Skip to main content
SpringerLink
Log in

Detecting faults in inner product masking scheme

IPM-FD: IPM with fault detection (extended version\(^*\))

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Side-channel analysis and fault injection attacks are two typical threats to cryptographic implementations, especially in modern embedded devices. Thus, there is an insistent demand for dual side-channel and fault injection protections. As we know, masking is a kind of provable countermeasure against side-channel attacks. Recently, inner product masking (IPM) was proposed as a promising higher-order masking scheme against side-channel analysis, but not for fault injection attacks. In this paper, we devise a new masking scheme named IPM-FD. It is built on IPM, which enables fault detection. This novel masking scheme has three properties: the security orders in the word-level probing model, bit-level probing model and the number of detected faults. IPM-FD is proven secure both in the word-level and in the bit-level probing models and allows for end-to-end fault detection against fault injection attacks. Furthermore, we illustrate its security order by interpreting IPM-FD as a coding problem and then linking it to one defining parameters of linear code and show its implementation cost by applying IPM-FD to AES-128.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. BKLC is the short of the best known linear code in Magma [35].

References

  1. Ali, Subidh, Mukhopadhyay, Debdeep, Tunstall, Michael: Differential fault analysis of AES: towards reaching its limits. J. Cryptogr. Eng. 3(2), 73–97 (2013)

    Article  Google Scholar 

  2. Balasch, J., Faust, S., Gierlichs, B.: Inner product masking revisited. In: Elisabeth, O., Marc F., editors, Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I, volume 9056 of Lecture Notes in Computer Science, pp 486–510. Springer, (2015)

  3. Balasch, J., Faust, S., Gierlichs, B., Paglialonga, C., Standaert, F.-X.: Consolidating inner product masking. In: Tsuyoshi Takagi and Thomas Peyrin, editors, Advances in Cryptology - ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3-7, 2017, Proceedings, Part I, volume 10624 of Lecture Notes in Computer Science, pp. 724–754. Springer, (2017)

  4. Barthe, Gilles, Belaïd, Sonia, Dupressoir, François, Fouque, Pierre-Alain, Grégoire, Benjamin: Compositional verification of higher-order masking: application to a verifying masking compiler. IACR Cryptol. ePrint Arch. 2015, 506 (2015)

    Google Scholar 

  5. Bringer, J., Carlet, C., Chabanne, H., Guilley, S., Maghrebi, H.: Orthogonal direct sum masking—a smartcard friendly computation paradigm in a code, with builtin protection against side-channel and fault attacks. In: David Naccache and Damien Sauveron, editors, Information Security Theory and Practice. Securing the Internet of Things - 8th IFIP WG 11.2 International Workshop, WISTP 2014, Heraklion, Crete, Greece, June 30 - July 2, 2014. Proceedings, volume 8501 of Lecture Notes in Computer Science, pp. 40–56. Springer, (2014)

  6. Carlet, C., Güneri, C., Mesnager, S., Özbudak, F.: Construction of some codes suitable for both side channel and fault injection attacks. In: Lilya Budaghyan and Francisco Rodríguez-Henríquez, editors, Arithmetic of Finite Fields—7th International Workshop, WAIFI 2018, Bergen, Norway, June 14-16, 2018, Revised Selected Papers, volume 11321 of Lecture Notes in Computer Science, pp. 95–107. Springer, (2018)

  7. Chakraborty, Abhishek, Mazumdar, Bodhisatwa, Mukhopadhyay, Debdeep: A combined power and fault analysis attack on protected grain family of stream ciphers. IEEE Trans. CAD Integr. Circuits Syst. 36(12), 1968–1977 (2017)

    Article  Google Scholar 

  8. Cheng, W., Carlet, C., Goli, K., Danger, J.-L., Guilley, S.: Detecting faults in inner product masking scheme—IPM-FD: IPM with fault detection, August 24 2019. In: 8th International Workshop on Security Proofs for Embedded Systems (PROOFS). Atlanta, GA, USA (2019)

  9. Cheng, W., Carlet, C., Goli, K., Danger, J.-L., Guilley, S.: Detecting faults in inner product masking scheme—IPM-FD: IPM with fault detection, August (2019). https://github.com/Qomo-CHENG/IPM-FD

  10. Cheng, W., Guilley, S., Danger, J.-L., Carlet, C., Mesnager, S.: Optimal Linear Codes for IPM, January (2020). https://github.com/Qomo-CHENG/OC-IPM

  11. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M.: Passive and active combined attacks on AES. In: FDTC, pp. 10–18. IEEE Computer Society, 21 August 2010. Santa Barbara, CA, USA. (2010) https://doi.org/10.1109/FDTC.2010.17

  12. Coron, J.-S.: HTable countermeasure against side-channel attacks—reference implementation for the masking scheme presented in [13]. https://github.com/coron/htable

  13. Coron, J.-S.: Higher order masking of look-up tables. In: Phong Q. Nguyen and Elisabeth Oswald, editors, EUROCRYPT, volume 8441 of Lecture Notes in Computer Science, pp. 441–458. Springer (2014)

  14. Coron, J.-S., Prouff, E., Rivain, M.: Side channel cryptanalysis of a higher order masking scheme. In: Pascal, P., Ingrid, V., editors, CHES, volume 4727 of LNCS, pp. 28–44. Springer (2007)

  15. Danger, Jean-Luc, Guilley, Sylvain, Heuser, Annelie, Legay, Axel, Tang, Ming: Physical security versus masking schemes. In: Koç, Çetin Kaya (ed.) Cyber-Physical Systems Security, pp. 269–284. Springer, Berlin (2018)

    Chapter  Google Scholar 

  16. Denis, F.: The Sodium cryptography library, Jul (2019)

  17. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: CRYPTO, volume 2729 of Lecture Notes in Computer Science, pp. 463–481. Springer, August 17–21 2003. Santa Barbara, California, USA (2003)

  18. Karpovsky, M.G., Kulikowski, K.J., Wang, Z.: Robust error detection in communication and computation channels. In: in Proceedings of International Workshop on Spectral Techniques (2007)

  19. Karpovsky, Mark G., Nagvajara, Prawat: Optimal codes for minimax criterion on error detection. IEEE Trans. Inf. Theory 35(6), 1299–1305 (1989)

    Article  MathSciNet  Google Scholar 

  20. Karpovsky, Mark G., Taubin, Alexander: New class of nonlinear systematic error detecting codes. IEEE Trans. Inf. Theory 50(8), 1818–1820 (2004)

    Article  MathSciNet  Google Scholar 

  21. Kirschbaum, M., Popp, T.: Evaluation of a DPA-resistant prototype chip. In: ACSAC, pp. 43–50. IEEE Computer Society, 7-11 December 2009. Honolulu, Hawaii (2009)

  22. Jessie MacWilliams, F., Sloane, Neil J .A.: The Theory of Error-Correcting Codes. Elsevier, Amsterdam, North Holland (1977). ISBN: 978-0-444-85193-2

    MATH  Google Scholar 

  23. MacWilliams, F.J., Sloane, N.J.A. Neil James A.: The theory of error correcting codes. North-Holland mathematical library. North-Holland Pub. Co. New York, Amsterdam, New York, 1977. Includes index (1977)

  24. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, December 2006. ISBN 0-387-30857-1, http://www.dpabook.org/ (2006)

  25. Messerges, T.S.: Securing the AES finalists against power analysis attacks. In: Bruce Schneier, editor, Fast Software Encryption, 7th International Workshop, FSE 2000, New York, NY, USA, April 10-12, 2000, Proceedings, volume 1978 of Lecture Notes in Computer Science, pp. 150–164. Springer (2000)

  26. Monteiro, C., Takahashi, Y., Sekine, T.: Low power secure AES S-box using adiabatic logic circuit. In: 2013 IEEE Faible Tension Faible Consommation, pp. 1–4, June (2013)

  27. Moore, Simon, Anderson, Ross, Mullins, Robert, Taylor, George, Fournier, Jacques JA: Balanced self-checking asynchronous logic for smart card applications. J. Microprocess. Microsyst. 27(9), 421–430 (2003)

    Article  Google Scholar 

  28. Ngo, X.T., Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: Linear complementary dual code improvement to strengthen encoded circuit against hardware Trojan horses. In: IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2015, Washington, DC, USA, 5-7 May, 2015, pp. 82–87. IEEE (2015)

  29. Patranabis, S., Chakraborty, A., Nguyen, P.H., Mukhopadhyay, D.: A biased fault attack on the time redundancy countermeasure for AES. In: Stefan, M., Axel, Y.P., editors, Constructive Side-Channel Analysis and Secure Design - 6th International Workshop, COSADE 2015, Berlin, Germany, April 13-14, 2015. Revised Selected Papers, volume 9064 of Lecture Notes in Computer Science, pp. 189–203. Springer (2015)

  30. Poussier, R., Guo, Q., Standaert, F.-X., Carlet, C., Guilley, S.: Connecting and improving direct sum masking and inner product masking. In: Thomas, E., Yannick, T., editors, Smart Card Research and Advanced Applications—16th International Conference, CARDIS 2017, Lugano, Switzerland, November 13-15, 2017, Revised Selected Papers, volume 10728 of Lecture Notes in Computer Science, pp. 123–141. Springer (2017)

  31. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Stefan, M., François-Xavier, S., editors, CHES, volume 6225 of LNCS, pp. 413–427. Springer (2010)

  32. Saha, S., Jap, D., Breier, J., Bhasin, S., Mukhopadhyay, D., Dasgupta, P.: Breaking redundancy-based countermeasures with random faults and power side channel. In: 2018 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2018, Amsterdam, The Netherlands, September 13, 2018, pp. 15–22. IEEE Computer Society (2018)

  33. Schneider, T., Moradi, A., Güneysu, T.: Parti - towards combined hardware countermeasures against side-channel and fault-injection attacks. In: Matthew Robshaw and Jonathan Katz, editors, Advances in Cryptology - CRYPTO 2016 - 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part II, volume 9815 of Lecture Notes in Computer Science, pp. 302–332. Springer (2016)

  34. Singleton, Richard C.: Maximum distance q -nary codes. IEEE Trans. Inf. Theory 10(2), 116–118 (1964)

    Article  MathSciNet  Google Scholar 

  35. University of Sydney (Australia). Magma Computational Algebra System. http://magma.maths.usyd.edu.au/magma/, Accessed on Aug 22, 2014

  36. Wang, W., Standaert, F.-X., Yu, Y., Pu, S., Liu, J., Guo, Z., Gu, D.: Inner product masking for bitslice ciphers and security order amplification for linear leakages. In: Kerstin, L.-R., Michael, T., editors, Smart Card Research and Advanced Applications - 15th International Conference, CARDIS 2016, Cannes, France, November 7-9, 2016, Revised Selected Papers, volume 10146 of Lecture Notes in Computer Science, pp. 174–191. Springer (2016)

Download references

Acknowledgements

This work has been partly financed via the project TeamPlay (https://teamplay-h2020.eu/), a project from European Union’s Horizon2020 research and innovation program, under grant agreement No. 779882, and also supported by SECODE project (https://secode.telecom-paristech.fr/) under grant No. ANR-15-CHR2-0007 funded by the CHIST-ERA program and coordinated by ANR.

Author information

Authors and Affiliations

  1. LTCI, Télécom Paris, Institut Polytechnique de Paris, Paris, France

    Wei Cheng, Kouassi Goli, Jean-Luc Danger & Sylvain Guilley

  2. LAGA, Department of Mathematics, University of Paris 8, Paris, France

    Claude Carlet

  3. Secure-IC S.A.S., Cesson-Sévigné, France

    Jean-Luc Danger & Sylvain Guilley

  4. Département d’informatique de l’ENS, ENS, CNRS, PSL Research University, Paris, France

    Sylvain Guilley

Authors
  1. Wei Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Claude Carlet
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kouassi Goli
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Luc Danger
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wei Cheng.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This work is an extension of [8] (PROOFS 2019).

An optimal codes for IPM-FD with \(k=2\)

An optimal codes for IPM-FD with \(k=2\)

Table 6 Examples with \({\mathbb {K}}= {\mathbb {F}}_2\), \(d_w\) and \(d_b\) are security orders at word level and bit level, respectively. In this case, the same codes can also be used in BM-FD, while BM-FD is defined over \({\mathbb {K}}= {\mathbb {F}}_{2^l}\)
Full size table

By using Magma [35], we present some instances for IPM-FD with \(k=2\), in particular \({\mathbb {K}}= {\mathbb {F}}_{2^4}\) in Table 5 and \({\mathbb {K}}= {\mathbb {F}}_{2}\) in Table 6, respectively. Interestingly, we notice that for \({\mathbb {K}}= {\mathbb {F}}_{2}\) the best minimum distance of \({\mathbf {H}}^\perp \) is equal to BKLC(GF(2), n, 2), where n is the same as in Table 6.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Cheng, W., Carlet, C., Goli, K. et al. Detecting faults in inner product masking scheme. J Cryptogr Eng 11, 119–133 (2021). https://doi.org/10.1007/s13389-020-00227-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-020-00227-6

Keywords

Search

Navigation