Breaking Fault Attack Countermeasures With Side-Channel Information

In the persistent fault-based collision attack (PFCA) (Zheng et al. 2021), the adversary captures the information that the intermediate states have collided through identical correct/incorrect ciphertexts. However, fault countermeasures achieve suppression of incorrect ciphertexts and prevent the PFCA. In this paper, we measure the collision of internal states (or state bytes) using side-channel information. First, for round-level countermeasures, we identify state bytes hitting the same persistent fault during the first round of encryption by the shortest runtime. Additionally, we design sliding-window algorithms to automatically identify the runtime of one-round encryptions suitable for different execution environments. Second, for algorithm-level protections, we detect the collision of the internal states after the first round of encryption through the maximum similarity of power consumption traces. Meanwhile, to address the low success rate of key recovery caused by miss detection due to noise within runtime or power consumption, we further revise the original filtering algorithm in PFCA. Third, we implement round-level protected AES on PC to measure runtime, and both AES protected by round-level (or algorithm-level) countermeasures and SM4 (ISO/IEC 2021) protected by a round-level countermeasure on a smart card to collect power consumption. Finally, the experimental result proves that the revised PFCA successfully recovers the key.