Cryptography Reference
In-Depth Information
At cycle
n
1, op
r
2
is executed on
B
r
2
for completion of the round operation op
r
,
while inverse-op
r
1
is executed in parallel for cross-checking with the op
r
1
executed
at cycle
n
. Taking advantage of the optimized hardware of the compact implementa-
tion, (encryption and decryption operations share the same hardware when possible),
execution of inverse-op
r
1
does not require extra hardware compared to op
r
1
.Error
latency is short (half-round level), and the error detection scheme does not affect
much the performance of the initial compact implementation (at most 14.5 %).
Maistri, Vanhauwaert and Leveugle [265] propose a design solution that exploits
temporal redundancy with a Double-Data-Rate (DDR) mechanism. The pipelined
AES data path logic is partitioned into two classes, where nonadjacent stages in the
pipeline are driven by two opposite clock signals. The DDR architecture allows us
to halve the number of clock cycles per round, though maybe with a light impact
on clock frequency compared with a design without protection. It takes advantage
of the free cycles for recomputing the round on the same hardware. Two successive
round operation outputs obtained from two copies of the same input data are checked
for possible mismatches. A fault injection campaign performed on the low-area AES
architecture from [267] shows an almost maximal error detection rate on the data-path
at the cost of 36 % area overhead.
Temporal redundancy provides high error detection rates as long as both data
under comparison are not affected by the same error. It assumes the attacker is able
to induce two faults with identical affect on the structure at different times, i.e. during
the first and the second operations to compare. The implementation of such attacks is
all the more tricky as the two operations are different, for instance when the data input
is first encrypted (first operation) and then decrypted (second operation) for cross-
checking [218]. Conversely, the protection scheme based on hardware redundancy
(simple duplication) can be fooled by the injection of two identical faults (same
location) at the same time into the two versions of the circuit. Again, the attack
implementation becomes more complex when the two circuits under comparison
have different structural implementations.
+
6.4.2 Information Redundancy
Error detection codes check for a possible mismatch between a code predicted for
an output from the current input and the code of the actual output of the process.
Code prediction is performed in parallel with the main process (algorithm, round,
operation) in such a way that predicted and actual codes can be compared at the end.
Wu et al. [424] compared predicted and actual codes at the round level on a 128-bit
iterated AES hardware implementation with ROM-based S-Boxes (Fig.
6.3
). For the
prediction, a parity bit is computed for the 128-bit input of the round
P
(
)
(
)
is
then updated according to the round operations. For each S-Box
S
i
, a parity bit is
predicted for words composed by its input
x
.
P
x
. The 16
parity bits so calculated for the 16 S-Boxes are then added to obtain a single parity
bit
(
x
i
)
and the expected output
(
y
i
)
(
P
(
x
)
⊕
P
(
y
))
. This parity bit is added again to the input parity bit
P
(
x
)
so that
