Cryptology ePrint Archive: Report 2019/959

Table Redundancy Method for Protecting against Fault Attacks

Seungkwang Lee and Nam-su Jho and Myungchul Kim

Abstract: Fault attacks (FA) intentionally inject some fault into the encryption process for analyzing a secret key based on faulty intermediate values or faulty ciphertexts. One of the easy ways for software-based countermeasures is to use time redundancy. However, existing methods can be broken by skipping comparison operations or by using non-uniform distributions of faulty intermediate values. In this paper, we propose a secure software-based redundancy, aptly named table redundancy, applying different linear and nonlinear transformations to redundant computations of table-based block cipher structures. To reduce the table size and the number of lookups, some outer tables that are not subjected to FA are shared, while the inner tables are protected by table redundancy. The basic idea is that different transformations protecting redundant computations are correctly decoded if the redundant outcomes are combined without faulty values. In addition, this recombination provides infective computations because a faulty byte is likely to propagate its error to adjacent bytes due to the use of 32-bit linear transformations. Our method also presents a stateful feature in the connection with detected faults and subsequent plaintexts for preventing iterative fault injection. We demonstrate the protection of AES-128 against FA and show a negligible advantage of FA.

Category / Keywords: secret-key cryptography / Software cryptography, fault attacks, countermeasure, concurrent error detection, AES.

Original Publication (in the same form): IEEE ACCESS
DOI:
10.1109/ACCESS.2021.3092314

Date: received 23 Aug 2019, last revised 28 Jun 2021

Contact author: skwang at etri re kr

Available format(s): PDF | BibTeX Citation

Version: 20210628:072702 (All versions of this report)

Short URL: ia.cr/2019/959


[ Cryptology ePrint archive ]