# Differential Fault Analysis of Secret Key Cryptosystems

@inproceedings{Biham1997DifferentialFA, title={Differential Fault Analysis of Secret Key Cryptosystems}, author={Eli Biham and Adi Shamir}, booktitle={CRYPTO}, year={1997} }

In September 1996 Boneh, Demillo, and Lipton from Bellcore announced a new type of cryptanalytic attack which exploits computational errors to find cryptographic keys. Their attack is based on algebraic properties of modular arithmetic, and thus it is applicable only to public key cryptosystems such as RSA, and not to secret key algorithms such as the Data Encryption Standard (DES).

## 1,611 Citations

### Evaluating Differential Fault Analysis of Unknown Cryptosystems

- Computer Science, MathematicsPublic Key Cryptography
- 1999

It is shown that under slightly modified assumptions, DFA is not polynomial and would simply result in the loss of some key-bits and it is proved the existence of cryptosystems on which DFA cannot reach the announced workfactor.

### Differential Fault Attacks on Elliptic Curve Cryptosystems

- Computer Science, MathematicsCRYPTO
- 2000

Three different types of attacks that can be used to derive information about the secret key if bit errors can be inserted into the elliptic curve computations in a tamper-proof device are presented.

### Differential Fault Attacks on Elliptic Curve Cryptosystems ( Extended Abstract )

- Computer Science, Mathematics
- 2000

This paper presents three different types of attacks that can be used to derive information about the secret key if bit errors can be inserted into the elliptic curve computations in a tamper-proof device.

### Side Channel Cryptanalysis of Product Ciphers

- Computer Science, MathematicsJ. Comput. Secur.
- 1998

The notion of side-channel cryptanalysis: cryptanalysis using implementation data is introduced andSide-channel attacks against three product ciphers are demonstrated and generalized to other cryptosystems are generalized.

### Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes

- Computer Science, MathematicsASIACRYPT
- 2016

This work states that when targeting authenticated encryption schemes, this is in practice usually precluded by the unique nonce required by most of these schemes.

### Improved Constructions of PRFs Secure Against Related-Key Attacks

- Computer Science, MathematicsACNS
- 2014

In Crypto 2010, Bellare and Cash introduce a framework for building RKA-secure pseudorandom functions (PRFs) and use this framework to construct Rka-secure PRFs based on the decision linear and DDH assumptions.

### Chinese Remaindering Based Cryptosystems in the Presence of Faults

- Computer Science, MathematicsJournal of Cryptology
- 1999

Observations on public-key cryptosystems that use the Chinese remaindering algorithm imply that careless implementations of such systems could be vulnerable, and only one faulty signature is enough to recover the secret key.

### Probing Attacks on Tamper-Resistant Devices

- Computer Science, MathematicsCHES
- 1999

By locally observing the value of a few RAM or adress bus bits during the execution of a cryptographic algorithm, an attacker could easily recover information on the secret key being used.

### Differential fault analysis on block cipher SEED

- Computer Science, MathematicsMath. Comput. Model.
- 2012

### Concurrent error detection of fault-based side-channel cryptanalysis of 128-bit RC6 block cipher

- Computer Science, MathematicsMicroelectron. J.
- 2003

## References

SHOWING 1-10 OF 59 REFERENCES

### Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES

- Computer Science, MathematicsCRYPTO
- 1996

New attacks based on the principles of related-key differential cryptanalysis are presented, which can be exploited in actual protocols and cryptanalyze the key schedules of a variety of algorithms, including three-key Iriplc-DES.

### Differential-Linear Cryptanalysis

- Computer Science, MathematicsCRYPTO
- 1994

This paper introduces a new chosen text attack on iterated cryptosystems, such as the Data Encryption Standard (DES). The attack is very efficient for 8-round DES,2 recovering 10 bits of key with 80%…

### Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

- Computer Science, MathematicsCRYPTO
- 1996

By carefully measuring the amount of time required tm perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.…

### Differential Cryptanalysis of the Data Encryption Standard

- Computer Science, MathematicsSpringer New York
- 1993

This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems, and describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants.

### Linear Cryptanalysis Method for DES Cipher

- Computer Science, MathematicsEUROCRYPT
- 1993

A new method is introduced for cryptanalysis of DES cipher, which is essentially a known-plaintext attack, that is applicable to an only-ciphertext attack in certain situations.

### Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)

- Computer Science, MathematicsFSE
- 1993

Blowfish, a new secret-key block cipher, is proposed, a Feistel network, iterating a simple encryption function 16 times, which is very efficient on large microprocessors.

### Advances in Cryptology: Proceedings Of Crypto 83

- Computer Science, Mathematics
- 1985

Some Public-Key Crypto-Functions as Intractable as Factorization as well as Cryptosystems and Other Hard Problems.

### The RC5 Encryption Algorithm

- Computer ScienceFSE
- 1994

This document describes the RC5 encryption algorithm, a fast symmetric block cipher suitable for hardware or software implementations. A novel feature of RC5 is the heavy use of data-dependent…

### LOKI - A Cryptographic Primitive for Authentication and Secrecy Applications

- Computer Science, MathematicsAUSCRYPT
- 1990

The LOKI primitive may be used in any mode of operation currently defined for ISO DEA-1, with which it is interface compatible, and two modes of operation which compute a 64-bit and 128-bit, Message Authentication Code (or hash value).

### Cryptanalysis of the CFB Mode of the DES with a Reduced Number of Rounds

- Computer Science, MathematicsCRYPTO
- 1993

Three attacks on the DES with a reduced number of rounds in the Cipher Feedback Mode (CFB) are studied, namely a meet in the middle attack, a differential attack, and a linear attack, showing that the final permutation has some cryptographic significance in the CFB mode.