By Elisabeth Oswald, François-Xavier Standaert (auth.), Marc Joye, Michael Tunstall (eds.)
In the Seventies researchers spotted that radioactive debris produced through parts clearly found in packaging fabric can cause bits to turn in delicate components of digital chips. study into the impact of cosmic rays on semiconductors, a space of specific curiosity within the aerospace undefined, resulted in tools of hardening digital units designed for harsh environments. eventually a variety of mechanisms for fault production and propagation have been chanced on, and specifically it was once famous that many cryptographic algorithms succumb to so-called fault attacks.
Preventing fault assaults with out sacrificing functionality is nontrivial and this can be the topic of this e-book. half I offers with side-channel research and its relevance to fault assaults. The chapters partly II disguise fault research in mystery key cryptography, with chapters on block ciphers, fault research of DES and AES, countermeasures for symmetric-key ciphers, and countermeasures opposed to assaults on AES. half III bargains with fault research in public key cryptography, with chapters devoted to classical RSA and RSA-CRT implementations, elliptic curve cryptosystems and countermeasures utilizing fault detection, units resilient to fault injection assaults, lattice-based fault assaults on signatures, and fault assaults on pairing-based cryptography. half IV examines fault assaults on move ciphers and the way faults have interaction with countermeasures used to avoid strength research assaults. eventually, half V comprises chapters that specify how fault assaults are applied, with chapters on fault injection applied sciences for microprocessors, and fault injection and key retrieval experiments on a normal assessment board.
This is the 1st booklet in this subject and should be of curiosity to researchers and practitioners engaged with cryptographic engineering.
Read or Download Fault Analysis in Cryptography PDF
Similar analysis books
For a very long time, traditional reliability analyses were orientated in the direction of settling on the extra trustworthy method and preoccupied with maximising the reliability of engineering structures. at the foundation of counterexamples although, we exhibit that choosing the extra trustworthy approach doesn't unavoidably suggest picking out the procedure with the smaller losses from mess ups!
This quantity is a set of articles awarded on the Workshop for Nonlinear research held in João Pessoa, Brazil, in September 2012. The impact of Bernhard Ruf, to whom this quantity is devoted at the celebration of his sixtieth birthday, is perceptible through the assortment by way of the alternative of issues and methods.
- Sustainable Power Systems: Modelling, Simulation and Analysis
- Optoelectronic Devices: Advanced Simulation and Analysis
- Dynamic Analysis of a Multi-Shaft Helical Gear Transmission by Finite Elements: Model and Experiment
- Computer Controlled Systems: Analysis and Design with Process-orientated Models
- Local Institutions And Livelihoods: Guidelines For Analysis
Additional resources for Fault Analysis in Cryptography
One month later, Biham and Shamir filled this gap by introducing Differential Fault Analysis (DFA) on the Data Encryption Standard (DES) . This attack was subsequently presented in a paper published at Crypto ’97 , and several papers followed improving DFA and extending it to other ciphers. This chapter reviews the Differential Fault Analysis of DES. After describing the DES algorithm (Sect. 2), we present the original attack, which exploits computational errors occurring in the final rounds of the cipher (Sect.
K15 ⊕ r15 ) r = (r0 , r1 , . . , r15 ), R Output: K˜ R AM = (k0 ⊕ R, . . , k15 ⊕ R) 2 3 for i ← 0 to 15 do K˜ R AM,i ← K˜ N V M,i ⊕ R K˜ R AM,i ← K˜ R AM,i ⊕ ri end 4 return K˜ R AM 1 K˜ R AM = (k0 ⊕ R, . . , k15 ⊕ R) . 1 with the difference that key bytes are actually processed in a random order. By faulting the loop so that only the first iteration has executed, the uninitialized memory space storing K˜ R AM physically contains 15 bytes equal to zero and another one at a random index i equal to ki ⊕ R.
The computation checking countermeasure does not prevent the attack since only whether or not the fault corrupted the reference ciphertext is informative, not the value of the eventually corrupted result. Interestingly, one can notice that this attack applies not only to the AES cipher, but more generally to the whole class of block ciphers whose very first operation, and the only one involving the plaintext, is an XOR with the key. Note also that the attack does not require the knowledge of the transformation subsequent to the first XOR with the key.
Fault Analysis in Cryptography by Elisabeth Oswald, François-Xavier Standaert (auth.), Marc Joye, Michael Tunstall (eds.)