Fault propagation pattern based relevant faulty ciphertexts filtering towards DFA on AES

Basically, Differential Fault Analysis (DFA) against ciphers consists of two stages: fault induction and fault exploitation. Success rate of the latter strongly depends upon the availability of the required type of some faulty ciphertexts, which typically assumes that adversaries have precise control over the location, timing and/or even the type of the fault induced. In view of this, there seems to be a technical gap between these two stages. In this paper, by amplifying the fault propagation pattern inherent in block ciphers, we propose an algorithmic method to narrow this gap, or to relax the underlying assumption. Our method provides a faulty ciphertext filtering process between two basic stages in DFA. This additional process equips adversaries with the capabilities to deterministically decide whether or not one faulty ciphertext is relevant to a specific DFA, before or without performing DFA itself. We take AES as a concrete case of study and conduct theoretical analysis and simulation experiments as well, the results of which strongly demonstrate the validity and power of our proposed filtering method.