SPFA: SFA on Multiple Persistent Faults

TL;DR

This paper introduces SPFA, a novel fault analysis method that leverages statistical techniques to exploit multiple persistent faults in cryptographic algorithms, enabling key recovery even with unknown faults.

Contribution

It extends Persistent Fault Analysis by integrating Statistical Fault Analysis, allowing the use of multiple unknown faults for cryptanalysis.

Findings

Effective attack demonstrated on LED cipher

Effective attack demonstrated on AES cipher

Can recover keys with multiple unknown faults

Abstract

For classical fault analysis, a transient fault is required to be injected during runtime, e.g., only at a specific round. Instead, Persistent Fault Analysis (PFA) introduces a powerful class of fault attacks that allows for a fault to be present throughout the whole execution. One limitation of original PFA as introduced by Zhang et al. at CHES'18 is that the faulty values need to be known to the adversary. While this was addressed at a follow-up work at CHES'20, the solution is only applicable to a single faulty value. Instead, we use the potency of Statistical Fault Analysis (SFA) in the persistent fault setting, presenting Statistical Persistent Fault Analysis (SPFA) as a more general approach of PFA. As a result, any or even a multitude of unknown faults that cause an exploitable bias in the targeted round can be used to recover the cipher's secret key. Indeed, the undesired faults in the other rounds that occur due the persistent nature of the attack converge to a uniform distribution as required by SFA. We verify the effectiveness of our attack against LED and AES.