Alexander Taubin

Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard

We present a method of protecting a hardware implementation of the advanced encryption standard (AES) against a side-channel attack known as differential fault analysis attack. The method uses systematic nonlinear (cubic) robust error detecting codes. Error-detecting capabilities of these codes depend not just on error patterns (as in the case of linear codes) but also on data at the output of the device which is protected by the code and this data is unknown to the attacker since it depends on the secret key. In addition to this, the proposed nonlinear (n,k)-codes reduce the fraction of undetectable errors from 2/sup -r/ to 2/sup -2r/ as compared to the corresponding (n,k) linear code (where n - k = r and k >= r). We also present results on a FPGA implementation of the proposed protection scheme for AES as well as simulation results on efficiency of the robust codes.

Elastic Circuits

Elasticity in circuits and systems provides tolerance to variations in computation and communication delays. This paper presents a comprehensive overview of elastic circuits for those designers who are mainly familiar with synchronous design. Elasticity can be implemented both synchronously and asynchronously, although it was traditionally more often associated with asynchronous circuits. This paper shows that synchronous and asynchronous elastic circuits can be designed, analyzed, and optimized using similar techniques. Thus, choices between synchronous and asynchronous implementations are localized and deferred until late in the design process.

DIFFERENTIAL FAULT ANALYSIS ATTACK RESISTANT ARCHITECTURES FOR THE ADVANCED ENCRYPTION STANDARD

We present two architectures for protecting a hardware implementation of AES against side-channel attacks known as Differential Fault Analysis attacks. The first architecture, which is efficient for faults of higher multiplicity, partitions the design into linear (XOR gates only) and nonlinear blocks and uses different protection schemes for these blocks. We protect the linear blocks with linear codes and the nonlinear with a complimentary nonlinear operation resulting in robust protection. The second architecture uses systematic nonlinear (cubic) robust error detecting codes and provides for high fault detection for faults of low and high multiplicities but has higher hardware overhead.

New class of nonlinear systematic error detecting codes

A code C detects error e with probability 1-Q(e),ifQ(e) is a fraction of codewords y such that y, y+e/spl isin/C. We present a class of optimal nonlinear q-ary systematic (n, q/sup k/)-codes (robust codes) minimizing over all (n, q/sup k/)-codes the maximum of Q(e) for nonzero e. We also show that any linear (n, q/sup k/)-code V with n /spl les/2k can be modified into a nonlinear (n, q/sup k/)-code C/sub v/ with simple encoding and decoding procedures, such that the set E={e|Q(e)=1} of undetected errors for C/sub v/ is a (k-r)-dimensional subspace of V (|E|=q/sup k-r/ instead of q/sup k/ for V). For the remaining q/sup n/-q/sup k-r/ nonzero errors, Q(e)/spl les/q/sup -r/for q/spl ges/3 and Q(e)/spl les/ 2/sup -r+1/ for q=2.

Power attacks on secure hardware based on early propagation of data

The early propagation effect found in many logic gates is a potential source of data-dependent power consumption. We show that the effect and the corresponding power dependency can be targeted for successful power analysis attacks in cryptographic hardware. Many of the current balanced gate designs did not directly consider the effect and are vulnerable to power analysis attacks

Delay insensitive encoding and power analysis: a balancing act [cryptographic hardware protection]

Unprotected cryptographic hardware is vulnerable to a side-channel attack known as differential power analysis (DPA). This attack exploits data-dependent power consumption of a computation to determine the secret key. Dual-rail asynchronous circuits have been regarded as a potential countermeasure to this attack. In this paper, we evaluate the security of asynchronous dual-rail circuits against DPA. Our results show that, unless special precautions are taken, asynchronous circuits are not inherently more DPA resistant than their synchronous dual-rail counterparts. We show that the use of null-spaced or return-to-zero (RTZ) protocols, used to provide delay-insensitive encoding for asynchronous circuits, can make a DPA attack easier. We present an overview of balancing dynamic implementations of dual-rail fine-grained asynchronous gates that offer a solution for the DPA weakness. We demonstrate the use of asynchronous balanced cells that use RTZ which are not only secure against DPA but also deliver high performance with low design effort through automated pipelining.

Partial scan delay fault testing of asynchronous circuits

Asynchronous circuits operate correctly only under timing assumptions. Hence testing those circuits for delay faults is crucial. The paper describes a three step method to detect possible delay faults in a sequential asynchronous circuit. The delays that are to be tested must be provided by the synthesis system. By using this information a set of paths in the circuit that must be tested is identified (step 1). For these paths the circuit is made acyclic by inserting at least one scan latch in every cycle (step 2). Then test patterns are generated for these paths (step 3). These test patterns consist of setup and initialization vectors and the final test vector. We provide effective procedures to solve both the initialization and the test pattern generation problem. The latter problem is solved by reduction to a classical problem of stuck-at test pattern generation for a related combinational circuit. Finally, a heuristic is proposed to determine which state variables must become part of a scan chain, or for which input variables the positive and negative phase must be driven independently in test mode. Experimental results shows that a high level of path delay fault testability can be achieved with partial scan.

Checking delay-insensitivity: 10/sup 4/ gates and beyond

Wire and gate delays are accounted to have equal, or nearly equal, effect on circuit behavior in modern design techniques. This paper introduces a new approach to verifying circuits whose behavior is independent of component delays (delay-insensitive). It shows that for a particular way of implementing a delay-insensitive circuit, through a Null Convention Logic methodology, the complexity of the verification task might be significantly reduced. This method is implemented using Satisfiability (SAT) solvers and is successfully tested on realistic design examples having tens of thousands of gates.

Analysis of Petri Nets by Ordering Relations in Reduced Unfoldings

This paper suggests a way for Petri Net analysis by checking the ordering relations between places and transitions. The method is based on unfolding the original net into an equivalent acyclic description. We improved on the previously known cutoff criterion for truncating unfoldings [13]. No restrictions are imposed on the class of general PNs. The new criterion significantly reduces the size of an unfolding obtained by a PN. The properties of PNs for analysis can be various: boundedness, safety, persistency etc. A practical example of the suggested approach is given in an application to asynchronous design. Circuit behavior is specified by an interpreted Petri net, called a Signal Transition Graph (STG) which is then analyzed for implementability by an asynchronous hazard-free circuit. The implementability conditions are formulated in such a way that they can be checked by analysis of ordering relations between signal transitions rather than by traversal of states. This allows us to avoid the state explosion problem for highly parallel specifications. The experimental results show that for highly parallel STGs checking their implementability by an unfolding is one to two orders of magnitude less time-consuming than checking it by symbolic BDD traversal of the corresponding State Graph.

A Structural Approach for the Analysis of Petri Nets by Reduced Unfoldings

This paper suggests a way for Petri Net analysis by checking the ordering relations between places and transitions. The method is based on unfolding the original net into an equivalent acyclic description. In an unfolding the ordering relations can be determined directly by the structure of an underlying graph. We improved on the previously known cutoff criterion for truncating the unfolding [10]. No restrictions are imposed on the class of general PNs. The new criterion significantly reduces the size of unfolding obtained by PN. The PN properties for analysis can be various: boundedness, safety, persistency etc. The practical example of the suggested approach is given in application to the asynchronous design. The circuit behavior is specified by an interpreted Petri net, called Signal Transition Graph (STG) which is then analyzed for the implementability by asynchronous hazard-free circuit. The implementability conditions are formulated in such a way that they can be checked by analysis of ordering relations between signal transitions rather than by traversal of states. This allows avoiding the state explosion problem for highly parallel specifications. The experimental results show that for highly parallel STGs checking the implementability by unfolding is one to two orders of magnitude less time-consuming than checking it by symbolic BDD traversal of the corresponding State Graph.