Cryptology ePrint Archive: Report 2018/203

Impeccable Circuits

Anita Aghaie and Amir Moradi and Shahram Rasoolzadeh and Aein Rezaei Shahmirzadi and Falk Schellenberg and Tobias Schneider

Abstract: By injecting faults, active physical attacks pose serious threats to cryptographic hardware where Concurrent Error Detection (CED) schemes are promising countermeasures. They are usually based on an Error-Detecting Code (EDC) which enables detecting certain injected faults depending on the specification of the underlying code. Here, we propose a methodology to enable correct, practical, and robust implementation of code-based CEDs. We show that straightforward hardware implementations of given code-based CEDs can suffer from severe vulnerabilities, not providing the desired protection level. In particular, propagation of faults into combinatorial logic is often ignored in security evaluation of these schemes. First, we formally define this detrimental effect and demonstrate its destructive impact. Second, we introduce an implementation strategy to limit the fault propagation effect. Third, in contrast to many other works where the fault coverage is the main focus, we present a detailed implementation strategy which can guarantee the detection of any fault covered by the underlying EDC. This holds for any time of the computation and any location in the circuit, both in data processing and control unit. In short, we provide practical guidelines how to construct efficient CED schemes with arbitrary EDCs to achieve the desired protection level. We practically evaluate the efficiency of our methodology by case studies covering different symmetric block ciphers and various linear EDCs.

Category / Keywords: implementation / Fault Attack, Fault Coverage, Error Detecting Code, Concurrent Error Detection

Original Publication (with minor differences): IEEE Transactions on Computers

Date: received 19 Feb 2018, last revised 24 Oct 2019

Contact author: amir moradi at rub de

Available format(s): PDF | BibTeX Citation

Note: Compared to the published version at IEEE, this version includes the results of the application of the underlying scheme on more block ciphers (PRESENT, Skinny, Midori, GIFT, LED, SIMON and AES). The HDL codes an be found at github:

Version: 20191024:081920 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]