Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers

Fault-based side-channel cryptanalysis is very effective against symmetric and asymmetric encryption algorithms. Although straightforward hardware and time redundancy-based concurrent error detection (CED) architectures can be used to thwart such attacks, they entail significant overheads (either area or performance). The authors investigate systematic approaches to low-cost low-latency CED techniques for symmetric encryption algorithms based on inverse relationships that exist between encryption and decryption at algorithm level, round level, and operation level and develop CED architectures that explore tradeoffs among area overhead, performance penalty, and fault detection latency. The proposed techniques have been validated on FPGA implementations of Advanced Encryption Standard (AES) finalist 128-bit symmetric encryption algorithms.

[1]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[2]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[3]  Wolfgang Fichtner,et al.  VINCI: Secure test of a VLSI high-speed encryption system , 1993, Proceedings of IEEE International Test Conference - (ITC).

[4]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[5]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[6]  Jered J. Floyd,et al.  6.857 Computer & Network Security Final Project: Diierential Fault Analysis , 1996 .

[7]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[8]  Bruce Schneier,et al.  The Twofish encryption algorithm: a 128-bit block cipher , 1999 .

[9]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[10]  Rainer Laur,et al.  On the VLSI implementation of the international data encryption algorithm IDEA , 1995, Proceedings of ISCAS'95 - International Symposium on Circuits and Systems.

[11]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[12]  Ross J. Anderson Crypto in Europe - Markets, Law and Policy , 1995, Cryptography: Policy and Algorithms.

[13]  Melvin A. Breuer,et al.  Digital systems testing and testable design , 1990 .

[14]  Wim van Eck,et al.  Electromagnetic radiation from video display units: An eavesdropping risk? , 1985, Comput. Secur..

[15]  Serge Vaudenay,et al.  An experiment on DES statistical cryptanalysis , 1996, CCS '96.

[16]  Bruce Schneier,et al.  Side Channel Cryptanalysis of Product Ciphers , 1998, J. Comput. Secur..

[17]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[18]  Carlo Harpes,et al.  Partitioning Cryptanalysis , 1997, FSE.

[19]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[20]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[21]  Shai Halevi,et al.  MARS - a candidate cipher for AES , 1999 .

[22]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[23]  Enrique Mandado,et al.  Concurrent error detection in block ciphers , 2000, Proceedings International Test Conference 2000 (IEEE Cat. No.00CH37159).