Low cost concurrent error detection for the advanced encryption standard

We present a new low-cost concurrent checking method for the advanced encryption standard (AES) encryption algorithm. In this method, the parity of the 128-bit input is determined and modified step-by-step into the parity of the 128-bit output according to the processing steps of the AES encryption. For the parity-preserving AES steps shift-rows and mix-column no parity modifications are necessary. The modified parity is compared in any round with the actual parity of the outputs of the round. To obtain the hardware costs we implemented this method on a Xilinx Virtex 1000 FPGA. For this implementation, the hardware overhead is about 8% and the additional time delay is about 5%. The method detects technical faults and deliberately injected faults during normal operation.

[1]  Kris Gaj,et al.  Very Compact FPGA Implementation of the AES Algorithm , 2003, CHES.

[2]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[3]  Ramesh Karri,et al.  Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers , 2003, CHES.

[4]  Ramesh Karri,et al.  Concurrent error detection of fault-based side-channel cryptanalysis of 128-bit symmetric block ciphers , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[5]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[6]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[7]  Jean-Didier Legat,et al.  Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs , 2003, CHES.

[8]  Israel Koren,et al.  On the propagation of faults and their detection in a hardware implementation of the Advanced Encryption Standard , 2002, Proceedings IEEE International Conference on Application- Specific Systems, Architectures, and Processors.

[9]  Howard M. Heys,et al.  Avalanche Characteristics of Substitution-Permutation Encryption Networks , 1995, IEEE Trans. Computers.

[10]  Israel Koren,et al.  Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard , 2003, IEEE Trans. Computers.

[11]  Ramesh Karri,et al.  Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers , 2002, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[12]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.