Coding Schemes for Arithmetic and Logic Operations - How Robust Are They?

In the past many coding schemes have been proposed to render arithmetic and logic units fault tolerant. However, most schemes are suited for safety rather than for security applications, i.e. they were not designed to protect against malicious fault injections. Even articles considering an adversary as the source of faults restrict the error-detection discussion to partial fault models. In this article, we investigate the possibilities of an adversary to inject an undetected fault in different coding schemes. In contrast to other works, we analyze the interaction of erroneous operands and operations. Such an analysis yields quite different results than traditional evaluations. These new results show that each of the schemes has serious weaknesses and neither of them can guarantee a universal protection. Thus, a hybrid approach is favorable to counteract fault attacks.

[1]  G. Russell,et al.  Check bit prediction scheme using Dong's code for concurrent error detection in VLSI processors , 2000 .

[2]  T. R. N. Rao,et al.  Cyclic and multiresidue codes for arithmetic operations , 1971, IEEE Trans. Inf. Theory.

[3]  Michael Nicolaidis,et al.  Carry checking/parity prediction adders and ALUs , 2003, IEEE Trans. Very Large Scale Integr. Syst..

[4]  Edward J. McCluskey,et al.  Control-flow checking by software signatures , 2002, IEEE Trans. Reliab..

[5]  T. R. N. Rao,et al.  Biresidue Error-Correcting Codes for Computer Arithmetic , 1970, IEEE Transactions on Computers.

[6]  Jean-Jacques Quisquater,et al.  Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures , 2007, WISTP.

[7]  Arjen K. Lenstra Memo on RSA signature generation in the presence of faults , 1996 .

[8]  Israel Koren,et al.  Fault Diagnosis and Tolerance in Cryptography, Third International Workshop, FDTC 2006, Yokohama, Japan, October 10, 2006, Proceedings , 2006, FDTC.

[9]  J.-C. Lo,et al.  The efficient design of a strongly fault-secure ALU using a reduced Berger code for WSI processor arrays , 1993, 1993 Proceedings Fifth Annual IEEE International Conference on Wafer Scale Integration.

[10]  Jay M. Berger A Note on Error Detection Codes for Asymmetric Channels , 1961, Inf. Control..

[11]  David M. Mandelbaum,et al.  Arithmetic codes with large distance , 1967, IEEE Trans. Inf. Theory.

[12]  Ramesh Karri,et al.  Concurrent error detection of fault-based side-channel cryptanalysis of 128-bit symmetric block ciphers , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[13]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[14]  J.-C. Lo,et al.  Concurrent error detection in arithmetic and logical operations using Berger codes , 1989, Proceedings of 9th Symposium on Computer Arithmetic.

[15]  I. L. Sayers,et al.  Implementation of 32-bit RISC processor incorporating hardware concurrent error detection and correction , 1990 .

[16]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[17]  Berk Sunar,et al.  Robust Finite Field Arithmetic for Fault-Tolerant Public-Key Cryptography , 2006, FDTC.

[18]  Richard W. Hamming,et al.  Error detecting and error correcting codes , 1950 .

[19]  I. K. Proudler Idempotent AN codes , 1989 .

[20]  Christophe Giraud,et al.  On Second-Order Fault Analysis Resistance for CRT-RSA Implementations , 2009, WISTP.

[21]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.