0
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 20 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reducing MixColumns by Retrieving Cycles Orders
We use a random value θ(0)
1,2 :
z1,1 = τ (0)
1,2 = S(θ(0) 1,2 ⊕ k0,0)
We exhaust z1,2 until an IFA occurs revealing the value θ(1)
1,2 such as:
z1,2 = τ (1)
1,2 = S(θ(1) 1,2 ⊕ k0,0)
We then reveal the sequence of θ(k)
1,2 that verifies :
α1 ∗ τ (k)
1,2 ⊕ α2 ∗ τ (k+1) 1,2
= 0 τ (k+1)
1,2
= β1,2 ∗ τ (k)
1,2
⇒ τ (k)
1,2 = (β1,2)k ∗ τ (0) 1,2
Eventually τ (n)
1,2 = τ (0) 1,2 revealing that (β1,2)n = 1. n1,2 = n, order of β1,2.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 21 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reducing MixColumns by Retrieving Cycles Orders
For each candidate for {α0, α1, α2, α3} we are now able to test order of every βi,j and drop the solutions that do not verify found orders ni,j. We imposed that at least one order is equals to 255, it induces that during orders recovery we produced a sequence of 255 values {θ(0)
i,j , . . . , θ(255) i,j
}. That particular sequence will be set as reference for further steps and noted {θ(0), . . . , θ(255)}. The concerned βi,j will also be noted β. Then we know that: τ (i) = S(θ(i) ⊕ k0,0) τ (i) = β ∗ τ (i−1)
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 22 / 33
Introduction Scope of the Attack Attack Steps Conclusion Lemma: Relation K1-K0
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 23 / 33
Introduction Scope of the Attack Attack Steps Conclusion Lemma: Relation K1-K0
This reduction of MixColumns candidates will use particular properties brought by KeySchedule scheme:
For i ∈ {0, 4, 1, 5, 2, 6, 3, 7}, we have k1,i ⊕ k1,i+8 = µi+4 ⊕ µi+8.
k1,i+4 = k1,i ⊕ k0,i+4 k1,i+8 = k1,i+4 ⊕ k0,i+8
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 23 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reducing MixColumns Using K1 Relations
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 24 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reducing MixColumns Using K1 Relations
We will force the K0-K1 relation to appear in IFA equations. As in previous step we use mk0,0 knowledge to clean K1 and S−1(0) : α0 ∗ z1,0 ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0) k1,0 ⊕ S−1(0) ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0) α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 = 0 Then we use knowledge of mk1,i and mk2,i+8 to have z1,1 = S(mk1,i) and z1,2 = S(mk2,i+8): α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 = 0 k1,i ⊕ S−1(0) ⊕ k1,i+8 ⊕ S−1(0) ⊕ α3 ∗ z1,3 = 0 k1,i ⊕ k1,i+8 ⊕ α3 ∗ z1,3 = 0 µi+4 ⊕ µi+8 ⊕ α3 ∗ z1,3 = 0 Then we exhaust value for z1,3 until we got an IFA.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 24 / 33
Introduction Scope of the Attack Attack Steps Conclusion Reducing MixColumns Using K1 Relations
We recognise the message byte inducing the colliding z1,3 as a θ(p) value, then we know that z1,3 = τ (p): µi+4 ⊕ µi+8 ⊕ α3 ∗ τ (p) = 0 µi+4 ⊕ µi+8 ⊕ α3 ∗ βp ∗ τ (0) = 0 τ (0) = µi+4 ⊕ µi+8 α3 ∗ βp That type of relations constraint MixColumns parameters.
Two equations of previous step allows to reduce the set of candidates for MixColumns parameters to 255 elements.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 25 / 33
Introduction Scope of the Attack Attack Steps Conclusion Retrieving MixColumns and RotWord parameters
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 26 / 33
Introduction Scope of the Attack Attack Steps Conclusion Retrieving MixColumns and RotWord parameters
In this step we use two types of equations combined:
k1,0 = αj ∗ S(mk0,j ⊕ k0,0) ⊕ S−1(0) ⇒S(k0,12+η) = k0,0 ⊕ S−1(0) ⊕ 1 ⊕ αj ∗ S(mk0,j ⊕ k0,0) ⇒S(k0,12+η) = µ0 ⊕ 1 ⊕ αj ∗ S(θ(q1)⊕k0,0) ⇒S(k0,12+η) = µ0 ⊕ 1 ⊕ αj ∗ τ (q1) For each MixColumns parameter candidate we are able to calculate S(k0,12+η) and recognise it as a known τ (q2) value: ⇒S(k0,12+η) = τ (q2) = S(θ(q2) ⊕ k0,0) ⇒k0,12+η = θ(q2) ⊕ k0,0 ⇒θ(q2) = µ0 ⊕ µ12+η Then we got only 4 valid solutions, a second equation let only 1.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 26 / 33
Introduction Scope of the Attack Attack Steps Conclusion Retrieving S−1(0)
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 27 / 33
Introduction Scope of the Attack Attack Steps Conclusion Retrieving S−1(0)
We are now able to calculate k1,4, due to equations from KeySchedule:
k1,4 = k1,0 ⊕ k0,4 ⇒ k1,4 = k0,0 ⊕ τ (q2) ⊕ 1 ⊕ k0,4 ⇒ k1,4 = µ0 ⊕ S−1(0) ⊕ τ (q2) ⊕ 1 ⊕ µ4 ⊕ S−1(0) ⇒ k1,4 = τ (q2) ⊕ 1 ⊕ µ0 ⊕ µ4 We then use k1,4 to derive S−1(0) from a mki,j equation: k1,4 = αj ∗ S(mk4,j ⊕ k0,0) ⊕ S−1(0) S−1(0) = αj ∗ S(θ(q3)⊕k0,0) ⊕ k1,4 S−1(0) = αj ∗ τ (q3) ⊕ k1,4
We are now able to infer the values of: S-Box, K0 and K1.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 27 / 33
Introduction Scope of the Attack Attack Steps Conclusion Retrieving Rcon parameter
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 28 / 33
Introduction Scope of the Attack Attack Steps Conclusion Retrieving Rcon parameter
We know all AES parameters except ρ, that allows to control T2 state. We exhaust t2,0 values until an IFA occurs on first S-Box of third round: y3,0 = 0 S(x3,0) = 0 S(t2,0 ⊕ k2,0) = 0 k2,0 = t2,0 ⊕ S−1(0) We learn k2,0 and then we can simply calculate ρ: k2,0 = k1,0 ⊕ S(k1,12+η) ⊕ ρ ρ = k1,0 ⊕ S(k1,12+η) ⊕ k2,0
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 28 / 33
Introduction Scope of the Attack Attack Steps Conclusion Simulations Results
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 29 / 33
Introduction Scope of the Attack Attack Steps Conclusion Simulations Results
Step # of faults Retrieving µi values 2055.96 Retrieving ShiftRows 138.50 Retrieving βi,j orders 22339.80 Retrieving cross-orders relations Retrieving K1 relations 915.77 Retrieving MixColumns and RotWord 64.30 Retrieving S−1(0) Retrieving Rcon 127.5 Total 25641.83
Figure: Experimental results on an unprotected implementation.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 29 / 33
Introduction Scope of the Attack Attack Steps Conclusion
1
Introduction Advanced Encryption Standard Ineffective Fault Analysis
2
Scope of the Attack Modifications on AES Constraints on Attacker
3
Attack Steps
4
Conclusion Global Results Future Works
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 30 / 33
Introduction Scope of the Attack Attack Steps Conclusion Global Results
We by-pass the dual-execution countermeasure. In 95.28% of cases we retrieve the whole algorithm specifications in an average of ∼ 25k required fault number. With reasonable over-costs, we are able to extend our attack to two harder configurations:
1
Full entropy MixColumns matrix: MixColumns matrix is no more circulant and is composed of 16 independent parameters. This new attack is valid in 99.99% of cases (instead of 95.28%).
2
Extended Rcon parameters: Rcon is no more dependant from an unique value ρ but each round have it’s own independent value.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 31 / 33
Introduction Scope of the Attack Attack Steps Conclusion Future Works
Search tricks in order to reduce fault number. Extend attack to 5% remaining cases. Adapt attack when fault is done on exclusive-or (⊕) operations instead of table lookup. Study adaptability of this attack in presence of different type of counter-measures. Study how the knowledge of the key facilitates the attack (a decryption function available on the device give ability to find the key).
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 32 / 33
Introduction Scope of the Attack Attack Steps Conclusion Questions
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 33 / 33
Proof: Only 255 MixColumns Candidates Remains
τ (0) = µ1,i+4⊕µ1,i+8
α3∗βp1
τ (0) = µ1,i+8⊕µ1,i+12
α3∗βp2
µ1,i+8 ⊕ µ1,i+12 ⇒ (αi⋆ αj⋆ )p1−p2 = µ1,i+4 ⊕ µ1,i+8 µ1,i+8 ⊕ µ1,i+12 ⇒ αp1−p2
i⋆
= µ1,i+4 ⊕ µ1,i+8 µ1,i+8 ⊕ µ1,i+12 ∗ αp1−p2
j⋆
It remains 255 valid pairs (αi⋆, αj⋆). Already acquired relations extend this property to other MixColumns parameters.
For each of 255 candidates for MixColumns parameters we are able to calculate τ (0) and β, then the whole sequence (τ (k))k=0,...,254.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 34 / 33
Simulation’s Oracle
We ran simulations using an oracle taking as input: the parameters of the modified AES the round and S-Box position that is considered as faulted the message we decide to play it gives back a boolean value indicating if the fault was ineffective or not.
Antoine Wurcker (Universit´ e de Limoges) Reverse AES by IFA FDTC 2013 35 / 33