C++ implementation of Differential Fault Analysis (DFA) of AES-128 using a single fault injection. Software features multi-core support via OpenMP.
This program is free software; see LICENSE for more details.
- gcc-4.8.1 or newer.
- OpenMP.
- Python 2.7.5 or newer. (optionally)
- Workstation with at least 32 cores. (recommended)
Note: Some computations might take quite some time, especially in the case where the fault location is not known and if too few cores are available. For comparison:
- Example 1 takes 17.5 seconds for a known fault location and 279 seconds for an unknown fault location using 32 cores (with 2.1 GHz each, Opteron 6172).
- Example 2 takes 784 seconds for unknown fault locations using 40 cores of the same machine as above.
Differential fault analysis of a single ciphertext pair (see input-1.csv) on 32 cores. A fault was injected in byte 11 during the 8-th round of the AES encryption process.
cd analysis
make
cd ../examples
./dfa 32 11 input-1.csv
After the computation is finished all remaining masterkeys are written to the file keys-0.csv including the correct one:
keys-0.csv: 10000005200000063000000740000008
The ciphertext pair in input-1.csv was generated by
cd simulator
./inject 7 11 >> ../examples/input-1.csv
DFA of multiple ciphertext pairs with distinct keys (see input-2.csv) on 40 cores. Faults were injected at unknown locations (input -1) during the 8-th round of the AES encryption process.
cd analysis
make
cd ../examples
./dfa 40 -1 input-2.csv
After the computation is finished the remaining masterkeys of pair {0,1,2} are written to keys-{0,1,2}.csv. The correct keys are:
keys-0.csv: 1234567890abcdef1234567890abcdef
keys-1.csv: deadc0dedeadc0dedeadc0dedeadc0de
keys-2.csv: 10000005200000063000000740000008
The data in input-2.csv was generated by
cd simulator
./inject 2 5 >> ../examples/input-2.csv
./inject 6 8 >> ../examples/input-2.csv
./inject 7 12 >> ../examples/input-2.csv
Philipp Jovanovic via jovanovic@fim.uni-passau.de