Research On Efficiency Improvement Of Differential Fault Analysis For AES Structure

Differential Fault Analysis(DFA)is one of the most practical methods to recover the secret keys from real cryptographic devices.Especially,DFA on Advanced Encryption Standard(AES)has been massively researched for many years for both single-byte and multibyte fault model.Since the appearance of AES,many cryptographic algorithms have been designed based on AES,and DFA attacks on such algorithms have become a research hotspot.This paper mainly studies the DFA attack method on the AES structure algorithm,aiming to improve the efficiency of the attack.The research content is mainly divided into two aspects:the first is the efficiency improvement of the DFA attack method on AES under the multibyte failure model,and the second is the efficiency improvement of the DFA attack method of PAEQ-128 designed based on AES.The research work proposed in this paper can improve the accuracy of AES structure algorithm security evaluation.For AES,the first proposed DFA attack requires 6 pairs of ciphertexts to identify the secret key under multibyte fault model.Until now,the most efficient DFA under multibyte fault model is proposed by Nan Liao et al.,which can complete most of attacks within 3 pairs of ciphertexts.However,this work notes that the work proposed by Nan Liao et al.is not fully optimized since their work did not set any clear optimization goals.In this work,two optimization goals are introduced,which are the fewest ciphertext pairs and the least computational complexity.For these goals,this work manages to figure out the corresponding optimized key recovery strategies,which further increases the efficiency of DFA attacks on AES.A more accurate security assessment of AES can be completed based on our study of DFA attacks on AES.Considering the variations of fault distribution,the improvement to the work proposed by Nan Liao et al.has been analyzed and verified.PAEQ is an AES-based authenticated encryption proposed by Alex Biryukov and Dmitry Khovratovich in 2014,which stays in the CAESAR competition until the second round.In CHES2016,Dhiman Saha and Dipanwita Roy Chowdhury first discussed the differential fault analysis to PAEQ.Their work shows that the nonce used in PAEQ that is usually considered as a natural DFA countermeasure can be overcome by carefully constructing the encryption message and injecting two faults.This work presents a fully optimized DFA attack on PAEQ-128 with regard to the key recovery process.This work applies the information theoretical analysis and the DFA techniques for AES into the DFA key recovery on PAEQ-128.As a result,without changing the attack assumption,the key recovery complexity is reduced from 2~500 to 2~244 for PAEQ-128.The successful key recovery together with its computational complexity have been verified with the key recovery simulations.This paper studies the DFA attack on the AES structure algorithm,and proposes an improved method to improve the efficiency of the attack,thus optimizing the evaluation criteria of the attack method for the AES structure encryption algorithm.