Paper 2016/850

Lightweight Fault Attack Resistance in Software Using Intra-Instruction Redundancy

Conor Patrick, Bilgiday Yuce, Nahid Farhady Ghalaty, and Patrick Schaumont


Fault attack countermeasures can be implemented by storing or computing sensitive data in redundant form, such that the faulty data can be detected and restored. We present a class of lightweight, portable software countermeasures for block ciphers. Our technique is based on redundant bit-slicing, and it is able to detect faults in the execution of a single instruction. In comparison to earlier techniques, we are able to intercept data faults as well as instruction sequence faults using a uniform technique. Our countermeasure thwarts precise bit-fault injections through pseudo-random shifts in the allocation of data bit-slices. We demonstrate our solution on a full AES design and confirm the claimed security protection through a detailed fault simulation for a 32-bit embedded processor. We also quantify the overhead of the proposed fault countermeasure, and find a minimal increase in footprint (14%), and a moderate performance overhead between 125% to 317%, depending on the desired level of fault-attack resistance.

Available format(s)
Publication info
Published elsewhere. Selected Areas in Cryptography (SAC 2016)
Fault attacksFault resistanceIntra-instruction redundancyBitslicingBlock ciphers
Contact author(s)
conorpp @ vt edu
2016-09-07: received
Short URL
Creative Commons Attribution


      author = {Conor Patrick and Bilgiday Yuce and Nahid Farhady Ghalaty and Patrick Schaumont},
      title = {Lightweight Fault Attack Resistance in Software Using Intra-Instruction Redundancy},
      howpublished = {Cryptology ePrint Archive, Paper 2016/850},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.