Differential Fault Analysis of Secret Key Cryptosystems

  title={Differential Fault Analysis of Secret Key Cryptosystems},
  author={Eli Biham and Adi Shamir},
In September 1996 Boneh, Demillo, and Lipton from Bellcore announced a new type of cryptanalytic attack which exploits computational errors to find cryptographic keys. Their attack is based on algebraic properties of modular arithmetic, and thus it is applicable only to public key cryptosystems such as RSA, and not to secret key algorithms such as the Data Encryption Standard (DES). 

Evaluating Differential Fault Analysis of Unknown Cryptosystems

It is shown that under slightly modified assumptions, DFA is not polynomial and would simply result in the loss of some key-bits and it is proved the existence of cryptosystems on which DFA cannot reach the announced workfactor.

Differential Fault Attacks on Elliptic Curve Cryptosystems

Three different types of attacks that can be used to derive information about the secret key if bit errors can be inserted into the elliptic curve computations in a tamper-proof device are presented.

Differential Fault Attacks on Elliptic Curve Cryptosystems ( Extended Abstract )

This paper presents three different types of attacks that can be used to derive information about the secret key if bit errors can be inserted into the elliptic curve computations in a tamper-proof device.

Side Channel Cryptanalysis of Product Ciphers

The notion of side-channel cryptanalysis: cryptanalysis using implementation data is introduced andSide-channel attacks against three product ciphers are demonstrated and generalized to other cryptosystems are generalized.

Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes

This work states that when targeting authenticated encryption schemes, this is in practice usually precluded by the unique nonce required by most of these schemes.

Improved Constructions of PRFs Secure Against Related-Key Attacks

In Crypto 2010, Bellare and Cash introduce a framework for building RKA-secure pseudorandom functions (PRFs) and use this framework to construct Rka-secure PRFs based on the decision linear and DDH assumptions.

Chinese Remaindering Based Cryptosystems in the Presence of Faults

Observations on public-key cryptosystems that use the Chinese remaindering algorithm imply that careless implementations of such systems could be vulnerable, and only one faulty signature is enough to recover the secret key.

Probing Attacks on Tamper-Resistant Devices

By locally observing the value of a few RAM or adress bus bits during the execution of a cryptographic algorithm, an attacker could easily recover information on the secret key being used.

Differential fault analysis on block cipher SEED

Concurrent error detection of fault-based side-channel cryptanalysis of 128-bit RC6 block cipher




Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES

New attacks based on the principles of related-key differential cryptanalysis are presented, which can be exploited in actual protocols and cryptanalyze the key schedules of a variety of algorithms, including three-key Iriplc-DES.

Differential-Linear Cryptanalysis

This paper introduces a new chosen text attack on iterated cryptosystems, such as the Data Encryption Standard (DES). The attack is very efficient for 8-round DES,2 recovering 10 bits of key with 80%

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

  • P. Kocher
  • Computer Science, Mathematics
  • 1996
By carefully measuring the amount of time required tm perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.

Differential Cryptanalysis of the Data Encryption Standard

This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems, and describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants.

Linear Cryptanalysis Method for DES Cipher

  • M. Matsui
  • Computer Science, Mathematics
  • 1993
A new method is introduced for cryptanalysis of DES cipher, which is essentially a known-plaintext attack, that is applicable to an only-ciphertext attack in certain situations.

Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)

Blowfish, a new secret-key block cipher, is proposed, a Feistel network, iterating a simple encryption function 16 times, which is very efficient on large microprocessors.

Advances in Cryptology: Proceedings Of Crypto 83

  • D. Chaum
  • Computer Science, Mathematics
  • 1985
Some Public-Key Crypto-Functions as Intractable as Factorization as well as Cryptosystems and Other Hard Problems.

The RC5 Encryption Algorithm

This document describes the RC5 encryption algorithm, a fast symmetric block cipher suitable for hardware or software implementations. A novel feature of RC5 is the heavy use of data-dependent

LOKI - A Cryptographic Primitive for Authentication and Secrecy Applications

The LOKI primitive may be used in any mode of operation currently defined for ISO DEA-1, with which it is interface compatible, and two modes of operation which compute a 64-bit and 128-bit, Message Authentication Code (or hash value).

Cryptanalysis of the CFB Mode of the DES with a Reduced Number of Rounds

Three attacks on the DES with a reduced number of rounds in the Cipher Feedback Mode (CFB) are studied, namely a meet in the middle attack, a differential attack, and a linear attack, showing that the final permutation has some cryptographic significance in the CFB mode.