"Fault attacks is an active area of research in cryptography, currently explored in hundreds of research papers and dedicated conferences. This book is the first comprehensive treatment of the subject covering both the theory and practice of these attacks as well as defense techniques. ... Preventing fault attacks without sacrificing performance is nontrivial. Over the years a number of innovative ideas have been proposed for efficiently verifying cryptographic computations. Many defense strategies are described in the book, some of which are already deployed in real-world cryptographic libraries. Nevertheless, many implementations remain vulnerable. I was thrilled to see the material covered in the book and hope that it will make fault defense standard practice in the minds of developers." (Dan Boneh, Stanford University)

"Among the well-studied side-channel analysis techniques, fault analysis might be the most powerful for recovering the secret value in the computation of a cryptographic algorithm. ... This book contains sufficient information for people who have not studied fault analysis before. It will be a handy book for self-study for both security engineers and academic researchers." (Zheng Gong, Computing Reviews, October 11, 2012)

Part I - Introductory Material.- Chap. 1 Side-Channel Analysis and Its Relevance to Fault Attacks.- Part II Fault Analysis in Secret Key Cryptography.- Chap. 2 Attacking Block Ciphers.- Chap. 3 Differential Fault Analysis of DES.- Chap. 4 Differential Fault Analysis of the Advanced Encryption Standard.- Chap. 5 Countermeasures for Symmetric-Key Ciphers.- Chap. 6 On Countermeasures Against Fault Attacks on Advanced Encryption Standard.- Part III Fault Analysis in Public Key Cryptography.- Chap. 7 A Survey of Differential Fault Analysis Against Classical RSA Implementations.- Chap. 8 Fault Attacks Against RSA-CRT Implementation.- Chap. 9 Fault Attacks on Elliptic Curve Cryptosystems .- Chap. 10 On Countermeasures Against Fault Attacks on Elliptic Curve Cryptography Using Fault Detection.- Chap. 11 Design of Cryptographic Devices Resilient to Fault Injection Attacks Using Nonlinear Robust Codes.- Chap. 12 Lattice-Based Fault Attacks on Signatures.- Chap. 13 Fault Attacks on Pairing Based Cryptography.- Part IV Miscellaneous.- Chap. 14 Fault Attacks on Stream Ciphers.- Chap. 15 Interaction Between Fault Attack Countermeasures and the Resistance Against Power Analysis Attacks.- Part V Implementing Fault Attacks.- Chap. 16 Injection Technologies for Fault Attacks on Microprocessors.- Chap. 17 Global Faults on Cryptographic Circuits.- Chap. 18 Fault Injection and Key Retrieval Experiments on an Evaluation Board.- References.

Dr. Marc Joye gained a Habilitation (HDR) degree in Computer Science from the Université de Toulouse II in 2003; from 1999 to 2006, he worked in the Card Security Group of Gemplus (now Gemalto), and he has been a member of the Security & Content Protection Labs of Technicolor since 2006; he has published over 100 scientific articles on many aspects of cryptology, including side-channel attacks and fault attacks. Dr. Mike Tunstall is a researcher in the Bristol Cryptography Group at the University of Bristol; his research interests include smart card security, secure embedded software design; fault-based differential cryptanalysis, fault attacks, and side-channel analysis.

In the 1970s researchers noticed that radioactive particles produced by elements naturally present in packaging material could cause bits to flip in sensitive areas of electronic chips. Research into the effect of cosmic rays on semiconductors, an area of particular interest in the aerospace industry, led to methods of hardening electronic devices designed for harsh environments. Ultimately various mechanisms for fault creation and propagation were discovered, and in particular it was noted that many cryptographic algorithms succumb to so-called fault attacks.

Preventing fault attacks without sacrificing performance is nontrivial and this is the subject of this book. Part I deals with side-channel analysis and its relevance to fault attacks. The chapters in Part II cover fault analysis in secret key cryptography, with chapters on block ciphers, fault analysis of DES and AES, countermeasures for symmetric-key ciphers, and countermeasures against attacks on AES. Part III deals with fault analysis in public key cryptography, with chapters dedicated to classical RSA and RSA-CRT implementations, elliptic curve cryptosystems and countermeasures using fault detection, devices resilient to fault injection attacks, lattice-based fault attacks on signatures, and fault attacks on pairing-based cryptography. Part IV examines fault attacks on stream ciphers and how faults interact with countermeasures used to prevent power analysis attacks. Finally, Part V contains chapters that explain how fault attacks are implemented, with chapters on fault injection technologies for microprocessors, and fault injection and key retrieval experiments on a widely used evaluation board.

This is the first book on this topic and will be of interest to researchers and practitioners engaged with cryptographic engineering.