A Fault-Resistant AES Implementation Using Differential Characteristic of Input and Output
The goal of a fault injection attack is to extract a secret key which is embedded in a cryptographic device by injecting a fault during execution of the algorithm. In particular, an attacker can extract the master key of the Advanced Encryption Standard (AES) using only a one-byte fault injection. The authors propose a new countermeasure method resistant to fault injection attacks by checking the differential byte of the input and output in the encryption process and key expansion process, respectively. Based on the result of computer simulations and practical experiments, they suggest that their proposed AES implementation against fault attack has superior error detection ability and improved efficiency compared with previous existing methods.