Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers

Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption algorithms. In this paper we will describe parity code based concurrent error detection (CED) approach against such attacks in substitution-permutation network (SPN) symmetric block ciphers [22]. The basic idea compares a carefully modified parity of the input plain text with that of the output cipher text resulting in a simple CED circuitry. An analysis of the SPN symmetric block ciphers reveals that on one hand, permutation of the round outputs does not alter the parity from its input to its output. On the other hand, exclusive-or with the round key and the non-linear substitution function (s-box) modify the parity from their inputs to their outputs. In order to change the parity of the inputs into the parity of outputs of an SPN encryption, we exclusive-or the parity of the SPN round function output with the parity of the round key. We also add to all s-boxes an additional 1-bit binary function that implements the combined parity of the inputs and outputs to the s-box for all its (input, output) pairs. These two modifications are used only by the CED circuitry and do not impact the SPN encryption or decryption. The proposed CED approach is demonstrated on a 16-input, 16-output SPN symmetric block cipher from [1].

[1]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[2]  Wolfgang Fichtner,et al.  VINCI: Secure test of a VLSI high-speed encryption system , 1993, Proceedings of IEEE International Test Conference - (ITC).

[3]  Howard M. Heys,et al.  Avalanche Characteristics of Substitution-Permutation Encryption Networks , 1995, IEEE Trans. Computers.

[4]  Bruce Schneier,et al.  Side Channel Cryptanalysis of Product Ciphers , 1998, J. Comput. Secur..

[5]  Ramesh Karri,et al.  Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers , 2002, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[6]  Rainer Laur,et al.  On the VLSI implementation of the international data encryption algorithm IDEA , 1995, Proceedings of ISCAS'95 - International Symposium on Circuits and Systems.

[7]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[8]  Israel Koren,et al.  Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard , 2003, IEEE Trans. Computers.

[9]  Israel Koren,et al.  A parity code based fault detection for an implementation of the Advanced Encryption Standard , 2002, 17th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems, 2002. DFT 2002. Proceedings..

[10]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[11]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[12]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[13]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[14]  Israel Koren,et al.  On the propagation of faults and their detection in a hardware implementation of the Advanced Encryption Standard , 2002, Proceedings IEEE International Conference on Application- Specific Systems, Architectures, and Processors.

[15]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[16]  Howard M. Heys,et al.  A TUTORIAL ON LINEAR AND DIFFERENTIAL CRYPTANALYSIS , 2002, Cryptologia.

[17]  Enrique Mandado,et al.  Concurrent error detection in block ciphers , 2000, Proceedings International Test Conference 2000 (IEEE Cat. No.00CH37159).

[18]  Ramesh Karri,et al.  Concurrent error detection of fault-based side-channel cryptanalysis of 128-bit symmetric block ciphers , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[19]  Stafford E. Tavares,et al.  On the Design of S-Boxes , 1985, CRYPTO.