Professional Documents
Culture Documents
Abstract—In 2011, Li et al. presented clockwise collision anal- ever, the acquirement of the setup time was not efficient, and
ysis on nonprotected Advanced Encryption Standard (AES) 512 setup-time samples were required in the idea of correlation
hardware implementation. In this brief, we first propose a new collision [10]. In 2011, Li et al. introduced the clockwise
clockwise collision attack, called fault rate analysis (FRA), on collision analysis [12], which was based on the fact that, when
masked AES. Then, we analyze the critical and noncritical paths of
the S-box and find that, for its three input bytes, namely, the input the inputs of a combinational circuit for two consecutive clock
value, the input mask, and the output mask, the path relating to cycles are the same, little computation is required in the second
the output mask is much shorter than those relating to the other clock cycle. In practice, some countermeasures such as delay
two inputs. Therefore, some sophisticated glitch cycles can be block [13] and glitch detection are adopted so that a clock glitch
chosen such that the values in the critical path of the whole S-box cannot be injected into an embedded module easily. However,
are destroyed but this short path is not affected. As a result, the it is possible that adversary can develop some technologies to
output mask does not offer protection to the S-box, which leads to
achieve it in the future. Moreover, most chips for a resource-
a more efficient attack. Compared with three attacks on masking
countermeasures at the Workshop on Cryptographic Hardware constrained environment are still vulnerable owing to the lack
and Embedded Systems 2010 and 2011, our method only costs of countermeasures.
about 8% of their time and 4% of their storage space. In this brief, a new side-channel collision attack, called fault
rate analysis (FRA), on masked AES is proposed. We inject a
Index Terms—Collision attack, fault rate analysis (FRA), mask-
ing, path delay, side-channel attack. clock glitch into masked S-box implementations and utilize the
fault rate to recover the secret key. Specially, we further study
I. I NTRODUCTION the inner structure of the S-box and select some sophisticated
clock glitches to mount a more efficient attack. Due to the
Fig. 3. Brief hardware architecture of a masked S-box for AES. Intuitively, the path from wi to output is much shorter than the critical path.