You are looking at a specific version 20210628:072702 of this paper. See the latest version.

Paper 2019/959

Table Redundancy Method for Protecting against Fault Attacks

Seungkwang Lee and Nam-su Jho and Myungchul Kim

Abstract

Fault attacks (FA) intentionally inject some fault into the encryption process for analyzing a secret key based on faulty intermediate values or faulty ciphertexts. One of the easy ways for software-based countermeasures is to use time redundancy. However, existing methods can be broken by skipping comparison operations or by using non-uniform distributions of faulty intermediate values. In this paper, we propose a secure software-based redundancy, aptly named table redundancy, applying different linear and nonlinear transformations to redundant computations of table-based block cipher structures. To reduce the table size and the number of lookups, some outer tables that are not subjected to FA are shared, while the inner tables are protected by table redundancy. The basic idea is that different transformations protecting redundant computations are correctly decoded if the redundant outcomes are combined without faulty values. In addition, this recombination provides infective computations because a faulty byte is likely to propagate its error to adjacent bytes due to the use of 32-bit linear transformations. Our method also presents a stateful feature in the connection with detected faults and subsequent plaintexts for preventing iterative fault injection. We demonstrate the protection of AES-128 against FA and show a negligible advantage of FA.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. IEEE ACCESS
DOI
10.1109/ACCESS.2021.3092314
Keywords
Software cryptographyfault attackscountermeasureconcurrent error detectionAES.
Contact author(s)
skwang @ etri re kr
History
2021-06-28: last of 12 revisions
2019-08-23: received
See all versions
Short URL
https://ia.cr/2019/959
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.