Information-Theoretic Approach to Optimal Differential Fault Analysis

This paper presents a comprehensive analysis of differential fault analysis (DFA) attacks on the Advanced Encryption Standard (AES) from an information-theoretic perspective. Injecting faults into cryptosystems is categorized as an active at tack where attackers induce an error in operations to retr...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on information forensics and security 2012-02, Vol.7 (1), p.109-120
Main Authors: Sakiyama, K., Li, Y., Ohta, K., Iwamoto, M.
Format: Article
Language:English
Subjects:
Advanced encryption standard (AES)
Algorithm design and analysis
Complexity theory
differential fault analysis (DFA)
Doped fiber amplifiers
Encryption
information leakage
Leaking of information
Timing
Upper bound
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c358t-4bfd5620bcd5bb8661ec6a18cef5abf5ef9adf5eb26601d3c0110ca20fbf75e73
cites cdi_FETCH-LOGICAL-c358t-4bfd5620bcd5bb8661ec6a18cef5abf5ef9adf5eb26601d3c0110ca20fbf75e73
container_end_page 120
container_issue 1
container_start_page 109
container_title IEEE transactions on information forensics and security
container_volume 7
creator Sakiyama, K.
Li, Y.
Ohta, K.
Iwamoto, M.
description This paper presents a comprehensive analysis of differential fault analysis (DFA) attacks on the Advanced Encryption Standard (AES) from an information-theoretic perspective. Injecting faults into cryptosystems is categorized as an active at tack where attackers induce an error in operations to retrieve the secret internal information, e.g., the secret key of ciphers. Here, we consider DFA attacks as equivalent to a special kind of passive attack where attackers can obtain leaked information without measurement noise. The DFA attacks are regarded as a conversion process from the leaked information to the secret key. Each fault model defines an upper bound for the amount of leaked information. The optimal DFA attacks should be able to exploit fully the leaked information in order to retrieve the secret key with a practical level of complexity. This paper discusses a new DFA methodology to achieve the optimal DFA attack by deriving the amount of the leaked information for various fault models from an information-theoretic perspective. We review several previous DFA at tacks on AES variants to check the optimality of their attacks. We also propose improved DFA attacks on AES-192 and AES-256 that reach the theoretical limits.
doi_str_mv 10.1109/TIFS.2011.2174984
format article
fullrecord <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_proquest_journals_916956952</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6071005</ieee_id><sourcerecordid>2565823111</sourcerecordid><originalsourceid>FETCH-LOGICAL-c358t-4bfd5620bcd5bb8661ec6a18cef5abf5ef9adf5eb26601d3c0110ca20fbf75e73</originalsourceid><addsrcrecordid>eNo9UEFqwzAQFKWFpmkfUHoxvTvVypZsH0Mat4FADk3PQpIlouBYrqQc8vsqJAQWZhdmlplB6BXwDAA3H9tV-zMjGGBGoCqburxDE6CU5QwTuL_tUDyipxD2GJclsHqClqvBOH8Q0boh3-608zpalc3H0Tuhdll02WaM9iD67NMao70eok1HK459zOaD6E_Bhmf0YEQf9MsVp-i3XW4X3_l687VazNe5Kmgd81KajjKCpeqolDVjoBUTUCttqJCGatOILoEkLFntCpXyYCUINtJUVFfFFL1f_iZ3f0cdIt-7o08mAm-ANTQNSSS4kJR3IXht-OhTAH_igPm5LH4ui5_L4teykubtorFa6xuf4QowpsU_n09m0Q</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>916956952</pqid></control><display><type>article</type><title>Information-Theoretic Approach to Optimal Differential Fault Analysis</title><source>IEEE Electronic Library (IEL) Journals</source><creator>Sakiyama, K. ; Li, Y. ; Ohta, K. ; Iwamoto, M.</creator><creatorcontrib>Sakiyama, K. ; Li, Y. ; Ohta, K. ; Iwamoto, M.</creatorcontrib><description>This paper presents a comprehensive analysis of differential fault analysis (DFA) attacks on the Advanced Encryption Standard (AES) from an information-theoretic perspective. Injecting faults into cryptosystems is categorized as an active at tack where attackers induce an error in operations to retrieve the secret internal information, e.g., the secret key of ciphers. Here, we consider DFA attacks as equivalent to a special kind of passive attack where attackers can obtain leaked information without measurement noise. The DFA attacks are regarded as a conversion process from the leaked information to the secret key. Each fault model defines an upper bound for the amount of leaked information. The optimal DFA attacks should be able to exploit fully the leaked information in order to retrieve the secret key with a practical level of complexity. This paper discusses a new DFA methodology to achieve the optimal DFA attack by deriving the amount of the leaked information for various fault models from an information-theoretic perspective. We review several previous DFA at tacks on AES variants to check the optimality of their attacks. We also propose improved DFA attacks on AES-192 and AES-256 that reach the theoretical limits.</description><identifier>ISSN: 1556-6013</identifier><identifier>EISSN: 1556-6021</identifier><identifier>DOI: 10.1109/TIFS.2011.2174984</identifier><identifier>CODEN: ITIFA6</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Advanced encryption standard (AES) ; Algorithm design and analysis ; Complexity theory ; differential fault analysis (DFA) ; Doped fiber amplifiers ; Encryption ; information leakage ; Leaking of information ; Timing ; Upper bound</subject><ispartof>IEEE transactions on information forensics and security, 2012-02, Vol.7 (1), p.109-120</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2012</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c358t-4bfd5620bcd5bb8661ec6a18cef5abf5ef9adf5eb26601d3c0110ca20fbf75e73</citedby><cites>FETCH-LOGICAL-c358t-4bfd5620bcd5bb8661ec6a18cef5abf5ef9adf5eb26601d3c0110ca20fbf75e73</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6071005$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,27922,27923,54794</link.rule.ids></links><search><creatorcontrib>Sakiyama, K.</creatorcontrib><creatorcontrib>Li, Y.</creatorcontrib><creatorcontrib>Ohta, K.</creatorcontrib><creatorcontrib>Iwamoto, M.</creatorcontrib><title>Information-Theoretic Approach to Optimal Differential Fault Analysis</title><title>IEEE transactions on information forensics and security</title><addtitle>TIFS</addtitle><description>This paper presents a comprehensive analysis of differential fault analysis (DFA) attacks on the Advanced Encryption Standard (AES) from an information-theoretic perspective. Injecting faults into cryptosystems is categorized as an active at tack where attackers induce an error in operations to retrieve the secret internal information, e.g., the secret key of ciphers. Here, we consider DFA attacks as equivalent to a special kind of passive attack where attackers can obtain leaked information without measurement noise. The DFA attacks are regarded as a conversion process from the leaked information to the secret key. Each fault model defines an upper bound for the amount of leaked information. The optimal DFA attacks should be able to exploit fully the leaked information in order to retrieve the secret key with a practical level of complexity. This paper discusses a new DFA methodology to achieve the optimal DFA attack by deriving the amount of the leaked information for various fault models from an information-theoretic perspective. We review several previous DFA at tacks on AES variants to check the optimality of their attacks. We also propose improved DFA attacks on AES-192 and AES-256 that reach the theoretical limits.</description><subject>Advanced encryption standard (AES)</subject><subject>Algorithm design and analysis</subject><subject>Complexity theory</subject><subject>differential fault analysis (DFA)</subject><subject>Doped fiber amplifiers</subject><subject>Encryption</subject><subject>information leakage</subject><subject>Leaking of information</subject><subject>Timing</subject><subject>Upper bound</subject><issn>1556-6013</issn><issn>1556-6021</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2012</creationdate><recordtype>article</recordtype><recordid>eNo9UEFqwzAQFKWFpmkfUHoxvTvVypZsH0Mat4FADk3PQpIlouBYrqQc8vsqJAQWZhdmlplB6BXwDAA3H9tV-zMjGGBGoCqburxDE6CU5QwTuL_tUDyipxD2GJclsHqClqvBOH8Q0boh3-608zpalc3H0Tuhdll02WaM9iD67NMao70eok1HK459zOaD6E_Bhmf0YEQf9MsVp-i3XW4X3_l687VazNe5Kmgd81KajjKCpeqolDVjoBUTUCttqJCGatOILoEkLFntCpXyYCUINtJUVFfFFL1f_iZ3f0cdIt-7o08mAm-ANTQNSSS4kJR3IXht-OhTAH_igPm5LH4ui5_L4teykubtorFa6xuf4QowpsU_n09m0Q</recordid><startdate>20120201</startdate><enddate>20120201</enddate><creator>Sakiyama, K.</creator><creator>Li, Y.</creator><creator>Ohta, K.</creator><creator>Iwamoto, M.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7TB</scope><scope>8FD</scope><scope>FR3</scope><scope>JQ2</scope><scope>KR7</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20120201</creationdate><title>Information-Theoretic Approach to Optimal Differential Fault Analysis</title><author>Sakiyama, K. ; Li, Y. ; Ohta, K. ; Iwamoto, M.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c358t-4bfd5620bcd5bb8661ec6a18cef5abf5ef9adf5eb26601d3c0110ca20fbf75e73</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2012</creationdate><topic>Advanced encryption standard (AES)</topic><topic>Algorithm design and analysis</topic><topic>Complexity theory</topic><topic>differential fault analysis (DFA)</topic><topic>Doped fiber amplifiers</topic><topic>Encryption</topic><topic>information leakage</topic><topic>Leaking of information</topic><topic>Timing</topic><topic>Upper bound</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Sakiyama, K.</creatorcontrib><creatorcontrib>Li, Y.</creatorcontrib><creatorcontrib>Ohta, K.</creatorcontrib><creatorcontrib>Iwamoto, M.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Xplore</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Mechanical &amp; Transportation Engineering Abstracts</collection><collection>Technology Research Database</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Civil Engineering Abstracts</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on information forensics and security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Sakiyama, K.</au><au>Li, Y.</au><au>Ohta, K.</au><au>Iwamoto, M.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Information-Theoretic Approach to Optimal Differential Fault Analysis</atitle><jtitle>IEEE transactions on information forensics and security</jtitle><stitle>TIFS</stitle><date>2012-02-01</date><risdate>2012</risdate><volume>7</volume><issue>1</issue><spage>109</spage><epage>120</epage><pages>109-120</pages><issn>1556-6013</issn><eissn>1556-6021</eissn><coden>ITIFA6</coden><abstract>This paper presents a comprehensive analysis of differential fault analysis (DFA) attacks on the Advanced Encryption Standard (AES) from an information-theoretic perspective. Injecting faults into cryptosystems is categorized as an active at tack where attackers induce an error in operations to retrieve the secret internal information, e.g., the secret key of ciphers. Here, we consider DFA attacks as equivalent to a special kind of passive attack where attackers can obtain leaked information without measurement noise. The DFA attacks are regarded as a conversion process from the leaked information to the secret key. Each fault model defines an upper bound for the amount of leaked information. The optimal DFA attacks should be able to exploit fully the leaked information in order to retrieve the secret key with a practical level of complexity. This paper discusses a new DFA methodology to achieve the optimal DFA attack by deriving the amount of the leaked information for various fault models from an information-theoretic perspective. We review several previous DFA at tacks on AES variants to check the optimality of their attacks. We also propose improved DFA attacks on AES-192 and AES-256 that reach the theoretical limits.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TIFS.2011.2174984</doi><tpages>12</tpages></addata></record>
fulltext fulltext
identifier ISSN: 1556-6013
ispartof IEEE transactions on information forensics and security, 2012-02, Vol.7 (1), p.109-120
issn 1556-6013
1556-6021
language eng
recordid cdi_proquest_journals_916956952
source IEEE Electronic Library (IEL) Journals
subjects Advanced encryption standard (AES)
Algorithm design and analysis
Complexity theory
differential fault analysis (DFA)
Doped fiber amplifiers
Encryption
information leakage
Leaking of information
Timing
Upper bound
title Information-Theoretic Approach to Optimal Differential Fault Analysis
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-09T16%3A46%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Information-Theoretic%20Approach%20to%20Optimal%20Differential%20Fault%20Analysis&rft.jtitle=IEEE%20transactions%20on%20information%20forensics%20and%20security&rft.au=Sakiyama,%20K.&rft.date=2012-02-01&rft.volume=7&rft.issue=1&rft.spage=109&rft.epage=120&rft.pages=109-120&rft.issn=1556-6013&rft.eissn=1556-6021&rft.coden=ITIFA6&rft_id=info:doi/10.1109/TIFS.2011.2174984&rft_dat=%3Cproquest_ieee_%3E2565823111%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c358t-4bfd5620bcd5bb8661ec6a18cef5abf5ef9adf5eb26601d3c0110ca20fbf75e73%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=916956952&rft_id=info:pmid/&rft_ieee_id=6071005&rfr_iscdi=true