Cryptology ePrint Archive: Report 2019/919

Detecting Faults in Inner Product Masking Scheme - IPM-FD: IPM with Fault Detection (extended version∗)

Wei Cheng and Claude Carlet and Kouassi Goli and Sylvain Guilley and Jean-Luc Danger

Abstract: Side-channel analysis and fault injection attacks are two typical threats to cryptographic implementations, especially in modern embedded devices. Thus there is an insistent demand for dual side-channel and fault injection protections. As it is known, masking is a kind of provable countermeasure against side-channel attacks. Recently, inner product masking (IPM) was proposed as a promising higher-order masking scheme against side-channel analysis, but not for fault injection attacks. In this paper, we devise a new masking scheme named IPM-FD. It is built on IPM, which enables fault detection. This novel masking scheme has three properties: the security orders in the word-level probing model, bit-level probing model, and the number of detected faults. IPM-FD is proven secure both in the word-level and in the bit-level probing models, and allows for end-to-end fault detection against fault injection attacks.

Furthermore, we illustrate its security order by interpreting IPM-FD as a coding problem then linking it to one defining parameters of linear code, and show its implementation cost by applying IPM-FD to AES-128.

Category / Keywords: Side-channel Analysis, Inner Product Masking, Fault Detection

Original Publication (with minor differences): Journal of Cryptographic Engineering
DOI:
10.1007/s13389-020-00227-6

Date: received 12 Aug 2019, last revised 16 Jun 2020

Contact author: wei cheng at telecom-paristech fr

Available format(s): PDF | BibTeX Citation

Note: This is the extended version of the paper accepted by PROOFS 2019, which is accepted by *Journal of Cryptographic Engineering* (JCEN). We notice that there is a bug in the published version of JCEN. Specifically, in Lemma 1, two matrices G and H should be one on top of each other. Hence, we put the corrected version here to be freely available to all researchers.

Version: 20200616:221801 (All versions of this report)

Short URL: ia.cr/2019/919


[ Cryptology ePrint archive ]