Template-based Fault Injection Analysis of Block Ciphers

We present the first template-based fault injection analysis of FPGA-based block cipher implementations. While template attacks have been a popular form of side-channel analysis in the cryptographic literature, the use of templates in the context of fault attacks has not yet been explored to the best of our knowledge. Our approach involves two phases. The first phase is a profiling phase where we build templates of the fault behavior of a cryptographic device for different secret key segments under different fault injection intensities. This is followed by a matching phase where we match the observed fault behavior of an identical but black-box device with the pre-built templates to retrieve the secret key. We present a generic treatment of our template-based fault attack approach for SPN block ciphers, and illustrate the same with case studies on a Xilinx Spartan-6 FPGA-based implementation of AES-128

DPA on quasi delay insensitive asynchronous circuits: concrete results

International audienceThis paper presents the first concrete results of Differential Power Analysis applied on secured Quasi Delay Insensitive asynchronous logic. In fact, the properties of QDI asynchronous circuits (1-of-N encoded data and four-phase handshake protocol) are exploited to improved chip resistance against power analysis. Different architectures and design styles were investigated and analyzed. Three different DES circuits have been designed and fabricated: two in asynchronous technology and one in synchronous to be used as a reference. The results obtained demonstrate that QDI asynchronous circuits significantly improve the DPA resistance. This study also enabled us to identify some limits i.e. residual sources of leakage, that will be addressed in future works

Combined Attack on CRT-RSA. Why Public Verification Must Not Be Public?

This article introduces a new Combined Attack on a CRT-RSA implementation resistant against Side-Channel Analysis and Fault Injection attacks. Such implementations prevent the attacker from obtaining the signature when a fault has been induced during the computation. Indeed, such a value would allow the attacker to recover the RSA private key by computing the $gcd$ of the public modulus and the faulty signature. The principle of our attack is to inject a fault during the signature computation and to perform a Side-Channel Analysis targeting a sensitive value processed during the Fault Injection countermeasure execution. The resulting information is then used to factorize the public modulus, leading to the disclosure of the whole RSA private key. After presenting a detailed account of our attack, we explain how its complexity can be significantly reduced by using lattice reduction techniques. We also provide simulations that confirm the efficiency of our attack as well as two different countermeasures having a very small impact on the performance of the algorithm. As it performs a Side-Channel Analysis during a Fault Injection countermeasure to retrieve the secret value, this article recalls the need for Fault Injection and Side-Channel Analysis countermeasures as monolithic implementations