New Methods of Template Attack Based on Fault Sensitivity Analysis

Fault Sensitivity Analysis (FSA) is a side-channel attack that utilizes the sensitive delay of circuits to retrieve the key in cryptographic systems. In this paper, we propose the concept of right or wrong collision (RWC) rate and use it to build templates on two S-boxes, one is the target of the attack and the other is used as a reference. Compared to the traditional Hamming weight model which has eight different values, our template model is two-dimensional with 256 different values and has the potential to significantly reduce the number of plaintext required to reveal the key. Attack experiments show that our template attack can successfully break the masked AES algorithm with only one clock frequency. Furthermore, we propose two improved template attack methods that can reduce the complexity for building templates to 1/256 and 9/256 of the original method, respectively. The improved method with different frequencies also improves the efficiency of template matching by 86.3 percent. Finally and most importantly, our methods can be used to break masked AES where the S-boxes do not have to be implemented by parallel AND gates, a major limitation of the current Hamming weight models.