2007 | OriginalPaper | Buchkapitel
Secret External Encodings Do Not Prevent Transient Fault Analysis
verfasst von : Christophe Clavier
Erschienen in: Cryptographic Hardware and Embedded Systems - CHES 2007
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Contrarily to Kerckhoffs’ principle, many applications of today’s cryptography still adopt the
security by obscurity
paradigm. Furthermore, in order to rely on its proven or empirical security, some realizations are based on a given well known and widely used cryptographic algorithm. In particular, a possible design would obfuscate a standard block cipher
E
by surrounding it with two
secret
external encodings
P
1
and
P
2
(one-to-one mappings), leading to the proprietary algorithm
E′ = P
2
∘
E
∘
P
1
.
A claimed advantage of this approach is that, since inputs and outputs of the underlying function
E
are not known by a potential attacker, such a construction is usually believed to inherently prevent any kind of transient fault analysis that may apply on the core function
E
. In this paper, we show that this latter argument is not true, by exhibiting a key recovery attack which applies to the whole class of externally encoded DES or Triple-DES. Moreover, our attack remains applicable even in the presence of the classical counter-measure against fault attacks which consists in executing the algorithm twice and returning an output only if both results are identical.