Towards Optimized DFA Attacks on AES under Multibyte Random Fault Model

الملخص EN

Differential Fault Analysis (DFA) is one of the most practical methods to recover the secret keys from real cryptographic devices.

In particular, DFA on Advanced Encryption Standard (AES) has been massively researched for many years for both single-byte and multibyte fault model.

For AES, the first proposed DFA attack requires 6 pairs of ciphertexts to identify the secret key under multibyte fault model.

Until now, the most efficient DFA under multibyte fault model proposed in 2017 can complete most of the attacks within 3 pairs of ciphertexts.

However, we note that the attack is not fully optimized since no clear optimization goal was set.

In this work, we introduce two optimization goals as the fewest ciphertext pairs and the least computational complexity.

For these goals, we manage to figure out the corresponding optimized key recovery strategies, which further increase the efficiency of DFA attacks on AES.

A more accurate security assessment of AES can be completed based on our study of DFA attacks on AES.

Considering the variations of fault distribution, the improvement to the attack has been analyzed and verified.