Protecting against Statistical Ineffective Fault Attacks Joan - - PowerPoint PPT Presentation

Protecting against Statistical Ineffective Fault Attacks

Joan Daemen, Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Florian Mendel and Robert Primas

CHES 2020

Motivation

www.tugraz.at

Using crypto in the wild requires:

• Mathematically secure cryptographic schemes

1 1 1 1

1 Robert Primas — CHES 2020

Motivation

www.tugraz.at

Using crypto in the wild requires:

• Mathematically secure cryptographic schemes
• Additional defenses mechanisms against

implementation attacks:

1 Robert Primas — CHES 2020

Motivation

www.tugraz.at

Using crypto in the wild requires:

• Mathematically secure cryptographic schemes
• Additional defenses mechanisms against

implementation attacks: Power Analysis Fault Attacks

1 Robert Primas — CHES 2020

Motivation

www.tugraz.at

• Statistical Ineffective Fault Attacks (SIFA) were first presented at CHES2018:
• Work against block ciphers, AEAD, etc. . .
• Circumvent redundancy/infection countermeasures
• Only one fault injection per cipher execution

2 Robert Primas — CHES 2020

Motivation

www.tugraz.at

• Statistical Ineffective Fault Attacks (SIFA) were first presented at CHES2018:
• Work against block ciphers, AEAD, etc. . .
• Circumvent redundancy/infection countermeasures
• Only one fault injection per cipher execution
• In a follow-up at ASIACRYPT2018 it was shown that:
• SIFA can additionally circumvent (higher-order) masking/TI

2 Robert Primas — CHES 2020

Motivation

www.tugraz.at

• Statistical Ineffective Fault Attacks (SIFA) were first presented at CHES2018:
• Work against block ciphers, AEAD, etc. . .
• Circumvent redundancy/infection countermeasures
• Only one fault injection per cipher execution
• In a follow-up at ASIACRYPT2018 it was shown that:
• SIFA can additionally circumvent (higher-order) masking/TI
• Proposed countermeasures at the time:
• Error correction
• Hiding
• Self destruction

2 Robert Primas — CHES 2020

Motivation cont.

www.tugraz.at

• Many proposed SIFA countermeasures so far utilize error correction:
• Rather expensive (masking!)
• How much error correction is necessary?
• What about DFA?

3 Robert Primas — CHES 2020

Motivation cont.

www.tugraz.at

• Many proposed SIFA countermeasures so far utilize error correction:
• Rather expensive (masking!)
• How much error correction is necessary?
• What about DFA?
• We propose efficient SIFA countermeasure strategies:
• “Careful” combination of redundancy with masking
• Low overhead for lightweight schemes
• Moderate overhead for “bulky” schemes like AES

3 Robert Primas — CHES 2020

Statistical Fault Attacks on AES-128

www.tugraz.at

• AES is a PRP:
• Distribution of ciphertext bytes is

uniform

• (Also after only 9 rounds)

ROUND 8

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES

ROUND 10 ROUND 9

PN CN

4 Robert Primas — CHES 2020 Fuhr et al. [Fuh+13]

Statistical Fault Attacks on AES-128

www.tugraz.at

• Assume fault that disturbs distribution
• f one state byte in round 9
• Stuck-at, bitflip, random, etc.
• Attacker does not need to know the

caused bias

• 4 ciphertext bytes are affected

PN

ROUND 8

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES

ROUND 10 ROUND 9

CN

4 Robert Primas — CHES 2020 Fuhr et al. [Fuh+13]

Statistical Fault Attacks on AES-128

www.tugraz.at

• 4 state bytes in round 9 can be

calculated from:

• 4 ciphertext bytes
• 4 key bytes

PN

ROUND 8

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS SUB BYTES

ROUND 10 ROUND 9

KEY ADD CN

4 Robert Primas — CHES 2020 Fuhr et al. [Fuh+13]

Statistical Fault Attacks on AES-128

www.tugraz.at

• 4 state bytes in round 9 can be

calculated from:

• 4 ciphertext bytes
• 4 key bytes (correct)

ROUND 8

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS SUB BYTES

ROUND 10 ROUND 9

CN KEY ADD

4 Robert Primas — CHES 2020 Fuhr et al. [Fuh+13]

Statistical Fault Attacks on AES-128

www.tugraz.at

• 4 state bytes in round 9 can be

calculated from:

• 4 ciphertext bytes
• 4 key bytes (incorrect)

ROUND 8

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS SUB BYTES

ROUND 10 ROUND 9

CN KEY ADD

4 Robert Primas — CHES 2020 Fuhr et al. [Fuh+13]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• Redundant computation fixes the

problem!

PN SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES C1 CN

ROUND 8 ROUND 10 ROUND 9

5 Robert Primas — CHES 2020

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• Redundant computation fixes the

problem!

• Except it doesn’t

PN SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES C1 CN

ROUND 8 ROUND 10 ROUND 9

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18b]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• For simplicity, assume stuck-at zero

fault (others work as well)

• “Effective” faults are filtered out
• Correct ciphertexts still show bias in

round 9

• Exploitation works same as before

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS SUB BYTES C1 CN KEY ADD

ROUND 8 ROUND 10 ROUND 9

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18b]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• For simplicity, assume stuck-at zero

fault (others work as well)

• “Effective” faults are filtered out
• Correct ciphertexts still show bias in

round 9

• Exploitation works same as before

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS SUB BYTES C1 CN KEY ADD

ROUND 8 ROUND 10 ROUND 9

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18b]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• Masking fixes the problem!

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES SHIFT ROWS MIX COLUMNS KEY ADD SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES

ROUND 8 ROUND 10 ROUND 9

PN C1 CN

: :

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18b]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• Masking fixes the problem!

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES SHIFT ROWS MIX COLUMNS KEY ADD SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES

ROUND 8 ROUND 10 ROUND 9

PN C1 CN

: :

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18b]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• Masking fixes the problem!
• Except it doesn’t

SHIFT ROWS MIX COLUMNS KEY ADD SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES PN C1 CN

ROUND 8 ROUND 10 ROUND 9

: :

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18a]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• Masking fixes the problem!
• Except it doesn’t

SHIFT ROWS MIX COLUMNS KEY ADD SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES PN C1 CN

ROUND 8 ROUND 10 ROUND 9

:

x0 y0 y1 x1 R z0 z1

:

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18a]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• Masked AND-gate
• Naturally, when x and y are uniform

then z has bias towards 0

0 1

R

~

0 1

y0 y1 x1 z0 z1 x0 z

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18a]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• Assume a fault causes difference in x0

(to redundant computation)

x0

R

z0 z1

~

0 1

y0 y1 x1 z

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18a]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• Assume a fault causes difference in x0

(to redundant computation)

• Difference cancels if either:
• y0, y1 are both 0

R

z0 z1

~

0 1

x0 y0 y1 x1 z

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18a]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• Assume a fault causes difference in x0

(to redundant computation)

• Difference cancels if either:
• y0, y1 are both 0
• y0, y1 are both 1

R

z0 z1

~

0 1

x0 y0 y1 x1 z

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18a]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• Assume a fault causes difference in x0

(to redundant computation)

• Difference cancels if either:
• y0, y1 are both 0
• y0, y1 are both 1
• Fault is ineffective iff native value

y is zero ⇒“Dangerous fault”

R

z0 z1

~

0 1

x0 y0 y1 x1 z

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18a]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• SIFA can circumvent both masking

and redundant computation

SHIFT ROWS MIX COLUMNS KEY ADD SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES

:

C1 CN

ROUND 8 ROUND 10 ROUND 9

:

PN

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18a]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• SIFA can circumvent both masking

and redundant computation

• More redundancy doesn’t help

SHIFT ROWS MIX COLUMNS KEY ADD SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES

:

C1 CN

ROUND 8 ROUND 10 ROUND 9

:

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES PN

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18a]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• SIFA can circumvent both masking

and redundant computation

• More redundancy doesn’t help
• Higher-order masking doesn’t help

SHIFT ROWS MIX COLUMNS KEY ADD SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES

:

C1 CN

ROUND 8 ROUND 10 ROUND 9

:

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES PN

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18a]

Statistical Ineffective Fault Attacks on AES-128

www.tugraz.at

• SIFA can circumvent both masking

and redundant computation

• More redundancy doesn’t help
• Higher-order masking doesn’t help

⇒ We now show how to counteract SIFA using masking + redundancy . . .

SHIFT ROWS MIX COLUMNS KEY ADD SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES

:

C1 CN

ROUND 8 ROUND 10 ROUND 9

:

SHIFT ROWS MIX COLUMNS KEY ADD

:

SHIFT ROWS MIX COLUMNS KEY ADD SUB BYTES SHIFT ROWS KEY ADD SUB BYTES PN

5 Robert Primas — CHES 2020 Dobraunig et al. [Dob+18a]

Notations

www.tugraz.at

• We express a cipher as a circuit:
• Input: Array of variables
• Output: Array of variables

6 Robert Primas — CHES 2020

Notations

www.tugraz.at

• We express a cipher as a circuit:
• Input: Array of variables
• Output: Array of variables
• Circuits can be split into sub-circuits:
• Input: Cipher’s input or other sub-circuit’s output

6 Robert Primas — CHES 2020

Notations

www.tugraz.at

• We express a cipher as a circuit:
• Input: Array of variables
• Output: Array of variables
• Circuits can be split into sub-circuits:
• Input: Cipher’s input or other sub-circuit’s output
• Splitting is done recursively until we have basic circuits:
• Only consist of simple operations such as addition/multiplication

6 Robert Primas — CHES 2020

The High-level Strategy

www.tugraz.at

• Build cipher circuit such that “dangerous” faults can always be detected . . .
• at the S-box output
• at the cipher output

7 Robert Primas — CHES 2020

The High-level Strategy

www.tugraz.at

• Build cipher circuit such that “dangerous” faults can always be detected . . .
• at the S-box output
• at the cipher output
• Build masked + redundant cipher circuit where

each basic circuit . . .

• only operates on incomplete set of shares
• is a permutation (optional)

7 Robert Primas — CHES 2020

The High-level Strategy

www.tugraz.at

• Build cipher circuit such that “dangerous” faults can always be detected . . .
• at the S-box output
• at the cipher output
• Build masked + redundant cipher circuit where

each basic circuit . . .

• only operates on incomplete set of shares
• is a permutation (optional)
• Permutation can either be:
• A linear function
• A variant of the Toffoli gate

(simplest invertible non-linear function)

b c a b c a

7 Robert Primas — CHES 2020

The High-level Strategy

www.tugraz.at

• Build cipher circuit such that “dangerous” faults can always be detected . . .
• at the S-box output
• at the cipher output
• Build masked + redundant cipher circuit where

each basic circuit . . .

• only operates on incomplete set of shares
• is a permutation (optional)
• Permutation can either be:
• A linear function
• A variant of the Toffoli gate

(simplest invertible non-linear function)

b0 c0 a0 a1 b1 c1 b0 c0 a0 a1 b1 c1

7 Robert Primas — CHES 2020

Case study: SIFA on Masked Chi-3 S-box

www.tugraz.at

a0 a1 b0 b1 c0 c1 r0 r1 s0 s1 t0 t1

8 Robert Primas — CHES 2020 (Refreshing of shares omitted)

Case study: SIFA on Masked Chi-3 S-box

www.tugraz.at

• Same problem as before. . .

a0 a1 b0 b1 c0 c1 r0 r1 s0 s1 t0 t1

• 8

Robert Primas — CHES 2020 (Refreshing of shares omitted)

Case study: SIFA on Masked Chi-3 S-box

www.tugraz.at

• Same problem as before. . .
• Difference cancels depending on

b0, b1 and c1

a0 a1 b0 b1 c0 c1 r0 r1 s0 s1 t0 t1

• 8

Robert Primas — CHES 2020 (Refreshing of shares omitted)

Case study: SIFA on Masked Chi-3 S-box

www.tugraz.at

• Same problem as before. . .
• Difference cancels depending on

b0, b1 and c1

• If computation correct despite fault:
• b = 0
• Bias at S-box output

a0 a1 b0 b1 c0 c1 r0 r1 s0 s1 t0 t1

• 8

Robert Primas — CHES 2020 (Refreshing of shares omitted)

Case study: SIFA Protected Chi-3 S-box

www.tugraz.at

• Basic circuits are incomplete

(but not permutations)

a0 a1 b0 b1 c0 c1 r0 r1 s0 s1 t0 t1

9 Robert Primas — CHES 2020 (Refreshing of shares omitted)

Case study: SIFA Protected Chi-3 S-box

www.tugraz.at

• Basic circuits are incomplete

(but not permutations)

• “Dangerous” faults are always visible
• n the S-box output

a0 a1 b0 b1 c0 c1 r0 r1 s0 s1 t0 t1

9 Robert Primas — CHES 2020 (Refreshing of shares omitted)

Case study: SIFA Protected Chi-3 S-box

www.tugraz.at

• Basic circuits are incomplete

(but not permutations)

• “Dangerous” faults are always visible
• n the S-box output

a0 a1 b0 b1 c0 c1 r0 r1 s0 s1 t0 t1

• r0

9 Robert Primas — CHES 2020 (Refreshing of shares omitted)

Additional Remarks

www.tugraz.at

• This approach can be implemented efficiently
• No noticeable performance difference to ordinary masked Chi-3
• Can also be implemented without fresh randomness

(3×repeated application of Toffoli-gate)

10 Robert Primas — CHES 2020

Additional Remarks

www.tugraz.at

• This approach can be implemented efficiently
• No noticeable performance difference to ordinary masked Chi-3
• Can also be implemented without fresh randomness

(3×repeated application of Toffoli-gate)

• In the paper we:
• Prove applicability for all 3-bit and many 4-bit S-boxes
• Show applicability for Chi-5-ish S-boxes

10 Robert Primas — CHES 2020

Additional Remarks

www.tugraz.at

• This approach can be implemented efficiently
• No noticeable performance difference to ordinary masked Chi-3
• Can also be implemented without fresh randomness

(3×repeated application of Toffoli-gate)

• In the paper we:
• Prove applicability for all 3-bit and many 4-bit S-boxes
• Show applicability for Chi-5-ish S-boxes
• What about larger S-boxes like in AES?

10 Robert Primas — CHES 2020

Additional Remarks

www.tugraz.at

• This approach can be implemented efficiently
• No noticeable performance difference to ordinary masked Chi-3
• Can also be implemented without fresh randomness

(3×repeated application of Toffoli-gate)

• In the paper we:
• Prove applicability for all 3-bit and many 4-bit S-boxes
• Show applicability for Chi-5-ish S-boxes
• What about larger S-boxes like in AES?
• Here we can use the Toffoli gate for bigger fields

10 Robert Primas — CHES 2020

AES S-box using Incomplete Permutation Basic Circuits

www.tugraz.at

• Based on Canright’s description [Can05]

11 Robert Primas — CHES 2020

AES S-box using Incomplete Permutation Basic Circuits

www.tugraz.at

• Based on Canright’s description [Can05]
• Convert idea of Sugawara from 3-share to 2-share masking [Sug19]

11 Robert Primas — CHES 2020

AES S-box using Incomplete Permutation Basic Circuits

www.tugraz.at

• Based on Canright’s description [Can05]
• Convert idea of Sugawara from 3-share to 2-share masking [Sug19]
• Replace all F(2n) multiplications by Toffoli gates operating in F(2n),

using additional inputs that are set to zero

11 Robert Primas — CHES 2020

AES S-box using Incomplete Permutation Basic Circuits

www.tugraz.at

• Inputs:
• x (8-bits)
• a, b, c, d (18-bits)

Linear Map

GF(2⁴) Mult.

4 4 4 4 4 4 4 4 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 4 4 4 4 4 4 1 1 1 1 1 1 1 1 1 1 2 2 1 1

Square Scaling GF(2²) Mult. Square Scaling GF(2²) Inv. GF(2²) Mult. GF(2²) Mult. GF(2⁴) Mult. GF(2⁴) Mult.

Linear Map

x a = 0 b = 0 c = 0 d = 0 e f g h y

12 Robert Primas — CHES 2020 (Masking omitted)

AES S-box using Incomplete Permutation Basic Circuits

www.tugraz.at

• Inputs:
• x (8-bits)
• a, b, c, d (18-bits)
• Outputs:
• y (8-bits)
• e, f , g, h (18-bits)

Linear Map

GF(2⁴) Mult.

4 4 4 4 4 4 4 4 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 4 4 4 4 4 4 1 1 1 1 1 1 1 1 1 1 2 2 1 1

Square Scaling GF(2²) Mult. Square Scaling GF(2²) Inv. GF(2²) Mult. GF(2²) Mult. GF(2⁴) Mult. GF(2⁴) Mult.

Linear Map

x a = 0 b = 0 c = 0 d = 0 e f g h y

12 Robert Primas — CHES 2020 (Masking omitted)

AES S-box using Incomplete Permutation Basic Circuits

www.tugraz.at

• When masked:
• x0, x1 (16-bits)
• y0, y1 (16-bits)
• a0, b0, c0, d0 (18-bits, random)
• e0, f0, g0, h0 (18-bits, reusable)

Linear Map

GF(2⁴) Mult.

4 4 4 4 4 4 4 4 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 4 4 4 4 4 4 1 1 1 1 1 1 1 1 1 1 2 2 1 1

Square Scaling GF(2²) Mult. Square Scaling GF(2²) Inv. GF(2²) Mult. GF(2²) Mult. GF(2⁴) Mult. GF(2⁴) Mult.

Linear Map

x a = 0 b = 0 c = 0 d = 0 e f g h y

12 Robert Primas — CHES 2020 (Masking omitted)

AES S-box using Incomplete Permutation Basic Circuits

www.tugraz.at

• When masked:
• x0, x1 (16-bits)
• y0, y1 (16-bits)
• a0, b0, c0, d0 (18-bits, random)
• e0, f0, g0, h0 (18-bits, reusable)
• No need for additional randomness

within masked S-box

Linear Map

GF(2⁴) Mult.

4 4 4 4 4 4 4 4 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 4 4 4 4 4 4 1 1 1 1 1 1 1 1 1 1 2 2 1 1

Square Scaling GF(2²) Mult. Square Scaling GF(2²) Inv. GF(2²) Mult. GF(2²) Mult. GF(2⁴) Mult. GF(2⁴) Mult.

Linear Map

x a = 0 b = 0 c = 0 d = 0 e f g h y

12 Robert Primas — CHES 2020 (Masking omitted)

AES S-box using Incomplete Permutation Basic Circuits

www.tugraz.at

• When masked:
• x0, x1 (16-bits)
• y0, y1 (16-bits)
• a0, b0, c0, d0 (18-bits, random)
• e0, f0, g0, h0 (18-bits, reusable)
• No need for additional randomness

within masked S-box

• Redundancy checks needed after

each S-box

Linear Map

GF(2⁴) Mult.

4 4 4 4 4 4 4 4 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 4 4 4 4 4 4 1 1 1 1 1 1 1 1 1 1 2 2 1 1

Square Scaling GF(2²) Mult. Square Scaling GF(2²) Inv. GF(2²) Mult. GF(2²) Mult. GF(2⁴) Mult. GF(2⁴) Mult.

Linear Map

x a = 0 b = 0 c = 0 d = 0 e f g h y

12 Robert Primas — CHES 2020 (Masking omitted)

Final Remarks

www.tugraz.at

In the paper we:

• Give a complete description of single-fault SIFA resistant (masked) AES S-box

13 Robert Primas — CHES 2020

Final Remarks

www.tugraz.at

In the paper we:

• Give a complete description of single-fault SIFA resistant (masked) AES S-box
• Discuss additional implementation aspects for SW/HW

13 Robert Primas — CHES 2020

Final Remarks

www.tugraz.at

In the paper we:

• Give a complete description of single-fault SIFA resistant (masked) AES S-box
• Discuss additional implementation aspects for SW/HW
• Present an alternative countermeasure strategy
• Based on fine-grained redundancy checks
• Can protect against multi-fault SIFA (but then not so efficient)

13 Robert Primas — CHES 2020

Final Remarks

www.tugraz.at

In the paper we:

• Give a complete description of single-fault SIFA resistant (masked) AES S-box
• Discuss additional implementation aspects for SW/HW
• Present an alternative countermeasure strategy
• Based on fine-grained redundancy checks
• Can protect against multi-fault SIFA (but then not so efficient)

Side-note: SIFA protection also possible on mode-level (NIST LWC):

• DryGASCON, ISAP

13 Robert Primas — CHES 2020

Thank you!

Protecting against Statistical Ineffective Fault Attacks

Joan Daemen, Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Florian Mendel and Robert Primas

CHES 2020

References

[Can05]

• D. Canright. A Very Compact S-Box for AES. In: CHES. Vol. 3659. Lecture Notes in Computer
• Science. Springer, 2005, pp. 441–455.

[Dob+18a]

• C. Dobraunig, M. Eichlseder, H. Groß, S. Mangard, F. Mendel, and R. Primas. Statistical

Ineffective Fault Attacks on Masked AES with Fault Countermeasures. In: ASIACRYPT (2).

• Vol. 11273. Lecture Notes in Computer Science. Springer, 2018, pp. 315–342.

[Dob+18b]

• C. Dobraunig, M. Eichlseder, T. Korak, S. Mangard, F. Mendel, and R. Primas. SIFA: Exploiting

Ineffective Fault Inductions on Symmetric Cryptography. In: IACR Trans. Cryptogr. Hardw.

• Embed. Syst. 2018.3 (2018), pp. 547–572.

[Fuh+13]

• T. Fuhr, ´
• E. Jaulmes, V. Lomn´

e, and A. Thillard. Fault Attacks on AES with Faulty Ciphertexts

• Only. In: FDTC. IEEE Computer Society, 2013, pp. 108–118.

[Sug19]

• T. Sugawara. 3-Share Threshold Implementation of AES S-box without Fresh Randomness. In:

IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019.1 (2019), pp. 123–145. 14 Joan Daemen, Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Florian Mendel and Robert Primas — CHES 2020