Cryptography Reference
In-Depth Information
Fig. 6.4
Parity per byte [34]
the parity bits of the corresponding round key. We will refer to this architecture as
“Parity per byte”.
Yen and Wu [425] propose the use of an
(
n
+
1
,
n
)
Cyclic Redundancy Check
2 8
F (
)
=
,
,
(CRC) over
to detect errors during encryption, with n
4
8
16. The generator
(
) =
+
=
,
polynomial is g
32 parity bits are added to the
State, each parity bit being the column-wise sum of State bits. The error detection
can be generated for each four-byte column of the State ( n
x
1
x . For instance, for n
4
=
4 bytes, CRC(5,4)),
for two columns ( n
16
bytes, CRC(17,16)). The CRC is adopted for most operations in the round, except
Sboxes where two implementation types are explored: truth-table or
=
8 bytes, CRC(9,8)), or for the whole 16-byte State ( n
=
2 8
inversion
and affine transformation. In the first case, it is assumed that both SubBytes and
InvSubBytes are implemented, allowing temporal redundancy at the operation level
as in [218]. In the second implementation, error detection is applied separately to
the
F (
)
2 8
2 8
)
inversion is achieved by either temporal redundancy or CRC; the error detection for
the affine transformation is achieved by CRC. This solution allows a very high error
detection level at the cost of high area overhead. We will refer to this architecture as
“CRC for State”.
Kulikowski et al. [242] propose a protection scheme similar to the previous one,
but based on a class of nonlinear systematic error-detecting codes called robust
codes instead of a CRC. Motivations come from the inherent difference between
the fault and the subsequent error model when considering protection for computa-
tion channels or for cryptographic devices possibly subject to active fault attacks.
A protection based on nonlinear systematic robust codes performed on 32-bit iterated
AES architectures provides for uniform protection against all errors without making
any assumption about these errors, at the cost of 28 additional code bits, leading to
a 77 % area overhead.
F (
)
inversion and the affine transformation. The error detection for the
F (
Search WWH ::




Custom Search