While the symmetric-key cryptography community has now a good experience on how to build a secure and efficient fixed permutation, it remains an open problem how to design a key-schedule for block ciphers, as shown by the numerous candidates broken in the related-key model or in a hash function setting. Provable security against differential and linear cryptanalysis in the related-key scenario ...

AES algorithm has played an important role in information security field for a long time since Rijndael algorithm was announced as advanced encryption standard. Hardware implementation based on FPGA of AES algorithm has the advantages of fast, flexible, short development cycle, etc. Hardware implementation based on FPGA of AES encryption and decryption system was studied in detail in this paper...

The Advanced Encryption Standard (AES) is the Federal Information Processing Standard for symmetric encryption. It is widely believed to be secure and efficient, and is therefore broadly accepted as the standard for both government and industry applications. If fact, almost any new protocol requiring symmetric encryption supports AES, and many existing systems that were originally designed with...

This paper presents a design for the implementation of the AES encryption algorithm in the hardware system. The proposed device is intended to be a device under test in a differential power analysis (DPA) attack. This device uses AES encryption with 128bit key length and electronic codebook (ECB) mode. The platform used in this device is FPGACyclone IV EP4CE115F29C7. AESAVS is used to test the ...

In this paper we propose the first practical fault attack on the time redundancy countermeasure for AES using a biased fault model. We develop a scheme to show the effectiveness of a biased fault model in the analysis of the time redundancy countermeasure. Our attack requires only faulty ciphertexts and does not assume strong adversarial powers. We successfully demonstrate our attack on simulat...

The Advanced Encryption System – AES is now used in almost all network-based applications to ensure security. In this paper, we propose a very efficient pipelined hardware implementation of AES128. The design is versatile as it allows both encryption and decryption. The core computation of AES, which is performed on data blocks of 128 bits, is iterated for several rounds, depending on the key s...

In this paper we describe a differential fault attack technique working against Substitution-Permutation Networks, and requiring very few faulty ciphertexts. The fault model used is realistic, as we consider random faults affecting bytes (faults affecting one only bit are much harder to induce). We implemented our attack on a PC for both the AES and KHAZAD. We are able to break the AES-128 with...

We describe two new techniques of side-channel cryptanalysis which we call the impossible collision attack and the multiset collision attack. These are inspired by the state-of-the-art cryptanalytic techniques of impossible differential attacks [BBS99] and partial-function collision attacks [GM00] respectively. Using these techniques on an example of the AES we show that one has to mask all the...

Our contribution is twofold: first we describe a very compact hardware implementation of AES-128, which requires only 2400 GE. This is to the best of our knowledge the smallest implementation reported so far. Then we apply the threshold countermeasure by Nikova et al. to the AES S-box and yield an implementation of the AES improving the level of resistance against first-order side-channel attac...