Turn off MathJax
Article Contents
Shihui Zheng, Shoujin Zang, Ruihao Xing, et al., “Persistent-Fault Based Differential Analysis and Applications to Masking and Fault Countermeasures,” Chinese Journal of Electronics, vol. x, no. x, pp. 1–15, xxxx doi: 10.23919/cje.2023.00.381
Citation: Shihui Zheng, Shoujin Zang, Ruihao Xing, et al., “Persistent-Fault Based Differential Analysis and Applications to Masking and Fault Countermeasures,” Chinese Journal of Electronics, vol. x, no. x, pp. 1–15, xxxx doi: 10.23919/cje.2023.00.381

Persistent-Fault Based Differential Analysis and Applications to Masking and Fault Countermeasures

doi: 10.23919/cje.2023.00.381
More Information
  • Author Bio:

    Shihui Zheng received a Ph.D. from Shandong University, China, in 2006. From 2006 to 2008, she was a Post-doctoral in the School of Information Engineering at Beijing University of Posts and Telecommunications (BUPT), China. In 2008, she joined the School of Cyberspace Security & National Engineering Laboratory for Disaster Backup and Recovery at BUPT. Her current research interests are cryptographic scheme design and side-channel attacks. (Email: shihuizh@bupt.edu.cn)

    Shoujin Zang received the B.S. degree from Changchun University of Science and Technology, Changchun, China, in 2019. He is currently pursuing the M.S. degree with the School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China. His research interests include side-channel attacks and network security. (Email: zangshoujin@bupt.edu.cn)

    Ruihao Xing received the B.S. degree from North China University of Water Resources and Electric Power, Zhengzhou, China, in 2019. He is currently pursuing the M.S. degree with the School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China. His research interests include fault attacks and side-channel attacks. (Email: ruihao_xing@bupt.edu.cn)

    Jiayu Zhang received the B.S. degree from Nanjing University of Posts and Telecommunications, Nanjing, China, in 2021. She is pursuing the M.S. degree with the School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China. Her research interests include fault attacks and side-channel attacks. (Email: zjy2021111095@bupt.edu.cn)

    Changhai Ou received his B.S. degree in Computer Science and Technology from School of Computer and Information Technology, Beijing Jiaotong University, China, in 2013. He received his Ph.D. degree in Cyber Security from Institute of Information Engineering, Chinese Academy of Sciences (i.e. School of Cyber Security, University of Chinese Academy of Sciences) in July, 2018. He was then a Research Fellow in Hardware & Embedded Systems Lab (HESL), School of Computer Science and Engineering, Nanyang Technological University, Singapore. He is currently a full professor in School of Cyber Science & Engineering, Wuhan University, HuBei, China. His research interests include hardware and embedded system security, side-channel attacks and AI security. (Email: ouchanghai@whu.edu.cn)

  • Corresponding author: Email: shihuizh@bupt.edu.cn
  • Received Date: 2023-12-01
  • Accepted Date: 2024-04-26
  • Available Online: 2024-07-03
  • A persistent fault analysis (PFA) can break implementations of AES secured by fault attack countermeasures that prevent differential analyses based on transient faults (DFA). When the AES implementation is protected by the higher-order masking countermeasure – RP [1], the number of required ciphertexts increases exponentially with the growth of the number of shares. We present a persistent-fault-based differential analysis (PFDA) against AES implementations. Two error patterns are detected by ciphertext pairs. Namely, only one error occurs at a SubBytes operation in round 10, and only one error occurs at a SubBytes operation in round 9. The latter is used to derive a differential characteristic (DC) for the key recovery, and the former is explored to deduce the input difference of the DC. Thus, the computational complexity is reduced compared to DFA. Encrypting a fixed plaintext many times to tolerate errors is utilized in PFDA against RP countermeasures. The number of required encryptions increases linearly with the growth of the number of shares. The simulation results show that PFDA can break unprotected AES implementations and implementations secured by fault attack countermeasures or the above higher-order masking countermeasures. Compared to other analyses based on persistent fault, the required number of ciphertexts of PFDA is the lowest.
  • loading
  • [1]
    J. Y. Pan, F. Zhang, K. Ren, et al. , “One fault is all it needs: Breaking higher-order masking with persistent fault analysis,” in Proceedings of the 2019 Design, Automation & Test in Europe Conference & Exhibition, Florence, Italy, pp. 1–6, 201.
    [2]
    E. Biham and A. Shamir, “Differential fault analysis of secret key cryptosystems,” in Proceedings of the 17th Annual International Cryptology Conference, Santa Barbara, CA, USA, pp. 513–525, 1997.
    [3]
    G. Piret and J. J. Quisquater, “A differential fault attack technique against SPN structures, with application to the AES and KHAZAD,” in Proceedings of the 5th International Workshop on Cryptographic Hardware and Embedded Systems, Cologne, Germany, pp. 77–88, 2003.
    [4]
    M. Tunstall, D. Mukhopadhyay, and S. Ali, “Differential fault analysis of the advanced encryption standard using a single fault,” in Proceedings of the 5th IFIP International Workshop on Information Security Theory and Practices, Heraklion, Greece, pp. 224–233, 2011.
    [5]
    P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Proceedings of the 19th Annual International Cryptology Conference, Santa Barbara, CA, USA, pp. 388–397, 1999.
    [6]
    A. Boscher and H. Handschuh, “Masking does not protect against differential fault attacks,” in Proceedings of the 5th International Workshop on Fault Diagnosis and Tolerance in Cryptography, Washington, DC, USA, pp. 35–40, 2008.
    [7]
    S. Chari, C. S. Jutla, J. R. Rao, et al. , “Towards sound approaches to counteract power-analysis attacks,” in Proceedings of the 19th Annual International Cryptology Conference, Santa Barbara, CA, USA, pp. 398–412, 1999.
    [8]
    F. Amiel, C. Clavier, and M. Tunstall, “Fault analysis of DPA-resistant algorithms,” in Proceedings of the Third International Workshop on Fault Diagnosis and Tolerance in Cryptography, Yokohama, Japan, pp. 223–236, 2006.
    [9]
    M. Rivain and E. Prouff, “Provably secure higher-order masking of AES,” in Proceedings of the 12th International Workshop on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, USA, pp. 413–427, 2010.
    [10]
    C. Dobraunig, M. Eichlseder, H. Gross, et al. , “Statistical ineffective fault attacks on masked AES with fault countermeasures,” in Proceedings of the 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, Australia, pp. 315–342, 2018.
    [11]
    F. Zhang, X. X. Lou, X. J. Zhao, et al., “Persistent fault analysis on block ciphers,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 3, pp. 150–172, 2018. doi: 10.13154/tches.v2018.i3.150-172
    [12]
    G. R. Xu, F. Zhang, B. L. Yang, et al., “Pushing the limit of PFA: Enhanced persistent fault analysis on block ciphers,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 40, no. 6, pp. 1102–1116, 2021. doi: 10.1109/TCAD.2020.3048280
    [13]
    F. Zhang, T. X. Feng, Z. Q. Li, et al., “Free fault leakages for deep exploitation: Algebraic persistent fault analysis on lightweight block ciphers,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2022, no. 2, pp. 289–311, 2022. doi: 10.46586/tches.v2022.i2.289-311
    [14]
    A. Caforio and S. Banik, “A study of persistent fault analysis,” Security, Privacy, and Applied Cryptography Engineering: 9th International Conference, SPACE 2019, Gandhinagar, India, 2019.
    [15]
    N. Bagheri, S. Sadeghi, P. Ravi, et al., “SIPFA: Statistical ineffective persistent faults analysis on feistel ciphers,” Cryptology ePrint Archive, Paper 2022/459, 2022, Available at: https://eprint.iacr.org/2022/459.
    [16]
    A. Menu, S. Bhasin, J. M. Dutertre, et al. , “Precise spatio-temporal electromagnetic fault injections on data transfers,” in Proceedings of the 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), Atlanta, GA, USA, pp. 1–8, 2019.
    [17]
    F. Zhang, Y. R. Zhang, H. L. Jiang, et al., “Persistent fault attack in practice,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2020, no. 2, pp. 172–195, 2020. doi: 10.13154/tches.v2020.i2.172-195
    [18]
    H. Soleimany, N. Bagheri, H. Hadipour, et al., “Practical multiple persistent faults analysis,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2022, no. 1, pp. 367–390, 2021. doi: 10.46586/tches.v2022.i1.367-390
    [19]
    J. S. Coron, “Higher order masking of look-up tables,” in Proceedings of the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, pp. 441–458, 2014.
    [20]
    J. S. Coron, F. Rondepierre, and R. Zeitoun, “High order masking of look-up tables with common shares,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 1, pp. 40–72, 2018. doi: 10.13154/tches.v2018.i1.40-72
    [21]
    S. H. Zheng, X. D. Liu, S. J. Zang, et al., “A persistent fault-based collision analysis against the advanced encryption standard,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 40, no. 6, pp. 1117–1129, 2021. doi: 10.1109/TCAD.2021.3049687
    [22]
    F. Zhang, R. Huang, T. X. Feng, et al., “Efficient persistent fault analysis with small number of chosen plaintexts,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2023, no. 2, pp. 519–542, 2023. doi: 10.46586/tches.v2023.i2.519-542
    [23]
    Y. Ishai, A. Sahai, and D. Wagner, “Private circuits: Securing hardware against probing attacks,” in Proceedings of the 23rd Annual International Cryptology Conference, Santa Barbara, CA, USA, pp. 463–481, 2003.
    [24]
    J. S. Coron, A. Greuet, E. Prouff, et al. , “Faster evaluation of SBoxes via common shares,” in Proceedings of the 18th International Conference on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, USA, pp. 498–514, 2016.
    [25]
    Coron, et al., “Higher order countermeasures for AES and DES,” Available at: https://github.com/coron/htable.
    [26]
    H. Bar-El, H. Choukri, D. Naccache, et al., “The sorcerer’s apprentice guide to fault attacks,” Proceedings of the IEEE, vol. 94, no. 2, pp. 370–382, 2006. doi: 10.1109/JPROC.2005.862424
    [27]
    H. Tupsamudre, S. Bisht, and D. Mukhopadhyay, “Destroying fault invariant with randomization - a countermeasure for AES against differential fault attacks,” in Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems, Busan, South Korea, pp. 93–111, 2014.
    [28]
    S. Patranabis, A. Chakraborty, and D. Mukhopadhyay, “Fault tolerant infective countermeasure for AES,” in Proceedings of the 5th International Conference on Security, Privacy, and Applied Cryptography Engineering, Jaipur, India, pp. 190–209, 2015.
    [29]
    C. Dobraunig, M. Eichlseder, T. Korak, et al., “SIFA: Exploiting ineffective fault inductions on symmetric cryptography,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 3, pp. 547–572, 2018. doi: 10.13154/tches.v2018.i3.547-572
    [30]
    S. Patranabis, A. Chakraborty, D. Mukhopadhyay, et al., “Fault space transformation: A generic approach to counter differential fault analysis and differential fault intensity analysis on AES-like block ciphers,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 5, pp. 1092–1102, 2017. doi: 10.1109/TIFS.2016.2646638
    [31]
    J. S. Coron, A. Greuet, and R. Zeitoun, “Side-channel masking with pseudo-random generator,” in Proceedings of the 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, pp. 342–375, 2020.
    [32]
    C. Giraud, “DFA on AES,” in Proceedings of the 4th International Conference on Advanced Encryption Standard, Bonn, Germany, pp. 27–41, 2004.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(3)  / Tables(6)

    Article Metrics

    Article views (155) PDF downloads(25) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return