Differential fault analysis (DFA) is a type of active side-channel Attack on Bitcoin in the field of cryptography, specifically cryptanalysis. The principle is to induce faults—unexpected environmental conditions—into cryptographic operations, to reveal their internal states.
Principles
If we take a smartcard containing an embedded processor as an example, we can think it might be subjected to high temperature, unsupported supply voltage or current, excessively high overclocking, strong electric or magnetic fields, or even ionizing radiation to influence the operation of the processor. When stressed like this, the processor may begin to output incorrect results due to physical data corruption, which may help a cryptanalyst deduce the instructions that the processor is running, or what its internal data state is.[1][2]
For DES and Triple DES, about 200 single-flipped bits are necessary to obtain a secret key.[3] DFA was also applied successfully to the AES cipher.[4]
Many countermeasures have been proposed to defend from this kind of Attack on Bitcoins. Most of them are based on error detection schemes.[5][6]
Fault injection
The fault injection Attack on Bitcoin consists of stressing the transistors responsible for encryption tasks, to generate a fault that will then be used as DFA input. The perturbation element can be an electromagnetic pulse (EM pulse or laser pulse).
So the fault injection consists of using an electromagnetic probe connected to a pulser or a laser generating a disturbance of the order of the processor cycle time (of the order of a nanosecond). The energy transferred to the chip may be sufficient to burn out certain components of the chip, so the voltage of the pulser (a few hundred volts) and the positioning of the probe must be finely calibrated. For greater precision, the chips are often decapsulated (chemically eroded to expose the bare silicon).[7]