Paper 2012/678

Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output

Benedikt Gierlichs, Jorn-Marc Schmidt, and Michael Tunstall

Abstract

Implementation attacks pose a serious threat for the security of cryptographic devices and there are a multitude of countermeasures that are used to prevent them. Two countermeasures used in implementations of block ciphers to increase the complexity of such attacks are the use of dummy rounds and redundant computation with consistency checks to prevent fault attacks. In this paper we present several countermeasures based on the idea of infective computation. Our countermeasures ensure that a fault injected into a cipher, dummy, or redundant round will infect the ciphertext such that an attacker cannot derive any information on the secret key being used. This has one clear advantage: the propagation of faults prevents an attacker from being able to conduct any fault analysis on any corrupted ciphertexts. As a consequence, there is no need for any test at the end of an implementation to determine if a fault has been injected and a ciphertext can always be returned.

Note: This is a corrected version eliminating some errors in the proposed algorithms.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Published at Latincrypt 2012
Keywords
Implementation AttacksDummy RoundsInfective Computation
Contact author(s)
mike tunstall @ yahoo co uk
History
2012-12-01: received
Short URL
https://ia.cr/2012/678
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/678,
      author = {Benedikt Gierlichs and Jorn-Marc Schmidt and Michael Tunstall},
      title = {Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output},
      howpublished = {Cryptology ePrint Archive, Paper 2012/678},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/678}},
      url = {https://eprint.iacr.org/2012/678}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.