Debdeep Mukhopadhyay

Differential fault analysis of the advanced encryption standard using a single fault

In this paper we present a differential fault attack that can be applied to the AES using a single fault. We demonstrate that when a single random byte fault is induced at the input of the eighth round, the AES key can be deduced using a two stage algorithm. The first step has a statistical expectation of reducing the possible key hypotheses to 232, and the second step to a mere 28.

An Improved Fault Based Attack of the Advanced Encryption Standard

In the present paper a new fault based attack has been proposed against AES-Rijndael. The paper shows that inducing a single random byte fault at the input of the eighth round of the AES algorithm the block cipher key can be deduced. Simulations show that when two faulty ciphertext pairs are generated, the key can be exactly deduced without any brute-force search. Further results show that with one single faulty ciphertext pair, the AES key can be ascertained with a brute-force search of 232.

Secured Flipped Scan-Chain Model for Crypto-Architecture

Scan chains are exploited to develop attacks on cryptographic hardware and steal intellectual properties from the chip. This paper proposes a secured strategy to test designs by inserting a certain number of inverters between randomly selected scan cells. The security of the scheme has been analyzed. Two detailed case studies of RC4 stream cipher and AES block cipher have been presented to show that the proposed strategy prevents existing scan-based attacks in the literature. The elegance of the scheme lies in its less hardware overhead.

Pushing the limits of high-speed GF (2 m ) elliptic curve scalar multiplication on FPGAs

In this paper we present an FPGA implementation of a high-speed elliptic curve scalar multiplier for binary finite fields. High speeds are achieved by boosting the operating clock frequency while at the same time reducing the number of clock cycles required to do a scalar multiplication. To increase clock frequency, the design uses optimized implementations of the underlying field primitives and a mathematically analyzed pipeline design. To reduce clock cycles, a new scheduling scheme is presented that allows overlapped processing of scalar bits. The resulting scalar multiplier is the fastest reported implementation for generic curves over binary finite fields. Additionally, the optimized primitives leads to area requirements that is significantly lesser compared to other high-speed implementations. Detailed implementation results are furnished in order to support the claims.

Scan Based Side Channel Attacks on Stream Ciphers and Their Counter-Measures

Scan chain based attacks are a kind of side channel attack, which targets one of the most important feature of todays hardware - the test circuitry. Design for Testability (DFT) is a design technique that adds certain testability features to a hardware design. On the other hand, this very feature opens up a side channel for cryptanalysis, rendering crypto-devices vulnerable to scan-based attack. Our work studies scan attack as a general threat to stream ciphers and arrives at a general relation between the design of stream ciphers and their vulnerability to scan attack. Finally, we propose a scheme which we show to thwart the attacks and is more secure than other contemporary strategies.

CryptoScan: A Secured Scan Chain Architecture

Scan based testing is a powerful and popular test technique. However the scan chain can be used by an attacker to decipher the cryptogram. The present paper shows such a side-channel attack on LFSR-based stream ciphers using scan chains. The paper subsequently discusses a strategy to build the scan chains in a tree based pattern with a selfchecking compactor. It has been shown that such a structure prevents such scan based attacks but does not compromise on fault coverage.

Petrel: Power and Timing Attack Resistant Elliptic Curve Scalar Multiplier Based on Programmable

This paper proposes a programmable GF(p) arithmetic unit for elliptic curve cryptography. The proposed unit can perform modular addition, subtraction, multiplication, inversion, and division. A suitable countermeasure against differential power analysis attack and doubling attack is proposed. An elliptic curve scalar multiplication hardware is subsequently designed for the curves defined over GF(p) using two cores of programmable GF(p) arithmetic unit. It performs point doubling and point addition in each iteration concurrently on two cores. The proposed scalar multiplication hardware is implemented on the Xilinx Virtex-2 Pro FPGA platform. The proposed parallel architecture is inherently programmable, memoryless, and resistant against timing and power attacks. It efficiently optimizes area × time per bit value for elliptic curve scalar multiplication.

{\rm GF}(p)

Differential fault analysis (DFA) poses a significant threat to advanced encryption standard (AES). Only a single faulty ciphertext is required to extract the secret key. Concurrent error detection (CED) is widely used to protect AES against DFA. Traditionally, these CEDs are evaluated with uniformly distributed faults, the resulting fault coverage indicates the security of CEDs against DFA. However, DFA-exploitable faults, which are a small subspace of the entire fault space, are not uniformly distributed. Therefore, fault coverage does not accurately measure the security of the CEDs against DFA. We provide a systematic study of DFA of AES and show that an attacker can inject biased faults to improve the success rate of the attacks. We propose fault entropy (FE) and fault differential entropy (FDE) to evaluate CEDs. We show that most CEDs with high fault coverage are not secure when evaluated with FE and FDE. This work challenges the traditional use of fault coverage for uniformly distributed faults as a metric for evaluating the security of CEDs against DFA.

Arithmetic Unit

This paper proposes an efficient high speed implementation of an elliptic curve crypto processor (ECCP) for an FPGA platform. The main optimization goal for the ECCP is efficient implementation of the important underlying finite field primitives namely multiplication and inverse. The techniques proposed maximize the utilization of FPGA resources. Additionally improved scheduling of elliptic curve point arithmetic results in lower number of register files thus reducing the area required and the critical delay of the circuit. Through several comparisons with existing work we demonstrate that the combination of the above techniques helps realize one of the fastest and compact elliptic curve processors.

Security analysis of concurrent error detection against differential fault analysis

This paper uses a theoretical model to approximate the delay of different characteristic two primitives used in an elliptic curve scalar multiplier architecture (ECSMA) implemented on k input lookup table (LUT)-based field-programmable gate arrays. Approximations are used to determine the delay of the critical paths in the ECSMA. This is then used to theoretically estimate the optimal number of pipeline stages and the ideal placement of each stage in the ECSMA. This paper illustrates suitable scheduling for performing point addition and doubling in a pipelined data path of the ECSMA. Finally, detailed analyses, supported with experimental results, are provided to design the fastest scalar multiplier over generic curves. Experimental results for GF(2163) show that, when the ECSMA is suitably pipelined, the scalar multiplication can be performed in only 9.5 μs on a Xilinx Virtex V. Notably the design has an area which is significantly smaller than other reported high-speed designs, which is due to the better LUT utilization of the underlying field primitives.