Cryptology ePrint Archive: Report 2016/850

Lightweight Fault Attack Resistance in Software Using Intra-Instruction Redundancy

Conor Patrick and Bilgiday Yuce and Nahid Farhady Ghalaty and Patrick Schaumont

Abstract: Fault attack countermeasures can be implemented by storing or computing sensitive data in redundant form, such that the faulty data can be detected and restored. We present a class of lightweight, portable software countermeasures for block ciphers. Our technique is based on redundant bit-slicing, and it is able to detect faults in the execution of a single instruction. In comparison to earlier techniques, we are able to intercept data faults as well as instruction sequence faults using a uniform technique. Our countermeasure thwarts precise bit-fault injections through pseudo-random shifts in the allocation of data bit-slices. We demonstrate our solution on a full AES design and confirm the claimed security protection through a detailed fault simulation for a 32-bit embedded processor. We also quantify the overhead of the proposed fault countermeasure, and find a minimal increase in footprint (14%), and a moderate performance overhead between 125% to 317%, depending on the desired level of fault-attack resistance.

Category / Keywords: implementation / Fault attacks, Fault resistance, Intra-instruction redundancy, Bitslicing, Block ciphers

Original Publication (in the same form): Selected Areas in Cryptography (SAC 2016)

Date: received 2 Sep 2016, last revised 7 Sep 2016

Contact author: conorpp at vt edu

Available format(s): PDF | BibTeX Citation

Version: 20160907:141643 (All versions of this report)

Short URL: ia.cr/2016/850

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]