For classical fault analysis, a transient fault is required to be injected during runtime, e.g., only at a specific round. Instead, Persistent Fault Analysis (PFA) introduces a powerful class of fault attacks that allows for a fault to be present throughout the whole execution. One limitation of original PFA as introduced by Zhang et al. at CHES'18 is that the faulty values need to be known to the adversary. While this was addressed at a follow-up work at CHES'20, the solution is only applicable to a single faulty value. Instead, we use the potency of Statistical Fault Analysis (SFA) in the persistent fault setting, presenting Statistical Persistent Fault Analysis (SPFA) as a more general approach of PFA. As a result, any or even a multitude of unknown faults that cause an exploitable bias in the targeted round can be used to recover the cipher's secret key. Indeed, the undesired faults in the other rounds that occur due the persistent nature of the attack converge to a uniform distribution as required by SFA. We verify the effectiveness of our attack against LED and AES.
翻译:对于典型的过失分析,在运行期间,例如仅在特定的回合中,必须注入短暂的过失。相反,持久性过失分析(PFA)引入了一个强大的过失攻击类别,允许在整个执行过程中出现过失。张等人在CHES'18 上对原过失分析提出的一个限制是,对手需要知道错误的数值。在CHES'20的后续工作中处理了这个问题,但解决办法只适用于一个单一的错误价值。相反,我们在持续的过失设置中使用统计过失分析(SFA)的力量,提出统计性持续过失分析(SPFA)作为PFA的更一般的办法。结果,任何甚至许多导致目标回合中可被利用的偏差的未知错误都可以用来收回密码的秘密钥匙。事实上,其他回合中由于攻击的持续性质而出现的未预料的错误都集中在SFA所要求的统一分布上。我们核查了我们对LED和AES攻击的有效性。