Fault Analysis in Cryptography by Elisabeth Oswald, François-Xavier Standaert (auth.), Marc

By Elisabeth Oswald, François-Xavier Standaert (auth.), Marc Joye, Michael Tunstall (eds.)

In the Nineteen Seventies researchers spotted that radioactive debris produced by means of parts evidently found in packaging fabric can cause bits to turn in delicate parts of digital chips. learn into the impact of cosmic rays on semiconductors, a space of specific curiosity within the aerospace undefined, resulted in equipment of hardening digital units designed for harsh environments. finally a variety of mechanisms for fault construction and propagation have been found, and particularly it used to be famous that many cryptographic algorithms succumb to so-called fault attacks.

Preventing fault assaults with no sacrificing functionality is nontrivial and this is often the topic of this ebook. half I bargains with side-channel research and its relevance to fault assaults. The chapters partially II conceal fault research in mystery key cryptography, with chapters on block ciphers, fault research of DES and AES, countermeasures for symmetric-key ciphers, and countermeasures opposed to assaults on AES. half III offers with fault research in public key cryptography, with chapters devoted to classical RSA and RSA-CRT implementations, elliptic curve cryptosystems and countermeasures utilizing fault detection, units resilient to fault injection assaults, lattice-based fault assaults on signatures, and fault assaults on pairing-based cryptography. half IV examines fault assaults on circulation ciphers and the way faults have interaction with countermeasures used to avoid strength research assaults. ultimately, half V comprises chapters that designate how fault assaults are applied, with chapters on fault injection applied sciences for microprocessors, and fault injection and key retrieval experiments on a favourite evaluate board.

This is the 1st ebook in this subject and should be of curiosity to researchers and practitioners engaged with cryptographic engineering.

Show description

Read or Download Fault Analysis in Cryptography PDF

Similar analysis books

Grundzuege einer allgemeinen Theorie der linearen Integralgleichungen

It is a pre-1923 historic copy that used to be curated for caliber. caliber insurance was once performed on every one of those books in an try to eliminate books with imperfections brought through the digitization procedure. notwithstanding we now have made most sensible efforts - the books can have occasional blunders that don't abate the studying event.

Calculus of Residues

The issues contained during this sequence were accumulated over decades with the purpose of delivering scholars and lecturers with fabric, the hunt for which might another way occupy a lot worthwhile time. Hitherto this centred fabric has purely been available to the very constrained public capable of learn Serbian*.

Mathematik zum Studieneinstieg: Grundwissen der Analysis für Wirtschaftswissenschaftler, Ingenieure, Naturwissenschaftler und Informatiker

Studenten in den F? chern Wirtschaftswissenschaften, Technik, Naturwissenschaften und Informatik ben? tigen zu Studienbeginn bestimmte Grundkenntnisse in der Mathematik, die im vorliegenden Buch dargestellt werden. Es behandelt die Grundlagen der research im Sinne einer Wiederholung/Vertiefung des gymnasialen Oberstufenstoffes.

Additional info for Fault Analysis in Cryptography

Example text

The counter i is XORed with a random number before being used so the order in which the S-box elements are treated is unknown. When only the order in which the S-Boxes are treated is randomized, one can still attack by searching for S-box indices that never change the ciphertext when modified. If the same S-box index is repeatedly changed, but the ciphertext never changes after numerous executions with the same plaintext, it can reasonably be assumed that this index value does not represent a key hypothesis for any part of the first round key.

1 Number of faults to recover the 16th round key with a 99 % success rate Round 12 11 10 9 Distinguisher Likelihood SEI Likelihood SEI Likelihood SEI Likelihood SEI Bit error Chosen pos. Random pos. Byte error Chosen pos. Random pos. 3 Attack Results The results of several attack simulations are reported in [345]. The attacker is assumed to be able to inject some fault in the left half of the DES internal state L r at the end of some round r ∈ {9, 10, 11, 12}. Several fault models are considered: either a single bit is flipped or one byte is switched to a random value, and the fault position is either random (among the 32 bit positions or the four byte positions in L r ) or chosen by the attacker.

3 Safe-Error Analysis A third fault analysis method which exploits the identity of outputs of cryptographic algorithms is the analysis of so-called safe-errors, which we refer to as safe-error Analysis (SEA). This method was first introduced to break a private exponentiation of the RSA cryptosystem [204, 427, 429]. The basic principle consists of modifying some internal data and inferring the value of a private exponent bit from whether this modification resulted in an identical or a different output.

Download PDF sample

Rated 4.39 of 5 – based on 40 votes