@article{Zhang_Huang_Feng_Gong_Tao_Ren_Zhao_Guo_2023, title={Efficient Persistent Fault Analysis with Small Number of Chosen Plaintexts}, volume={2023}, url={https://tches.iacr.org/index.php/TCHES/article/view/10292}, DOI={10.46586/tches.v2023.i2.519-542}, abstractNote={<p>In 2018, Zhang <em>et al.</em> introduced the <em>Persistent Fault Analysis</em> (PFA) for the first time, which uses statistical features of ciphertexts caused by faulty Sbox to recover the key of block ciphers. However, for most of the variants of PFA, the prior knowledge of the fault (location and value) is required, where the corresponding analysis will get more difficult under the scenario of multiple faults. To bypass such perquisite and improve the analysis efficiency for multiple faults, we propose <em>Chosen-Plaintext based Persistent Fault Analysis</em> (CPPFA). CPPFA introduces chosen-plaintext to facilitate PFA and can reduce the key search space of AES-128 to extremely small. Our proposal requires 256 ciphertexts, while previous state-of-the-art work still requires 1509 and 1448 ciphertexts under 8 and 16 faults, respectively, at the only cost of requiring 256 chosen plaintexts. In particular, CPPFA can be applied to the multiple faults scenarios where all fault locations, values and quantity are unknown, and the worst time complexity of CPPFA is O(2<sup>8+<em>n<sub>f</sub></em></sup> ) for AES-128, where <em>n<sub>f</sub></em> represents the number of faults. The experimental results show that when <em>n<sub>f</sub></em> &gt; 4, 256 pairs of plaintext-ciphertext can recover the master key of AES-128. As for LED-64, only 16 pairs of plaintext-ciphertext reduce the remaining key search space to 2<sup>10</sup>.</p>}, number={2}, journal={IACR Transactions on Cryptographic Hardware and Embedded Systems}, author={Zhang, Fan and Huang, Run and Feng, Tianxiang and Gong, Xue and Tao, Yulong and Ren, Kui and Zhao, Xinjie and Guo, Shize}, year={2023}, month={Mar.}, pages={519–542} }