Practical Persistent Fault Attacks on AES with Instruction Skip
Authors
Viet Sang Nguyen, Vincent Grosso, Pierre-Louis Cayrel
Viet Sang Nguyen
Université Jean Monnet Saint-Etienne, CNRS, Institut d Optique Graduate School, Laboratoire Hubert Curien UMR 5516, Saint-Etienne, France
viet dot sang dot nguyen at univ-st-etienne dot fr
viet dot sang dot nguyen at univ-st-etienne dot fr
Vincent Grosso
Université Jean Monnet Saint-Etienne, CNRS, Institut d Optique Graduate School, Laboratoire Hubert Curien UMR 5516, Saint-Etienne, France
vincent dot grosso at univ-st-etienne dot fr
vincent dot grosso at univ-st-etienne dot fr
Pierre-Louis Cayrel
Université Jean Monnet Saint-Etienne, CNRS, Institut d Optique Graduate School, Laboratoire Hubert Curien UMR 5516, Saint-Etienne, France
pierre dot louis dot cayrel at univ-st-etienne dot fr
pierre dot louis dot cayrel at univ-st-etienne dot fr
Abstract
Persistent Fault Attacks (PFA) have emerged as an active research area in embedded cryptography. This attack exploits faults in one or multiple constants stored in memory, typically targeting S-box elements. In the literature, such persistent faults primarily induced by bit flips in storage, often achieved through laser fault injection techniques. In this paper, we demonstrate that persistent faults can also be induced through instruction skips, which can easily be achieved with almost any fault injection methods (e.g., voltage/clock glitching, electromagnetism). Specifically, we target AES implementations that dynamically generate the S-box table at runtime, during the initialization phase, before executing the first AES operation. We illustrate this with an attack on the AES implementation in the MbedTLS library, where a clock glitch is inserted during the S-box generation. Secondly, we introduce, to our knowledge, the first PFA that targets a constant other than the S-box elements. We show that faulting a round constant involved in the AES key schedule is sufficient to recover the key by a differential analysis. Compared to previous PFAs that rely on statistical analysis requiring hundreds to thousands of ciphertexts, our approach needs only three correct-faulty ciphertexts pairs. We showcase this attack with an experiment on the MbedTLS AES implementation, using a clock glitch in the round constant generation.
References
[BDL97]
Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract). In Walter Fumy, editor, EUROCRYPT'97, volume 1233 of LNCS, pages 37–51. May 1997. Springer, Berlin, Heidelberg. DOI: 10.1007/3-540-69053-0_4
[Ber05]
Daniel J. Bernstein. Cache-timing attacks on AES. 2005.
[BH22]
Jakub Breier and Xiaolu Hou. How Practical Are Fault Injection Attacks, Really?. IEEE Access, 10:113122–113130, 2022. DOI: 10.1109/ACCESS.2022.3217212
[BS97]
Eli Biham and Adi Shamir. Differential Fault Analysis of Secret Key Cryptosystems. In Burton S. Kaliski Jr., editor, CRYPTO'97, volume 1294 of LNCS, pages 513–525. August 1997. Springer, Berlin, Heidelberg. DOI: 10.1007/BFb0052259
[CB19]
Andrea Caforio and Subhadeep Banik. A Study of Persistent Fault Analysis. In Shivam Bhasin, Avi Mendelson, and Mridul Nandi, editors, Security, Privacy, and Applied Cryptography Engineering - 9th International Conference, SPACE 2019, Gandhinagar, India, December 3-7, 2019, Proceedings, volume 11947 of Lecture Notes in Computer Science, pages 13–33. 2019. Springer. DOI: 10.1007/978-3-030-35869-3_4
[CGR20]
Sébastien Carré, Sylvain Guilley, and Olivier Rioul. Persistent Fault Analysis with Few Encryptions. In Guido Marco Bertoni and Francesco Regazzoni, editors, COSADE 2020, volume 12244 of LNCS, pages 3–24. April 2020. Springer, Cham. DOI: 10.1007/978-3-030-68773-1_1
[Cla07]
Christophe Clavier. Secret External Encodings Do Not Prevent Transient Fault Analysis. In Pascal Paillier and Ingrid Verbauwhede, editors, CHES 2007, volume 4727 of LNCS, pages 181–194. September 2007. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-540-74735-2_13
[DEK+18]
Christoph Dobraunig, Maria Eichlseder, Thomas Korak, Stefan Mangard, Florian Mendel, and Robert Primas. SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography. IACR TCHES, 2018(3):547–572, 2018. DOI: 10.13154/tches.v2018.i3.547-572
[DEMS21]
Christoph Dobraunig, Maria Eichlseder, Florian Mendel, and Martin Schläffer. Ascon v1.2: Lightweight Authenticated Encryption and Hashing. Journal of Cryptology, 34(3):33, July 2021. DOI: 10.1007/s00145-021-09398-9
[DLV03]
Pierre Dusart, Gilles Letourneux, and Olivier Vivolo. Differential Fault Analysis on A.E.S. In Jianying Zhou, Moti Yung, and Yongfei Han, editors, Applied Cryptography and Network Security, First International Conference, ACNS 2003. Kunming, China, October 16-19, 2003, Proceedings, volume 2846 of Lecture Notes in Computer Science, pages 293–306. 2003. Springer. DOI: 10.1007/978-3-540-45203-4_23
[DR05]
Joan Daemen and Vincent Rijmen. Rijndael/AES. In Henk C. A. van Tilborg, editor, Encyclopedia of Cryptography and Security. Springer 2005. DOI: 10.1007/0-387-23483-7_358
[ESP20]
Susanne Engels, Falk Schellenberg, and Christof Paar. SPFA: SFA on Multiple Persistent Faults. In 17th Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2020, Milan, Italy, September 13, 2020, pages 49–56. 2020. IEEE. DOI: 10.1109/FDTC51366.2020.00014
[FJLT13]
Thomas Fuhr, Eliane Jaulmes, Victor Lomné, and Adrian Thillard. Fault Attacks on AES with Faulty Ciphertexts Only. In 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, pages 108-118. 2013. DOI: 10.1109/FDTC.2013.18
[GPT19]
Michael Gruber, Matthias Probst, and Michael Tempelmeier. Persistent Fault Analysis of OCB, DEOXYS and COLM. In 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2019, Atlanta, GA, USA, August 24, 2019, pages 17–24. 2019. IEEE. DOI: 10.1109/FDTC.2019.00011
[GTB+24]
Paul Grandamme, Pierre-Antoine Tissot, Lilian Bossuet, Jean-Max Dutertre, Brice Colombier, and Vincent Grosso. Switching Off your Device Does Not Protect Against Fault Attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2024(4):425–450, 2024. DOI: 10.46586/TCHES.V2024.I4.425-450
[GYTS14]
Nahid Farhady Ghalaty, Bilgiday Yuce, Mostafa Taha, and Patrick Schaumont. Differential Fault Intensity Analysis. In 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, pages 49-58. 2014. DOI: 10.1109/FDTC.2014.15
[KDK+14]
Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA), pages 361-372. 2014. DOI: 10.1109/ISCA.2014.6853210
[Kim12]
Chong Hee Kim. Improved Differential Fault Analysis on AES Key Schedule. IEEE Transactions on Information Forensics and Security, 7(1):41-50, 2012. DOI: 10.1109/TIFS.2011.2161289
[LSG+10]
Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Toshinori Fukunaga, Junko Takahashi, and Kazuo Ohta. Fault Sensitivity Analysis. In Stefan Mangard and François-Xavier Standaert, editors, CHES 2010, volume 6225 of LNCS, pages 320–334. August 2010. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-15031-9_22
[PQ03]
Gilles Piret and Jean-Jacques Quisquater. A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD. In Colin D. Walter, Çetin Kaya Koç, and Christof Paar, editors, CHES 2003, volume 2779 of LNCS, pages 77–88. September 2003. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-540-45238-6_7
[PZRB19]
Jingyu Pan, Fan Zhang, Kui Ren, and Shivam Bhasin. One Fault is All it Needs: Breaking Higher-Order Masking with Persistent Fault Analysis. In 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pages 1-6. 2019. DOI: 10.23919/DATE.2019.8715260
[Riv09]
Matthieu Rivain. Differential Fault Analysis on DES Middle Rounds. In Christophe Clavier and Kris Gaj, editors, CHES 2009, volume 5747 of LNCS, pages 457–469. September 2009. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-04138-9_32
[RSD06]
Chester Rebeiro, A. David Selvakumar, and A. S. L. Devi. Bitslice Implementation of AES. In David Pointcheval, Yi Mu, and Kefei Chen, editors, CANS 06, volume 4301 of LNCS, pages 203–212. December 2006. Springer, Berlin, Heidelberg. DOI: 10.1007/11935070_14
[SBH+22]
Hadi Soleimany, Nasour Bagheri, Hosein Hadipour, Prasanna Ravi, Shivam Bhasin, and Sara Mansouri. Practical Multiple Persistent Faults Analysis. IACR TCHES, 2022(1):367–390, 2022. DOI: 10.46586/tches.v2022.i1.367-390
[SBHS15]
Bodo Selmke, Stefan Brummer, Johann Heyszl, and Georg Sigl. Precise Laser Fault Injections into 90 nm and 45 nm SRAM-cells. In Naofumi Homma and Marcel Medwed, editors, Smart Card Research and Advanced Applications - 14th International Conference, CARDIS 2015, Bochum, Germany, November 4-6, 2015. Revised Selected Papers, volume 9514 of Lecture Notes in Computer Science, pages 193–205. 2015. Springer. DOI: 10.1007/978-3-319-31271-2_12
[SBR+20]
Sayandeep Saha, Arnab Bag, Debapriya Basu Roy, Sikhar Patranabis, and Debdeep Mukhopadhyay. Fault Template Attacks on Block Ciphers Exploiting Fault Propagation. In Anne Canteaut and Yuval Ishai, editors, EUROCRYPT 2020, Part I, volume 12105 of LNCS, pages 612–643. May 2020. Springer, Cham. DOI: 10.1007/978-3-030-45721-1_22
[SHP09]
Jörn-Marc Schmidt, Michael Hutter, and Thomas Plos. Optical Fault Attacks on AES: A Threat in Violet. In 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pages 13-22. 2009. DOI: 10.1109/FDTC.2009.37
[TL22]
Honghui Tang and Qiang Liu. MPFA: An Efficient Multiple Faults-Based Persistent Fault Analysis Method for Low-Cost FIA. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 41(9):2821-2834, 2022. DOI: 10.1109/TCAD.2021.3117512
[XZY+21]
Guorui Xu, Fan Zhang, Bolin Yang, Xinjie Zhao, Wei He, and Kui Ren. Pushing the Limit of PFA: Enhanced Persistent Fault Analysis on Block Ciphers. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 40(6):1102-1116, 2021. DOI: 10.1109/TCAD.2020.3048280
[ZFL+22]
Fan Zhang, Tianxiang Feng, Zhiqi Li, Kui Ren, and Xinjie Zhao. Free Fault Leakages for Deep Exploitation: Algebraic Persistent Fault Analysis on Lightweight Block Ciphers. IACR TCHES, 2022(2):289–311, 2022. DOI: 10.46586/tches.v2022.i2.289-311
[ZHF+23]
Fan Zhang, Run Huang, Tianxiang Feng, Xue Gong, Yulong Tao, Kui Ren, Xinjie Zhao, and Shize Guo. Efficient Persistent Fault Analysis with Small Number of Chosen Plaintexts. IACR TCHES, 2023(2):519–542, 2023. DOI: 10.46586/tches.v2023.i2.519-542
[ZLZ+18]
Fan Zhang, Xiaoxuan Lou, Xinjie Zhao, Shivam Bhasin, Wei He, Ruyi Ding, Samiya Qureshi, and Kui Ren. Persistent Fault Analysis on Block Ciphers. IACR TCHES, 2018(3):150–172, 2018. DOI: 10.13154/tches.v2018.i3.150-172
[ZLZ+21]
Shihui Zheng, Xudong Liu, Shoujin Zang, Yihao Deng, Dongqi Huang, and Changhai Ou. A Persistent Fault-Based Collision Analysis Against the Advanced Encryption Standard. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 40(6):1117-1129, 2021. DOI: 10.1109/TCAD.2021.3049687
[ZZJ+20]
Fan Zhang, Yiran Zhang, Huilong Jiang, Xiang Zhu, Shivam Bhasin, Xinjie Zhao, Zhe Liu(0), Dawu Gu, and Kui Ren. Persistent Fault Attack in Practice. IACR TCHES, 2020(2):172–195, 2020. DOI: 10.13154/tches.v2020.i2.172-195
PDF
History
Submitted: 2025-01-14
Accepted: 2025-03-11
Published: 2025-04-08
Accepted: 2025-03-11
Published: 2025-04-08
How to cite
Viet Sang Nguyen, Vincent Grosso, and Pierre-Louis Cayrel, Practical Persistent Fault Attacks on AES with Instruction Skip. IACR Communications in Cryptology, vol. 2, no. 1, Apr 08, 2025, doi: 10.62056/a60l5wol7.
License
Copyright is held by the author(s)
This work is licensed under a Creative Commons Attribution (CC BY) license.