STUDY SPACE
Differential Fault Analysis of Secret Key Cryptosystems

Differential Fault Analysis of Secret Key Cryptosystems

September 1996 | Eli Biham, Adi Shamir
This paper introduces a new cryptanalytic attack called Differential Fault Analysis (DFA), which is applicable to almost any secret key cryptosystem. The authors demonstrate that DFA can be used to recover cryptographic secrets from tamper-resistant devices by exploiting computational errors. Specifically, they show that under a hardware fault model similar to that used by Boneh, Demillo, and Lipton, they can extract the full DES key from a sealed tamper-resistant DES encryptor by analyzing between 50 and 200 ciphertexts generated from unknown but related plaintexts. The paper also discusses techniques for identifying keys of unknown ciphers and reconstructing the complete specification of DES-like ciphers. Additionally, the authors consider a different fault model based on permanent hardware faults and show that it can be used to break DES by analyzing a small number of ciphertexts generated from completely unknown and unrelated plaintexts. The paper concludes with a discussion of a practical attack based on a pure ciphertext-only model, which does not require any statistical assumptions about the plaintexts.This paper introduces a new cryptanalytic attack called Differential Fault Analysis (DFA), which is applicable to almost any secret key cryptosystem. The authors demonstrate that DFA can be used to recover cryptographic secrets from tamper-resistant devices by exploiting computational errors. Specifically, they show that under a hardware fault model similar to that used by Boneh, Demillo, and Lipton, they can extract the full DES key from a sealed tamper-resistant DES encryptor by analyzing between 50 and 200 ciphertexts generated from unknown but related plaintexts. The paper also discusses techniques for identifying keys of unknown ciphers and reconstructing the complete specification of DES-like ciphers. Additionally, the authors consider a different fault model based on permanent hardware faults and show that it can be used to break DES by analyzing a small number of ciphertexts generated from completely unknown and unrelated plaintexts. The paper concludes with a discussion of a practical attack based on a pure ciphertext-only model, which does not require any statistical assumptions about the plaintexts.
Terms of Service
Privacy Policy
Reach us at info@study.space