SPSA: Semi-Permanent Stuck-At fault analysis of AES Rijndael SBox

Fault attacks have gained particular attention in recent years as they present a severe threat to security in rapidly rising Internet-of-Things (IoT) devices. IoT devices generally are security-critical with resource constraints, such as small area footprint, low power, and memory consumption. Combinational circuit implementations of SBox are more efficient in terms of area, power, and memory requirements and, thus, preferable over look-up table implementation in these resource-constrained environments. In this work, we analyze an optimized combinatorial circuit implementation of AES SBox against a novel fault analysis technique, semi-permanent stuck-at (SPSA) fault analysis. We pinpoint SPSA hotspots in a combinational implementation of AES SBox that weaken the cryptographic properties of the SBox, leading to key recovery attacks. We present a key recovery attack based on improbable candidate elimination termed as SPSA attack. We observe that the hotspots can be categorized based on the method used for key recovery. The categories comprise hotspots vulnerable to direct key recovery, hotspots vulnerable against presented SPSA attacks, and hotspots vulnerable to other classical cryptanalysis techniques. Threshold implementation (TI) is among the widely adopted countermeasures to thwart power-based side-channel attacks. We evaluate a TI of AES SBox against the proposed SPSA fault analysis. In addition, we demonstrate the proposed attack on a low-latency cipher, PRINCE. Our work investigates new vulnerabilities against fault analysis in combinational circuit implementation.