Cryptology ePrint Archive: Report 2018/085

Protecting Block Ciphers against Differential Fault Attacks without Re-keying (Extended Version)

Anubhab Baksi and Shivam Bhasin and Jakub Breier and Mustafa Khairallah and Thomas Peyrin

Abstract: In this article, we propose a new method to protect block cipher implementations against Differential Fault Attacks (DFA). Our strategy, so-called ``Tweak-in-Plaintext'', ensures that an uncontrolled value (`tweak-in') is inserted into some part of the block cipher plaintext, thus effectively rendering DFA much harder to perform. Our method is extremely simple yet presents many advantages when compared to previous solutions proposed at AFRICACRYPT 2010 or CARDIS 2015. Firstly, we do not need any Tweakable block cipher, nor any related-key security assumption (we do not perform any re-keying). Moreover, performance for lightweight applications is improved, and we do not need to send any extra data. Finally, our scheme can be directly used with standard block ciphers such as AES or PRESENT. Experimental results show that the throughput overheads, for incorporating our scheme into AES-128, range between $\approx$ 5\% to $\approx$ 26.9\% for software, and between $\approx$ 3.1\% to $\approx$ 25\% for hardware implementations; depending on the tweak-in size.

Category / Keywords: secret-key cryptography / fault attacks, block ciphers, protection

Original Publication (with major differences): IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2018

Date: received 22 Jan 2018, last revised 6 Feb 2018

Contact author: anubhab001 at e ntu edu sg

Available format(s): PDF | BibTeX Citation

Version: 20180206:112838 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]