AES Fault attack #1

RootMe Challenge: Recover the key using a simulated fault attack: Recover the AES-128 key to get the validation password for this challenge.

To solve this challenge you have access to an encryption oracle and may inject a single fault during the encryption of a chosen plaintext, repeatedly. In order to simulate the fault injection the oracle takes an additional parameter: an integer between 1 and 160 which represents one of the 160 Sboxes applied during an AES-128 encryption. The fault is injected on a single bit at the output of that Sbox.

Time limitation 	120 seconds
Data limitation 	32 chosen plaintexts and fault injections

Differential Fault attacks

Differential Fault Attacks (DFA) has emerged. DFA has shown that several ciphers can be compromised if the faults can be suitably controlled. DFA is not restricted to old ciphers, but can be a powerful attack vector even for modern ciphers, like the Advanced Encryption Standard (AES).

Resources