Paper 2009/119

A Continuous Fault Countermeasure for AES Providing a Constant Error Detection Rate

Marcel Medwed

Abstract

Many implementations of cryptographic algorithms have shown to be susceptible to fault attacks. For some of them, countermeasures against specific fault models have been proposed. However, for symmetric algorithms like AES, the main focus of available countermeasures lies on performance so that their achieved error detection rates are rather low or not determinable at all. Even worse, those error detection rates only apply to specific parts of the cipher. In this paper we present a way to achieve a constantly higher error detection rate throughout the whole algorithm while assuming a much stronger adversary model than in previous papers. Furthermore, we propose solutions for two very important, unsolved questions: First, how to do secure and efficient table lookups in redundant algebras. Second, how to implement secure correctness checks to verify the result in a scenario where the adversary can manipulate comparisons. Our paper is therefore the first one to construct a sound and continuous AES fault countermeasure with an attacker-independent minimum error detection rate.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
Fault attackscountermeasureAESEAN+B codesredundant table lookupssecure correctness checks.
Contact author(s)
marcel medwed @ iaik tugraz at
History
2009-03-15: received
Short URL
https://ia.cr/2009/119
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/119,
      author = {Marcel Medwed},
      title = {A Continuous Fault Countermeasure for {AES} Providing a Constant Error Detection Rate},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/119},
      year = {2009},
      url = {https://eprint.iacr.org/2009/119}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.