Power Attacks Resistance of Cryptographic S-boxes with added Error Detection Circuits

Many side-channel attacks on implementations of cryptographic algorithms have been developed in recent years demonstrating the ease of extracting the secret key. In response, various schemes to protect cryptographic devices against such attacks have been devised and some implemented in practice. Almost all of these protection schemes target an individual side-channel attack and consequently, it is not obvious whether a scheme for protecting the device against one type of side- channel attacks may make the device more vulnerable to another type of side-channel attacks. We examine in this paper the possibility of such a negative impact for the case where fault detection circuitry is added to a device (to protect it against fault injection attacks) and analyze the resistance of the modified device to power attacks. To simplify the analysis we focus on only one component in the cryptographic device (namely, the S-box in the AES and Kasumi ciphers), and perform power attacks on the original implementation and on a modified implementation with an added parity check circuit. Our results show that the presence of the parity check circuitry has a negative impact on the resistance of the device to power analysis attacks.

[1]  George S. Taylor,et al.  Improving smart card security using self-timed circuits , 2002, Proceedings Eighth International Symposium on Asynchronous Circuits and Systems.

[2]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[3]  Robert H. Deng,et al.  Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults , 1997, Security Protocols Workshop.

[4]  Berk Sunar,et al.  Robust Finite Field Arithmetic for Fault-Tolerant Public-Key Cryptography , 2006, FDTC.

[5]  Ramesh Karri,et al.  Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers , 2003, CHES.

[6]  C. D. Walter,et al.  MIST: An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis , 2002, CT-RSA.

[7]  Henk L. Muller,et al.  Random Register Renaming to Foil DPA , 2001, CHES.

[8]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[9]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[10]  Israel Koren,et al.  Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard , 2003, IEEE Trans. Computers.

[11]  Henk L. Muller,et al.  Non-deterministic Processors , 2001, ACISP.

[12]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[13]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[14]  Rainer Laur,et al.  On the VLSI implementation of the international data encryption algorithm IDEA , 1995, Proceedings of ISCAS'95 - International Symposium on Circuits and Systems.

[15]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.