Differential fault analysis of ARIA in multi-byte fault models

Differential fault analysis exploits faults to find secret information stored in a cryptographic device. It utilizes differential information between correct and faulty ciphertexts. We introduce new techniques to improve the previous differential fault analysis of ARIA. ARIA is a general-purpose involutional SPN (substitution permutation network) block cipher and was established as a Korean standard block cipher algorithm in 2004. While the previous method by Li et al. requires 45 faults, our method needs 13 faults to retrieve the 128-bit secret key of ARIA. If access to the decryption oracle is allowed, our method only needs 7 faults. We analyze the characteristics of the diffusion layer of ARIA in detail, which leads us to reduce the number of required faults to find the key.

► We introduce new differential fault attacks on ARIA that requires much less faults compared to the previous work.
► We propose a generalized technique that works with arbitrary corrupted bytes (a maximum of four bytes) while the previous attack works only with one byte fault.
► We show that the enhancement in terms of security against traditional cryptanalysis may be helpful in differential fault analysis.