On Clock-Based Fault Analysis Attack for an AES Hardware Using RSL

As one of the logic-level countermeasures against DPA (Differential Power Analysis) attacks, Random Switching Logic (RSL) was proposed by Suzuki, Sacki and Ichikawa in 2004 [9]. The RSL technique was applied to AES hardware and a prototype chip was implement with a 0.13-mu m standard CMOS library for evaluating the DPA resistance [10]. Although the main purpose of using RSL is to resist the DPA attacks, our experimental results of Clock-based Fault Analysis (CFA) show that one can reveal the secret information from the prototype chip. This paper explains the mechanism of the CFA attack and discusses the reason for the success of the attack against a prototype implementation of AES with RSL (RSL-AES). Furthermore, we consider an ideal RSL-AES implementation that counteracts the CFA attacks.