Differential Fault Analysis on 3DES Middle Rounds Based on Error Propagation

Since differential fault analysis (DFA) was first implemented on data encryption standard (DES), many scholars have improved this attack and extended the limit of the original last two rounds to the earlier rounds. However, the performance of the novel attacks which target middle rounds is not effective, i.e. the number of correct/incorrect ciphertexts required is very large and the recovered result maybe not correct. We address this problem by presenting new DFA methods that can break 3DES when injecting faults at round 12 or 13. By simulating the process of single-bit error propagation, we have built two kinds of error propagation models as well as an intermediate error propagation state table. Then we simplify the intermediate states into state templates that will be further used to locate the injected fault position, which is the main difficulty of implementing fault injection in the middle rounds. Finally, in terms of the idea of error propagation and probability theory, we can recover the last round key only using 2 sets of correct/incorrect ciphertexts when inducting fault in the 13th round and 4 sets of correct/incorrect ciphertexts when inducting fault in the 12th round.