Paper 2013/613

Recomputing with Permuted Operands: A Concurrent Error Detection Approach

Xiaofei Guo and Ramesh Karri

Abstract

Naturally occurring and maliciously injected faults reduce the reliability of cryptographic hardware and may leak confidential information. We develop a concurrent error detection (CED) technique called Recomputing with Permuted Operands (REPO). We show that it is cost effective in Advanced Encryption Standard (AES) and a secure hash function Grøstl. We provide experimental results and formal proofs to show that REPO detects all single-bit and single-byte faults. Experimental results show that REPO achieves close to 100% fault coverage for multiple byte faults. The hardware and throughput overheads are compared with those of previously reported CED techinques on two Xilinx Virtex FPGAs. The hardware overhead is 12.4-27.3%, and the throughput is 1.2-23Gbps, depending on the AES architecture, FPGA family, and detection latency. The performance overhead ranges from 10% to 100% depending on the security level. Moreover, the proposed technique can be integrated into various block cipher modes of operation. We also discuss the limitation of REPO and its potential vulnerabilities.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. IEEE Transactions on Computer-Aided Design, vol.32, no.10, pp.1595--1608, Oct. 2013
DOI
10.1109/TCAD.2013.2263037
Keywords
Concurrent error detectionDifferential fault analysisFault attack
Contact author(s)
xg243 @ nyu edu
History
2014-02-27: last of 3 revisions
2013-09-24: received
See all versions
Short URL
https://ia.cr/2013/613
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/613,
      author = {Xiaofei Guo and Ramesh Karri},
      title = {Recomputing with Permuted Operands: A Concurrent Error Detection Approach},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/613},
      year = {2013},
      doi = {10.1109/TCAD.2013.2263037},
      url = {https://eprint.iacr.org/2013/613}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.