Secret external encodings do not prevent transient fault analysis

Abstract

Contrarily to Kerckhoffs' principle, many applications of today's cryptography still adopt the security by obscurity paradigm. Furthermore, in order to rely on its proven or empirical security, some realizations are based on a given well known and widely used cryptographic algorithm. In particular, a possible design would obfuscate a standard block cipher E by surrounding it with two secret external encodings Pi and P2 (one-to-one mappings), leading to the proprietary algorithm E' = P2 o E o P1. A claimed advantage of this approach is that, since inputs and outputs of the underlying function E are not known by a potential attacker, such a construction is usually believed to inherently prevent any kind of transient fault analysis that may apply on the core function E. In this paper, we show that this latter argument is not true, by exhibiting a key recovery attack which applies to the whole class of externally encoded DES or Triple-DES. Moreover, our attack remains applicable even in the presence of the classical counter-measure against fault attacks which consists in executing the algorithm twice and returning an output only if both results are identical. © Springer-Verlag Berlin Heidelberg 2007.