Algebraic manipulation detection codes and their applications for design of secure cryptographic devices

Cryptographic devices are vulnerable to fault injection attacks. All previous countermeasures against fault injection attacks based on error detecting codes assume that the attacker cannot simultaneously control the fault-free outputs of a device-under-attack and error patterns. For advanced attackers who are able to control both of the above two aspects, traditional protections can be easily compromised. In this paper, we propose optimal algebraic manipulation detection (AMD) codes based on the nonlinear encoding functions and the random number generators. The proposed codes can provide a guaranteed high error detecting probability even if the attacker can fully control the fault-free outputs of a device-under-attack as well as the error patterns. As a case study, we present the protection architectures based on AMD codes for multipliers in Galois fields used for the elliptic curve cryptography. The results show that the proposed architecture can provide a very low error masking probability at the cost of a reasonable area overhead. The protected multiplier has no latency penalty when the predictor is pipelined.

[1]  Mark G. Karpovsky,et al.  Design of Memories with Concurrent Error Detection and Correction by Nonlinear SEC-DED Codes , 2010, J. Electron. Test..

[2]  Mark G. Karpovsky,et al.  Non-linear Residue Codes for Robust Public-Key Arithmetic , 2006, FDTC.

[3]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[4]  Mark G. Karpovsky,et al.  New class of nonlinear systematic error detecting codes , 2004, IEEE Transactions on Information Theory.

[5]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[6]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[7]  Eiji Fujiwara,et al.  Error-control coding for computer systems , 1989 .

[8]  E. F. Assmus POLYNOMIAL CODES AND FINITE GEOMETRIES , 2003 .

[9]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[10]  Mark G. Karpovsky,et al.  Comparative Analysis of Robust Fault Attack Resistant Architectures for Public and Private Cryptosystems , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[11]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement From Close Secrets , 2006, IEEE Transactions on Information Theory.

[12]  Moti Yung,et al.  A Comparative Cost/Security Analysis of Fault Attack Countermeasures , 2006, FDTC.

[13]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[14]  Berk Sunar,et al.  A Provably Secure True Random Number Generator with Built-In Tolerance to Active Attacks , 2007, IEEE Transactions on Computers.

[15]  M. Anwar Hasan,et al.  A New Construction of Massey-Omura Parallel Multiplier over GF(2m) , 2002, IEEE Trans. Computers.

[16]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[17]  Israel Koren,et al.  Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard , 2003, IEEE Trans. Computers.

[18]  Shuhong Gao Normal Bases over Finite Fields , 1993 .

[19]  Mark G. Karpovsky,et al.  Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard , 2004, International Conference on Dependable Systems and Networks, 2004.

[20]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.