Cryptography Reference
In-Depth Information
17.2.4 Global Fault Models on NonCMOS Logics
All logic styles that are built upon transistors feature a propagation time, irrespective
of the representation of the data. For those logic styles that use a clock, the effect
from a perturbation of the environment naturally leads to setup violation faults. We
detail two examples:
•
dual rail with precharge logics (DPL [114]) and
•
quasi-delay-insensitive logics (QDI [272]).
spacer, the whole circuit is initialized to zero every other
clock period. Thus, the only fault compatible with the setup violation are 1
In DPL with a
(
0
,
0
)
→
0,
which is an asymmetric model [368].
Asynchronous logic styles [291] are a special case since they are not clocked.
Therefore, if the circuit slows down because of a global fault, the functioning is not
altered. This makes QDI styles very dependable, reliable, and, in addition, natively
immune to global faults.
17.3 Experiments in Emulation in FPGA and in Real
Hardware in ASIC
In this section we detail an experimental confirmation of the properties described in
the previous section:
•
bit-flips or byte-flips with low Hamming weight do exist at the end of the clock
rounds (and thus at the end of rounds of iterative block ciphers);
•
monobit faults appear first with low stress intensity;
•
faults are scattered across the complete data path.
In this respect, an ASIC implementation of AES is studied in terms of faults. In
contrast to Sect.
16.3
, we describe here faults within a device, and not incurred by
delays between two integrated circuits (a processor and its memory). Then, other
experimental results discussed in the literature are analyzed.
17.3.1 Statistics on Faults in a Hardware
Implementation of AES
Setup-time violation faults are induced by under-powering an AES [142] where
AES is a block cipher with three variants: 128-, 192- and 256-bit keys. In the 128-bit
version there are ten rounds that we denote by R0, R1, …, R8 and R9. The rounds
R7 and R8 are especially vulnerable to differential fault analysis, especially those
that are derived from Piret and Quisquater's attack [324].
