Security analysis of concurrent error detection against differential fault analysis

Xiaofei Guo, Debdeep Mukhopadhyay, Chenglu Jin, Ramesh Karri

Research output: Contribution to journalArticlepeer-review


Differential fault analysis (DFA) poses a significant threat to advanced encryption standard (AES). Only a single faulty ciphertext is required to extract the secret key. Concurrent error detection (CED) is widely used to protect AES against DFA. Traditionally, these CEDs are evaluated with uniformly distributed faults, the resulting fault coverage indicates the security of CEDs against DFA. However, DFA-exploitable faults, which are a small subspace of the entire fault space, are not uniformly distributed. Therefore, fault coverage does not accurately measure the security of the CEDs against DFA. We provide a systematic study of DFA of AES and show that an attacker can inject biased faults to improve the success rate of the attacks. We propose fault entropy (FE) and fault differential entropy (FDE) to evaluate CEDs. We show that most CEDs with high fault coverage are not secure when evaluated with FE and FDE. This work challenges the traditional use of fault coverage for uniformly distributed faults as a metric for evaluating the security of CEDs against DFA.

Original languageEnglish (US)
Pages (from-to)153-169
Number of pages17
JournalJournal of Cryptographic Engineering
Issue number3
StatePublished - Sep 10 2015


  • Advanced encryption standard
  • Block cipher
  • Concurrent error detection
  • Differential fault analysis
  • Fault attack

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'Security analysis of concurrent error detection against differential fault analysis'. Together they form a unique fingerprint.

Cite this