Paper 2019/919

Detecting Faults in Inner Product Masking Scheme - IPM-FD: IPM with Fault Detection (extended version∗)

Wei Cheng, Claude Carlet, Kouassi Goli, Sylvain Guilley, and Jean-Luc Danger

Abstract

Side-channel analysis and fault injection attacks are two typical threats to cryptographic implementations, especially in modern embedded devices. Thus there is an insistent demand for dual side-channel and fault injection protections. As it is known, masking is a kind of provable countermeasure against side-channel attacks. Recently, inner product masking (IPM) was proposed as a promising higher-order masking scheme against side-channel analysis, but not for fault injection attacks. In this paper, we devise a new masking scheme named IPM-FD. It is built on IPM, which enables fault detection. This novel masking scheme has three properties: the security orders in the word-level probing model, bit-level probing model, and the number of detected faults. IPM-FD is proven secure both in the word-level and in the bit-level probing models, and allows for end-to-end fault detection against fault injection attacks. Furthermore, we illustrate its security order by interpreting IPM-FD as a coding problem then linking it to one defining parameters of linear code, and show its implementation cost by applying IPM-FD to AES-128.

Note: This is the extended version of the paper accepted by PROOFS 2019, which is accepted by *Journal of Cryptographic Engineering* (JCEN). We notice that there is a bug in the published version of JCEN. Specifically, in Lemma 1, two matrices G and H should be one on top of each other. Hence, we put the corrected version here to be freely available to all researchers.