Advanced Fault Analysis Techniques on AES

Fault analysis research on symmetric-key cipher has been intensively discussed since differential fault analysis (DFA) was proposed in 1997. Output masking for wrong cipher-texts was believed to be the most effective countermeasure of the DFA attacks. However, fault sensitive analysis (FSA), proposed in 2010, can bypass the output-masking countermeasure. Both DFA and FSA require a strict fault injection control with the same plaintext, which is often difficul to realize under a circumstance where faults are randomly injected, e.g., in the case of electromagnetic (EM) fault injections. Although it requires the distribution of faulty ciphertexts, an extended fault analysis technique called NU-FVA, proposed in 2013, can avoid the hardness of the fault injection control. This article reviews the previous fault attacks and discusses their merits and demerits especially focusing on the power of the NU-FVA attack.