WDDL is Protected Against Setup Time Violation Attacks

In order to protect crypto-systems against side channel attacks various countermeasures have been implemented such as dual-rail logic or masking. Faults attacks are a powerful tool to break some implementations of robust cryptographic algorithms such as AES and DES. Various kind of fault attacks scenarios have been published. However, very few publications available in the public literature detail the practical realization of such attacks. In this paper we present the result of a practical fault attack on AES in WDDL and its comparison with its non-protected equivalent. The practical faults on an FPGA running an AES encryptor are realized by under-powering it and further exploited using Piret's attack. The results show that WDDL is protected against setup violation attacks by construction because a faulty bit is replaced by a null bit in the ciphertext. Therefore, the fault leaks no exploitable information. We also give a theoretical model for the above results. Other references have already studied the potential of fault protection of the resynchronizing gates (delay-insensitive). In this paper, we show that non-resynchronizing gates (hence combinatorial DPL such as WDDL) are natively immune to setup time violation attacks.