Fault Sensitivity Analysis Meets Zero-Value Attack
Oliver Mischke, Amir Moradi, Tim Güneysu
Fault Diagnosis and Tolerance in Cryptography - FDTC 2014, Busan, Korea, September 23, 2013.
Previous works have shown that the combinatorial path delay of a cryptographic function, e.g., the AES S-box, depends on its input value. Since the relation between critical path delay and input value seems to be relatively random and highly dependent on the routing of the circuit, up to now only template or some collision attacks could reliably extract the used secret key of implementations not protected against fault attacks. Here we present a new attack which is based on the fact that, because of the zero-to-zero mapping of the AES Sbox inversion circuit, the critical path when processing the zero input is notably shorter than for all other inputs. Applying the attack to an AES design protected by an state-of-the-art fault detection scheme, we are able to fully recover the secret key in less than eight hours. Note that we neither require a known key measurement step (template case) nor a high similarity between different S-box instances (collision case). The only information gathered from the device is whether a fault occurred when processing a chosen plaintext.[PDF]