Cryptographic block ciphers, such as DES or AES, whether implemented in hardware or in software, can be the target of physical attacks. In such attacks, an attacker gathers information of various types during the operation of the block cipher. Types of information used in such attacks include:                side-channel information that leaks from the execution of the block cipher, such as power consumption, timing information or magnetic radiation;        information from differential or collision fault analysis;        both of the above.        
This information can be used by the attacker to uncover the secret key used during the execution of the block cipher.
Block ciphers operate on round keys, which are sub-keys that are derived from the secret or main key according to a key schedule, by an algorithm typically referred to as the key schedule. In general, side-channel or fault attacks lead to the recovery of a round key. Due to correlations between the main key and round keys inherent in the key schedule of block ciphers such as AES or DES, it is relatively easy to derive the secret key from a recovered round key.
An attacker can target the execution of the key schedule (in which case the attack is likely to be a template attack that models the signal obtained from the side-channel and its noise), the application of the block cipher in encryption or decryption, or both the key schedule and block cipher execution. In the current state of the art, the main key can be recovered from either operation using a single side channel attack or other attacks on a single sub-key. Examples of possible attacks include side channel analysis (CPA—Correlation Power Analysis, DPA—Differential Power Analysis), or DFA—Differential Fault Analysis of the encryption/decryption operation. For the key schedule algorithm, a template side-channel attack is an example of a feasible attack.
In one approach proposed in the literature (P. Junod and S. Vaudenay. FOX: a new family of block ciphers. Selected Areas in Cryptography 2004: Waterloo, Canada, Aug. 9-10, 2004. Lecture Notes in Computer Science. Springer-Verlag), the key schedule has been designed such that each round key is generated by applying a cryptographic, collision resistant and one-way function to the secret main key. In this way, correlations between round keys and between the round keys and the secret key are reduced or eliminated, so that an attack based on recovering a single round key using side-channel or fault analysis information is unlikely to succeed. While the use of a one-way function in this way to reduce correlations between keys is a step forward, further improvements in resilience to attacks, specifically side-channel or other physical attacks would be desirable.