Differential Fault Analysis on DES Middle Rounds

Size: px

Start display at page:

Download "Differential Fault Analysis on DES Middle Rounds"

Alisha Porter
6 years ago
Views:

1 Differential Fault Analysis on DES Middle Rounds Matthieu Rivain Speaker: Christophe Giraud Oberthur Technologies

2 Agenda 1 Introduction Data Encryption Standard DFA on DES Last & Middle Rounds 2 Our Attack Principle Fault Models Attack Simulations 3 Conclusion

3 Outline 1 Introduction Data Encryption Standard DFA on DES Last & Middle Rounds 2 Our Attack Principle Fault Models Attack Simulations 3 Conclusion

4 Data Encryption Standard (DES) 64-bit block cipher using a 56-bit key K

5 Data Encryption Standard (DES) 64-bit block cipher using a 56-bit key K Iterative structure: 16 times the same round transformation F Surrounded by bit-permutations IP and FP

6 Data Encryption Standard (DES) 64-bit block cipher using a 56-bit key K Iterative structure: 16 times the same round transformation F Surrounded by bit-permutations IP and FP A ciphertext C is computed from a plaintext P as: C = FP ( 16 r=1f kr ) IP(P). where k r is a 48-bit round key derived from K.

7 Data Encryption Standard (DES) F follows a Feistel scheme: L r 1 R r 1 f k r L r R r

8 Data Encryption Standard (DES) Function f : f R r 1 E k r S 1 S 7 S 8 P L r 1 R r

9 Data Encryption Standard (DES) Function f : Can be decomposed Sbox per Sbox: f R r 1 E f i R r 1 E i k r k r,i S 1 S 7 S 8 P S i P i L r 1 f i (R r 1, k r,i ) R r

10 Introduction to Fault Analysis Fault Attacks introduced in 1996 [BonehDeMilloLipton96] Applied to Asymmetric Cryptosystems : RSA, Rabin, Fiat-Shamir and Schnorr

11 Introduction to Fault Analysis Fault Attacks introduced in 1996 [BonehDeMilloLipton96] Applied to Asymmetric Cryptosystems : RSA, Rabin, Fiat-Shamir and Schnorr Followed by a dozen of notes on this subject over the next few weeks: Improved attack on CRT RSA [Lenstra96] Attacks on several signatures schemes (ElGamal, DSA) [BaoDengHanJengNarasimhaluNgair96] A New Cryptanalytic Attack on DES [BihamShamir96] Differential Fault Analysis (DFA)...

12 DFA on DES Last Round The last round: L 15 R 15 f k 16 L 16 R 16

13 DFA on DES Last Round The last round: If a fault is induced on R 15 : L 15 R 15 L 15 R 15 f k 16 f k 16 L 16 R 16 L 16 R16

14 DFA on DES Last Round The last round: If a fault is induced on R 15 : The corresponding differential: L 15 R 15 L 15 R 15 0 R 15 R 15 f k 16 f k 16 f k 16 f (R 15, k 16) f ( R 15, k 16) L 16 R 16 L 16 R16 L 16 L 16 R 16 R 16

15 DFA on DES Last Round The last round: If a fault is induced on R 15 : The corresponding differential: L 15 R 15 L 15 R 15 0 R 15 R 15 f k 16 f k 16 f k 16 f (R 15, k 16) f ( R 15, k 16) L 16 R 16 L 16 R16 We thus have: f (R 15, k 16 ) f ( R 15, k 16 ) = (R 16 R 16 ) L 16 L 16 R 16 R 16

16 DFA on DES Last Round The last round: If a fault is induced on R 15 : The corresponding differential: L 15 R 15 L 15 R 15 0 R 15 R 15 f k 16 f k 16 f k 16 f (R 15, k 16) f ( R 15, k 16) L 16 R 16 L 16 R16 We thus have: L 16 L 16 R 16 R 16 f (R 15, k 16 ) f ( R 15, k 16 ) = (R 16 R 16 ) This relation holds for each SBox independently : f i (R 15, k 16,i ) f i ( R 15, k 16,i ) = (R 16 R 16 ) i

17 DFA on DES Last Round The attack: For each i {1,, 8}, guess k 16,i {0, 1} 6 and test if 0 R 15 R 15 f i (R 15, k 16,i ) f i ( R 15, k 16,i ) = (R 16 R 16 ) i f k 16 If no, then discard k16,i By using several faulty ciphertexts, only one candidate remain. f (R 15, k 16) f ( R 15, k 16) L 16 L 16 R 16 R 16

18 DFA on DES Last Rounds The last round: L 15 R 15 f k 16 L 16 R 16

19 DFA on DES Last Rounds The last round: Fault before Round 16: L 15 R 15 L 15 R 15 f k 16 f k 16 L 16 R 16 L 16 R16

20 DFA on DES Last Rounds The last round: Fault before Round 16: The corresponding differential: L 15 R 15 L 15 R 15 L 15 L 15 R 15 R 15 f k 16 f k 16 f k 16 f (R 15, k 16) f ( R 15, k 16) L 16 R 16 L 16 R16 L 16 L 16 R 16 R 16

21 DFA on DES Last Rounds The last round: Fault before Round 16: The corresponding differential: L 15 R 15 L 15 R 15 L 15 L 15 R 15 R 15 f k 16 f k 16 f k 16 f (R 15, k 16) f ( R 15, k 16) L 16 R 16 L 16 R16 We thus have: L 16 L 16 R 16 R 16 f i (R 15, k 16,i ) f i ( R 15, k 16,i ) = (R 16 R 16 ) i (L 15 L 15 ) i Problem: L 15 L 15 is unknown

22 DFA on DES Last Rounds Solutions: Bit fault attack on rounds 14 and 15 [BihamShamir96]: From C C, they obtain information on (L 15 L 15) i

23 DFA on DES Last Rounds Solutions: Bit fault attack on rounds 14 and 15 [BihamShamir96]: From C C, they obtain information on (L 15 L 15) i Known Value Fault Attack on round 13 [Akkar04]: Corrupting L 13 only, we have L 15 L 15 = L 13 L 13

24 DFA on DES Middle Rounds Motivation: DFA usually targets few last rounds of DES Usual countermeasure: double the few last rounds Question: can we mount an effective DFA by disturbing rounds 12, 11, 10,...?

25 DFA on DES Middle Rounds Motivation: DFA usually targets few last rounds of DES Usual countermeasure: double the few last rounds Question: can we mount an effective DFA by disturbing rounds 12, 11, 10,...? Previous work [Akkar04]: Strong adversary model: the attacker can choose the differential (L r, R r ) ( L r, R r ) hypothesis relaxed but most usual fault models not considered Suboptimal distinguisher: based on a counting strategy does not exploit the whole available information

26 DFA on DES Middle Rounds Motivation: DFA usually targets few last rounds of DES Usual countermeasure: double the few last rounds Question: can we mount an effective DFA by disturbing rounds 12, 11, 10,...? Previous work [Akkar04]: Strong adversary model: the attacker can choose the differential (L r, R r ) ( L r, R r ) hypothesis relaxed but most usual fault models not considered Suboptimal distinguisher: based on a counting strategy does not exploit the whole available information Our work: Generalization and improvement of [Akkar04] Study under various realistic fault models

27 Outline 1 Introduction Data Encryption Standard DFA on DES Last & Middle Rounds 2 Our Attack Principle Fault Models Attack Simulations 3 Conclusion

28 Principle The guess function: g i (k) = f i (R 15, k) f i ( R 15, k) (R 16 R 16 ) i L 15 L 15 R 15 R 15 Principle: For k = k 16,i : g i (k) = (L 15 L 15 ) i For k k 16,i : g i (k) U({0, 1} 4 )If the distribution of (L 15 L 15 ) i is biased then we have a wrong-key distinguisher f k 16 f (R 15, k 16) f ( R 15, k 16) L 16 L 16 R 16 R 16

29 The guess function: L 15 L 15 Principle R 15 R 15 g i (k) = f i (R 15, k) f i ( R 15, k) (R 16 R 16 ) i Principle: For k = k 16,i : g i (k) = (L 15 L 15 ) i For k k 16,i : g i (k) U({0, 1} 4 ) If the distribution of (L 15 L 15 ) i is biased then we have a wrong-key distinguisher f k 16 f (R 15, k 16) f ( R 15, k 16) L 16 L 16 R 16 R 16

30 The guess function: L 15 L 15 Principle R 15 R 15 g i (k) = f i (R 15, k) f i ( R 15, k) (R 16 R 16 ) i Principle: For k = k 16,i : g i (k) = (L 15 L 15 ) i For k k 16,i : g i (k) U({0, 1} 4 ) If the distribution of (L15 L 15 ) i is biased then we have a wrong-key distinguisher f k 16 f (R 15, k 16) f ( R 15, k 16) L 16 L 16 R 16 R 16

31 The guess function: L 15 L 15 Principle R 15 R 15 g i (k) = f i (R 15, k) f i ( R 15, k) (R 16 R 16 ) i Principle: For k = k 16,i : g i (k) = (L 15 L 15 ) i For k k 16,i : g i (k) U({0, 1} 4 ) If the distribution of (L15 L 15 ) i is biased then we have a wrong-key distinguisher f k 16 f (R 15, k 16) f ( R 15, k 16) L 16 L 16 R 16 R 16 Description: Collect on several pairs of correct-faulty ciphertexts (Cj, C j ) For each pair (Cj, C j ), compute g (j) i (k) (j) By assumption the sample < g i (k) > j is biased if k = k 16,i close to uniformity if k k 16,i

32 Two Wrong-Key Distinguishers If the fault model is known: The distribution of (L 15 L 15 ) i can be estimated before the attack: δ {0, 1} 4, p i (δ) = Pr [ (L 15 L ] 15 ) i = δ

33 Two Wrong-Key Distinguishers If the fault model is known: The distribution of (L 15 L 15 ) i can be estimated before the attack: δ {0, 1} 4, p i (δ) = Pr [ (L 15 L ] 15 ) i = δ A maximum likelihood approach can then be used: N d(k) = log ( ( (j) p i g i (k) )). j=1

34 Two Wrong-Key Distinguishers If the fault model is known: The distribution of (L 15 L 15 ) i can be estimated before the attack: δ {0, 1} 4, p i (δ) = Pr [ (L 15 L ] 15 ) i = δ A maximum likelihood approach can then be used: N d(k) = log ( ( (j) p i g i (k) )). j=1 Otherwise, look for the strongest biais by using the squared Euclidean imbalance ( square Euclidean distance to the uniform distribution): ( 15 #{g (j) 2 i (k) = δ} d(k) = 1. N 16) δ=0

35 Fault Models: A First Remark Where inducing a fault in a round to have the smallest impact on (L 15 L 15 )?

36 Fault Models: A First Remark Where inducing a fault in a round to have the smallest impact on (L 15 L 15 )? The attacker must inject a fault in the left part of DES internal value at the end of round r: L r L r = L r ε

37 Fault Models Kind of fault: Bit error: Byte error: (1, 0, 0,..., 0) ε = (0, 1, 0,..., 0) etc. (0xXX, 0x00, 0x00, 0x00) ε = (0x00, 0xXX, 0x00, 0x00) etc. where 0xXX U({0, 1} 8 ).

38 Fault Models Kind of fault: Bit error: Byte error: (1, 0, 0,..., 0) ε = (0, 1, 0,..., 0) etc. (0xXX, 0x00, 0x00, 0x00) ε = (0x00, 0xXX, 0x00, 0x00) etc. where 0xXX U({0, 1} 8 ). Fault position: Chosen or random among the 32 bit-positions or the 4 byte-positions.

39 Fault Models Kind of fault: Bit error: Byte error: (1, 0, 0,..., 0) ε = (0, 1, 0,..., 0) etc. (0xXX, 0x00, 0x00, 0x00) ε = (0x00, 0xXX, 0x00, 0x00) etc. where 0xXX U({0, 1} 8 ). Fault position: Chosen or random among the 32 bit-positions or the 4 byte-positions. We have 4 models: {chosen,random} position {bit,byte}-error

40 Attack Simulations Table: Number of faults to recover the 16-th round key with a 99% success rate. Bit error Byte error Round Distinguisher chosen pos. random pos. chosen pos. random pos. 12 Likelihood SEI

41 Attack Simulations Table: Number of faults to recover the 16-th round key with a 99% success rate. Bit error Byte error Round Distinguisher chosen pos. random pos. chosen pos. random pos. 12 Likelihood SEI Likelihood SEI

42 Attack Simulations Table: Number of faults to recover the 16-th round key with a 99% success rate. Bit error Byte error Round Distinguisher chosen pos. random pos. chosen pos. random pos. 12 Likelihood SEI Likelihood SEI Likelihood SEI

43 Attack Simulations Table: Number of faults to recover the 16-th round key with a 99% success rate. Bit error Byte error Round Distinguisher chosen pos. random pos. chosen pos. random pos. 12 Likelihood SEI Likelihood SEI Likelihood SEI Likelihood > 10 8 > 10 8 SEI > 10 8 > 10 8 > 10 8

44 Outline 1 Introduction Data Encryption Standard DFA on DES Last & Middle Rounds 2 Our Attack Principle Fault Models Attack Simulations 3 Conclusion

45 Conclusion Extension of DFA on DES on rounds 12, 11, 10 and 9. Very efficient even in the byte fault model: 20 faults on the 12 th round 800 faults on the 11 th round Depending on the adversary, the last 7 or 8 rounds must now be protected against FA

46 The End Questions? or contact M. Rivain at

7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 7 Cryptanalysis Cryptanalysis Attacks such as exhaustive key-search do not exploit any properties of the encryption algorithm or implementation. Structural attacks