Fault Rate Analysis:Breaking Masked AES Hardware Implementations Efficiently
In 2011 Li et al.presented clockwise collision anal ysis on non-protected AES hardware implementation.In this paper, we first propose a new clockwise collision attack called Fault Rate Analysis (FRA) on masked AES.Then, we analyze the critical and non-critical path of S-box, and find that for its three input bytes, input value, input mask, and output mask, the path relating to the output mask is much shorter than those relating to the other two inputs.So, some sophisticated glitch cycles can be chosen such that the values in critical path of the whole S-box are destroyed but this short path is not affected.As a result, the output mask does not offer protection to S-box, which leads to a more efficient attack.Compared with three attacks on masking countermeasures in CHES 2010 and 2011, our method only costs about 8% time and 4% storage space of them.
Fault rate analysis side-channel attack masking collision attack path delay
An Wang Man Chen Zongyue Wang Xiaoyun Wang
Institute for Advanced Study / Institute of Microelectronics, Tsinghua University, Beijing 100084, C Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong U Institute for Advanced Study, Tsinghua University, Beijing 100084, China
国内会议
上海
英文
135-139
2013-09-05(万方平台首次上网日期,不代表论文的发表时间)