Skip to Main Content
This paper presents practical fault attack results on six kinds of block ciphers listed in ISO/IEC 18033-3 that are implemented on an LSI: AES, DES, Camellia, CAST-128, SEED, and MISTY1. We developed an experimental environment that injects faults into any desired round by supplying a clock signal with a glitch. We examined practical attack assumptions and the fault model based on experimental results. We also succeeded in recovering AES keys in the LSI using Piret's attack, which uses only one faulty cipher text obtained using the proposed experimental environment.