Abstract: This paper examines the ability of Advanced Encryption Standard(AES) against the differential fault attack. It uses the byte-oriented fault model against AES key schedule, and compares the differences between correct and faulty secret information embedded in a system to retrieve seed key. Theoretically, the 128 bit master key for AES can be obtained by using 104 faulty ciphertexts and retrieving 2 bytes of tenth round keys by exhaustive search. For the fact that the byte position where the fault happens is not equally distributed, there is little differences between the theoretical value and the number of faulty ciphertexts needed in the attack experiment result.

Key words: Advanced Encryption Standard(AES), differential fault attack, fault inducing, fault model

摘要： 研究高级加密标准(AES)密码算法对差分故障攻击的安全性。攻击采用针对密钥扩展算法的单字节随机故障模型，通过对比正确和错误密文的差异恢复种子密钥。该攻击方法理论上仅需104个错误密文和2个末轮子密钥字节的穷举搜索就可完全恢复AES的128比特种子密钥。故障位置的不均匀分布使实际攻击所需错误密文数与理论值略有不同。

关键词: 高级加密标准, 差分故障攻击, 故障诱导, 故障模型

CLC Number: 

• TP309.7