Guido Bertoni

Error analysis and detection procedures for a hardware implementation of the advanced encryption standard

The goal of the Advanced Encryption Standard (AES) is to achieve secure communication. The use of AES does not, however, guarantee reliable communication. Prior work has shown that even a single transient error occurring during the AES encryption (or decryption) process will very likely result in a large number of errors in the encrypted/decrypted data. Such faults must be detected before sending to avoid the transmission and use of erroneous data. Concurrent fault detection is important not only to protect the encryption/decryption process from random faults. It will also protect the encryption/decryption circuitry from an attacker who may maliciously inject faults in order to find the encryption secret key. In this paper, we first describe some studies of the effects that faults may have on a hardware implementation of AES by analyzing the propagation of such faults to the outputs. We then present two fault detection schemes: The first is a redundancy-based scheme while the second uses an error detecting code. The latter is a novel scheme which leads to very efficient and high coverage fault detection. Finally, the hardware costs and detection latencies of both schemes are estimated.

On the indifferentiability of the sponge construction

In this paper we prove that the sponge construction introduced in [4] is indifferentiable from a random oracle when being used with a random transformation or a random permutation and discuss its implications. To our knowledge, this is the first time indifferentiability has been shown for a construction calling a random permutation (instead of an ideal compression function or ideal block cipher) and for a construction generating outputs of any length (instead of a fixed length).

Duplexing the sponge: single-pass authenticated encryption and other applications

This paper proposes a novel construction, called duplex, closely related to the sponge construction, that accepts message blocks to be hashed and---at no extra cost---provides digests on the input blocks received so far. It can be proven equivalent to a cascade of sponge functions and hence inherits its security against single-stage generic attacks. The main application proposed here is an authenticated encryption mode based on the duplex construction. This mode is efficient, namely, enciphering and authenticating together require only a single call to the underlying permutation per block, and is readily usable in, e.g., key wrapping. Furthermore, it is the first mode of this kind to be directly based on a permutation instead of a block cipher and to natively support intermediate tags. The duplex construction can be used to efficiently realize other modes, such as a reseedable pseudo-random bit sequence generators and a sponge variant that overwrites part of the state with the input block rather than to XOR it in.

Efficient Software Implementation of AES on 32-Bit Platforms

Rijndael is the winner algorithm of the AES contest; therefore it should become the most used symmetric-key cryptographic algorithm. One important application of this new standard is cryptography on smart cards. In this paper we present an optimisation of the Rijndael algorithm to speed up execution on 32-bits processors with memory constraints, such as those used in smart cards. First a theoretical analysis of the Rijndael algorithm and of the proposed optimisation is discussed, and then simulation results of the optimised algorithm on different processors are presented and compared with other reference implementations, as known from the technical literature.

AES power attack based on induced cache miss and countermeasure

This paper presents a new attack against a software implementation of the Advanced Encryption Standard. The attack aims at flushing elements of the SBOX from the cache, thus inducing a cache miss during the encryption phase. The power trace is then used to detect when the cache miss occurs; if the miss happens in the first round of the AES then the information can be used to recover part of the secret key. The attack has been simulated using the Wattch simulation framework and a simple software implementation of AES (using a single table for the SBOX). The attack can be easily extended to more sophisticated versions of AES with more than one table. Eventually, we present a simple countermeasure which does not require randomization.

An efficient hardware-based fault diagnosis scheme for AES: performances and cost

Since standardization in 2001, the Advanced Encryption Standard has been the subject of many research efforts, aimed at developing efficient hardware implementations with reduced area and latency. So far, reliability has not been considered a primary objective. Recently, several error detecting schemes have been proposed in order to provide some defense against hardware faults in AES. The benefits of such schemes are twofold: avoiding wrong outputs when benign hardware faults occur, and preventing the collection of information about the secret key through malicious injection of faults. In this paper, we present a complete scheme for parity-based fault detection in a hardware implementation of the Advanced Encryption Standard which includes a key schedule unit. We also provide a preliminary evaluation of the hardware and latency overhead of the proposed scheme.

A parity code based fault detection for an implementation of the Advanced Encryption Standard

Concurrent fault detection for a hardware implementation of the Advanced Encryption Standard (AES) is important not only to protect the encryption/decryption process from random faults. It will also protect the encryption/decryption circuitry from an attacker who may maliciously inject faults in order to find the encryption secret key. In this paper we present a novel fault detection scheme which is based on a multiple parity bit code and show that the proposed scheme leads to very efficient and high coverage fault detection. We then estimate the associated hardware costs and detection latencies.

Power-efficient ASIC synthesis of cryptographic sboxes

In this paper we present a novel methodology that can be used to design efficient hardware structures for a certain class of combinatorial functions. The methodology is primarily intended to achieve low-power synthesis of non-linear one-to-one functions on ASIC technology libraries and fits well for the synthesis of small cryptographic substitution box (Sbox) functional components; the latter are found in most secret key cryptographic algorithms, and usually represent their most relevant part in terms of required computational power. We also describe an extension that allows us to apply the method to general vectorial Boolean functions.

Sponge-based pseudo-random number generators

This paper proposes a new construction for the generation of pseudo-random numbers. The construction is based on sponge functions and is suitable for embedded security devices as it requires few resources. We propose a model for such generators and explain how to define one on top of a sponge function. The construction is a novel way to use a sponge function, and inputs and outputs blocks in a continuous fashion, allowing to interleave the feed of seeding material with the fetch of pseudo-random numbers without latency. We describe the consequences of the sponge indifferentiability results to this construction and study the resistance of the construction against generic state recovery attacks. Finally, we propose a concrete example based on a member of the KECCAK family with small width.

Low Voltage Fault Attacks on the RSA Cryptosystem

Fault injection attacks are a powerful tool to exploit implementative weaknesses of robust cryptographic algorithms. The faults induced during the computation of the cryptographic primitives allow to extract pieces of information about the secret parameters stored into the device using the erroneous results. Various fault induction techniques have been researched, both to make practical several theoretical fault models proposed in open literature and to outline new kinds of vulnerabilities. In this paper we describe a non-invasive fault model based on the effects of underfeeding the power supply of an ARM general purpose CPU. We describe the methodology followed to characterize the fault model on an ARM9 microprocessor and propose and mount attacks on implementations of the RSA primitives.