Protecting block ciphers against differential fault attacks without re-keying
In this article, we propose a new method to protect block cipher implementations against Differential Fault Attacks (DFA). Our strategy, so-called “Tweak-in-Plaintext”, ensures that an uncontrolled value ('tweak-in') is inserted into some part of the block cipher plaintext, thus effectivel...
Saved in:
Main Authors: | , , , , |
---|---|
Other Authors: | |
Format: | Conference or Workshop Item |
Language: | English |
Published: |
2019
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/88761 http://hdl.handle.net/10220/47670 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-88761 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-887612023-02-28T19:17:11Z Protecting block ciphers against differential fault attacks without re-keying Baksi, Anubhab Bhasin, Shivam Breier, Jakub Khairallah, Mustafa Peyrin, Thomas School of Computer Science and Engineering School of Physical and Mathematical Sciences 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Temasek Laboratories Enctyption Ciphers DRNTU::Engineering::Computer science and engineering In this article, we propose a new method to protect block cipher implementations against Differential Fault Attacks (DFA). Our strategy, so-called “Tweak-in-Plaintext”, ensures that an uncontrolled value ('tweak-in') is inserted into some part of the block cipher plaintext, thus effectively rendering DFA much harder to perform. Our method is extremely simple yet presents many advantages when compared to previous solutions proposed at AFRICACRYPT 2010 or CARDIS 2015. Firstly, we do not need any Tweakable block cipher, nor any related-key security assumption (we do not perform any re-keying). Moreover, performance for lightweight applications is improved, and we do not need to send any extra data. Finally, our scheme can be directly used with standard block ciphers such as AES or PRESENT. Experimental results show that the throughput overheads, for incorporating our scheme into AES-128, range between ≈ 5% to ≈ 26.9% for software, and between ≈ 3.1% to ≈ 25% for hardware implementations; depending on the tweak-in size. NRF (Natl Research Foundation, S’pore) Accepted version 2019-02-14T09:02:32Z 2019-12-06T17:10:24Z 2019-02-14T09:02:32Z 2019-12-06T17:10:24Z 2018 Conference Paper Baksi, A., Bhasin, S., Breier, J., Khairallah, M., & Peyrin, T. (2018). Protecting block ciphers against differential fault attacks without re-keying. 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). doi:10.1109/HST.2018.8383913 https://hdl.handle.net/10356/88761 http://hdl.handle.net/10220/47670 10.1109/HST.2018.8383913 206872 en © 2018 Institute of Electrical and Electronics Engineers (IEEE). All rights reserved. This paper was published in 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) and is made available with permission of Institute of Electrical and Electronics Engineers (IEEE). 4 p. application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Enctyption Ciphers DRNTU::Engineering::Computer science and engineering |
spellingShingle |
Enctyption Ciphers DRNTU::Engineering::Computer science and engineering Baksi, Anubhab Bhasin, Shivam Breier, Jakub Khairallah, Mustafa Peyrin, Thomas Protecting block ciphers against differential fault attacks without re-keying |
description |
In this article, we propose a new method to protect block cipher implementations against Differential Fault Attacks (DFA). Our strategy, so-called “Tweak-in-Plaintext”, ensures that an uncontrolled value ('tweak-in') is inserted into some part of the block cipher plaintext, thus effectively rendering DFA much harder to perform. Our method is extremely simple yet presents many advantages when compared to previous solutions proposed at AFRICACRYPT 2010 or CARDIS 2015. Firstly, we do not need any Tweakable block cipher, nor any related-key security assumption (we do not perform any re-keying). Moreover, performance for lightweight applications is improved, and we do not need to send any extra data. Finally, our scheme can be directly used with standard block ciphers such as AES or PRESENT. Experimental results show that the throughput overheads, for incorporating our scheme into AES-128, range between ≈ 5% to ≈ 26.9% for software, and between ≈ 3.1% to ≈ 25% for hardware implementations; depending on the tweak-in size. |
author2 |
School of Computer Science and Engineering |
author_facet |
School of Computer Science and Engineering Baksi, Anubhab Bhasin, Shivam Breier, Jakub Khairallah, Mustafa Peyrin, Thomas |
format |
Conference or Workshop Item |
author |
Baksi, Anubhab Bhasin, Shivam Breier, Jakub Khairallah, Mustafa Peyrin, Thomas |
author_sort |
Baksi, Anubhab |
title |
Protecting block ciphers against differential fault attacks without re-keying |
title_short |
Protecting block ciphers against differential fault attacks without re-keying |
title_full |
Protecting block ciphers against differential fault attacks without re-keying |
title_fullStr |
Protecting block ciphers against differential fault attacks without re-keying |
title_full_unstemmed |
Protecting block ciphers against differential fault attacks without re-keying |
title_sort |
protecting block ciphers against differential fault attacks without re-keying |
publishDate |
2019 |
url |
https://hdl.handle.net/10356/88761 http://hdl.handle.net/10220/47670 |
_version_ |
1759853730959720448 |