Glitching the way out of AES and finding the key in a low-power chip setup.

Fault attacks on AES

Stuck-at-0 fault in the last operation

For the output of the last round, let's say we had 10 rounds and used those. We have the ciphertext, that is the XOR of the 10th round key and the input from the previous stages. We can do a fault here, and see the output. It will contain the key.

Stuck-at-0 fault in key whitening

Similarly, we can do it in the first round as well. If the final ciphertexts in the glitched and non-glitched versions match, then the plaintext's bit was the same as the bit of the key, else, it was the not of the key.