Yet another fault-based leakage in non-uniform faulty ciphertexts

Abstract

This paper discusses the information leakage that comes from the non-uniform distribution of the faulty calculation results for hardware AES implementations under setup-time violations. For the setup-time violation, it is more difficult to predict the faulty value than the introduced difference itself. Therefore, the faulty calculation results have been always paired with the fault-free calculations as the information leakage. However, the faulty calculation results under statistical analyses can directly leak the secret. This leakage is mainly caused by the circuit structure rather than the transition differences for variant input data. Generally, this work explains the mechanism of the non-uniform distribution of faulty calculation results. For the widely used composite field based AES S-box, we explain and demonstrate that the probability of the emergence of a particular faulty value is much higher than other values. We use the key recovery method proposed by Fuhr et al., and show the successful key recovery using only the faulty calculation results. In addition, against the attack target that encrypts random plaintexts, we extend the attack in case the faults are injected remotely using electromagnetic interference without any injection timing trigger. © 2014 Springer International Publishing Switzerland.