Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults

The naive implementation of AES is known to be vulnerable to Differential Fault Analysis (DFA). We can find the key of AES-128 (AES with 128-bit key) with one pair of correct and faulty cipher texts. Recently several works on the extension of the attack to AES with 192 and 256-bit key have been published. Due to the longer key size and the characteristic of AES key schedule, we need subtle caution in attacking AES-192 and AES-256. We propose new DFA against AES with 192 and 256-bit key. We could retrieve AES-192 key with two pairs of correct and faulty cipher texts. With three pairs we could succeed in finding the key of AES-256. These are the minimal faults among the existing methods.Anglai