Cryptography Reference
In-Depth Information
Table 6.2
Synthesis results
Area (
µ
m)
Power (mW)
Timing (ns)
Check bits
Orig. AES
814083
607.15
14.4
Parity for State
16.34 %
23.28 %
0 %
1
Parity for State + double parity for S-Box
30.13 %
70.07 %
15.5 %
2
Parity per byte
21.73 %
12.79 %
15.41 %
16
Parity per byte + double parity for S-Box
49.09 %
71.45 %
34.51 %
16
CRC for State
92.26 %
104.92 %
147.22 %
32
Fig. 6.8
Error injection model
the S-Box leads to a structure with lower area and larger delay with regard to standard
implementations.
All the protection schemes under comparison are implemented on a 128-bit
AES architecture. S-Boxes are implemented using random logic. With regard to
the scheme presented in [425], we used CRC (5,4), i.e. four CRC bytes, one for
each column of the State array (32 bits). Table
6.2
summarizes the main overheads
entailed by those techniques compared to an original AES design without any error
detection mechanism. The same synthesis options are used for all designs.
With regard to the error detection capability, we first analyzed the effect of errors
affecting a single byte of the State matrix since known fault attacks rely on errors
affecting a single byte of the State array. All the 1 to 8 multiplicity errors have been
exhaustively injected into each byte and at each step before any round operation.
Table
6.3
reports the error multiplicity (one to eight erroneous bits), the number
of simulated errors for each error multiplicity (e.g. 16
×
40
×
28
=
17
,
920 error
