A Hybrid Fault Model For Differential Fault Attack On Aes

In this paper, a hybrid model is proposed to improve availability of ciphertext for differential fault attack (DFA) against AES. This model combines the fault models of the encryption process with the key schedule process. In the actual attack scenarios, we can use the pairs of correct and fault ciphertexts to match a variety of models, such as single-byte fault model, multi-byte fault model and two-line fault model at the same time. Theoretically, the fault attack based on this hybrid model can improve the attack efficiency by almost 50%. The experiment results show that using 2 pairs of correct and faulty diagonal ciphertext and 4 pairs of correct and faulty two-line ciphertexts can recover the entire AES-128 key, and the computational complexity is only 2(16) x 3+2(8) ML x 12, which is lower than any one type of the fault model.