Design of fault-resilient S-boxes for AES-like block ciphers

  • PDF / 1,857,502 Bytes
  • 30 Pages / 439.642 x 666.49 pts Page_size
  • 56 Downloads / 175 Views

DOWNLOAD

REPORT


Design of fault-resilient S-boxes for AES-like block ciphers Swapan Maiti1

· Dipanwita Roy Chowdhury1

Received: 20 November 2019 / Accepted: 6 August 2020 / © Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract Substitution functions (S-boxes) play an important role in the security of AES-like cryptosystems, but the cryptosystems are highly vulnerable against fault injection attacks. Some research has been carried out previously to prevent fault injection attacks on AES, but most of the countermeasures are restricted to the detection of faults only, and they only work at the cost of large hardware needed for duplicating the S-boxes. In this paper, we present a design construction of fault-resilient S-boxes for AES-like block ciphers by fault detection and correction. The random evolution of cellular automata with linear and nonlinear neighborhood functions is exploited to design these S-boxes. The proposed design guarantees 100% coverage of single-byte fault correction and double-byte fault detection in the S-boxes. The FPGA implementation shows that our design makes the substitution boxes fault-resilient with 21.34% extra hardware compared to the AES substitution layer. Keywords Substitution-box · Nonlinear functions · Cellular automata · Block cipher · Fault attack countermeasures · Error correcting codes

1 Introduction Cryptographic algorithms and devices have widely been used for secure data communication. Block ciphers are the most important symmetric-key ciphers used in many cryptographic systems. Advanced Encryption Standard (AES) [10] is a NIST standard symmetric-key block cipher with 128-bit data blocks, which is known to have 128-bit security. Unfortunately, the devices can leak secret information through side-channel while performing encryption. Fault attacks are highly threatening implementation attacks. Boneh

 Swapan Maiti

swapankumar [email protected] Dipanwita Roy Chowdhury [email protected] 1

Indian Institute of Technology Kharagpur, Kharagpur, India

Cryptography and Communications

et al. [4] in 1997 first introduced the use of faults in the implementation of cryptographic algorithms for finding the secret key against RSA. Biham et al. [3] proposed the concept of Differential Fault Analysis (DFA) on the Data Encryption Standard (DES) [25]. The fault attack described by Piret et al. [21] is probably the most powerful DFA attack on AES [10]. Tunstall et al. proposed a fault attack in which a secret key can be extracted by injecting only a one-byte fault on the AES [26]. In [17, 23], the authors suggested that the secret key can be derived using a single-byte fault injection at the input of the eighth round. In general, all these works consider the fault occurrences in the S-boxes. Designing countermeasures against fault-based attack is a challenging task. In literature, there exist a few fault attack countermeasures for symmetric key ciphers [5, 24]. The fault attack countermeasures are mainly divided into two classes, fault detection, and fault infection. In the