Skip to main content
Book cover

Annual International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2020: Advances in Cryptology – EUROCRYPT 2020 pp 581–611Cite as

Friet: An Authenticated Encryption Scheme with Built-in Fault Detection

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12105)

Abstract

In this work we present a duplex-based authenticated encryption scheme \(\textsc {Friet}\) based on a new permutation called \(\textsc {Friet-P}\). We designed \(\textsc {Friet-P}\) with a novel approach for cryptographic permutations and block ciphers that takes fault-attack resistance into account and that we introduce in this paper.

In this method, we build a permutation \({f_C}\) to be embedded in a larger one, \(f\). First, we define \(f\) as a sequence of steps that all abide a chosen error-correcting code \(C\), i.e., that map \(C\)-codewords to \(C\)-codewords. Then, we embed \({f_C}\) in \(f\) by first encoding its input to an element of C, applying \(f\) and then decoding back from C. This last step detects a fault when the output of \(f\) is not in \(C\).

We motivate the design of the permutation we use in \(\textsc {Friet}\) and report on performance in soft- and hardware. We evaluate the fault-detection capabilities of the software and simulated hardware implementations with attacks. Finally, we perform a leakage evaluation. Our code is available at https://github.com/thisimon/Friet.git.

Keywords

  • Design of cryptographic primitives
  • Fault injection countermeasures
  • Side channel attack
  • Lightweight implementations

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-45721-1_21
  • Chapter length: 31 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-45721-1
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   149.99
Price excludes VAT (USA)
Learn about institutional subscriptions
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

References

  1. Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., Standaert, F.-X.: On the cost of lazy engineering for masked software implementations. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 64–81. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16763-3_5

    CrossRef  Google Scholar 

  2. Beierle, C., Canteaut, A., Leander, G., Rotella, Y.: Proving resistance against invariant attacks: how to choose the round constants. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 647–678. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_22

    CrossRef  Google Scholar 

  3. Beierle, C., Leander, G., Moradi, A., Rasoolzadeh, S.: CRAFT: lightweight tweakable block cipher with efficient protection against DFA attacks. IACR ToSC 2019(1), 5–45 (2019). https://doi.org/10.13154/tosc.v2019.i1.5-45

    CrossRef  Google Scholar 

  4. Bernstein, D., et al.: Gimli 20190927, September 2019. http://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/gimli-spec-round2.pdf

  5. Bertoni, G., Daemen, J., Peeters, M., Assche, G.V., Keer, R.V.: Keccak implementation overview, May 2012. https://keccak.team/papers.html

  6. Bertoni, G.: Ketje keyak vhdl. GitHub repository (2019). https://github.com/guidobertoni/KetjeKeyakVHDL

  7. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28496-0_19

    CrossRef  Google Scholar 

  8. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: Caesar submission: Ketje v.2 (2016)

    Google Scholar 

  9. Clavier, C.: Secret external encodings do not prevent transient fault analysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 181–194. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_13

    CrossRef  Google Scholar 

  10. Cojocar, L., Papagiannopoulos, K., Timmers, N.: Instruction duplication: leaky and not too fault-tolerant!. In: Eisenbarth, T., Teglia, Y. (eds.) CARDIS 2017. LNCS, vol. 10728, pp. 160–179. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75208-2_10

    CrossRef  Google Scholar 

  11. Daemen, J., Hoffert, S., Peeters, M., Assche, G.V., Keer, R.V.: Xoodyak, a lightweight cryptographic scheme, April 2018. http://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/Xoodyak-spec-round2.pdf

  12. Daemen, J., Dobraunig, C., Eichlseder, M., Gross, H., Mendel, F., Primas, R.: Protecting against statistical ineffective fault attacks. IACR ePrint Archive, Report 2019/536 (2019). https://eprint.iacr.org/2019/536

  13. Daemen, J., Hoffert, S., Van Assche, G., Van Keer, R.: The design of Xoodoo and Xoofff. IACR ToSC 2018(4), 1–38 (2018). https://doi.org/10.13154/tosc.v2018.i4.1-38

    CrossRef  Google Scholar 

  14. Daemen, J., Mennink, B., Van Assche, G.: Full-state keyed duplex with built-in multi-user support. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 606–637. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_21

    CrossRef  MATH  Google Scholar 

  15. Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4

    CrossRef  MATH  Google Scholar 

  16. Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. IACR ePrint Archive 2008/385 (2008)

    Google Scholar 

  17. Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: SIFA: exploiting ineffective fault inductions on symmetric cryptography. IACR TCHES 2018(3), 547–572 (2018). https://doi.org/10.13154/tches.v2018.i3.547-572

    CrossRef  Google Scholar 

  18. Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1.2. Submission to the CAESAR Competition (2016)

    Google Scholar 

  19. Dobraunig, C., Eichlseder, M., Mendel, F., Schofnegger, M.: Algebraic cryptanalysis of variants of Frit. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 149–170. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-38471-5_7

    CrossRef  Google Scholar 

  20. Green, J., Roy, A., Oswald, E.: A systematic study of the impact of graphical models on inference-based attacks on AES. IACR ePrint Archive 2018/671 (2018)

    Google Scholar 

  21. Guo, Q., Grosso, V., Standaert, F.: Modeling soft analytical side-channel attacks from a coding theory viewpoint. IACR ePrint Archive 2018/498 (2018)

    Google Scholar 

  22. Kschischang, F.R., Frey, B.J., Loeliger, H.A.: Factor graphs and the sum-product algorithm. IEEE Trans. Inf. Theory 47(2), 498–519 (2001)

    MathSciNet  CrossRef  Google Scholar 

  23. Lac, B., Canteaut, A., Fournier, J.J.A., Sirdey, R.: Thwarting fault attacks using the internal redundancy countermeasure (IRC). IACR ePrint Archive 2017/910 (2017)

    Google Scholar 

  24. Patrick, C., Yuce, B., Ghalaty, N.F., Schaumont, P.: Lightweight fault attack resistance in software using intra-instruction redundancy. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 231–244. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69453-5_13

    CrossRef  MATH  Google Scholar 

  25. Qin, L., Dong, X., Jia, K., Zong, R.: Key-dependent cube attack on reduced Frit permutation in duplex-ae modes. IACR ePrint Archive 2019/170 (2019)

    Google Scholar 

  26. Regazzoni, F., Breveglieri, L., Ienne, P., Koren, I.: Interaction between fault attack countermeasures and the resistance against power analysis attacks. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography, pp. 257–272. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29656-7_15

    CrossRef  Google Scholar 

  27. Reparaz, O., et al.: CAPA: the spirit of beaver against physical attacks. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 121–151. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_5

    CrossRef  Google Scholar 

  28. Saha, S., Roy, D.B., Bag, A., Patranabis, S., Mukhopadhyay, D.: Breach the gate: Exploiting observability for fault template attacks on block ciphers. IACR ePrint Archive, Report 2019/937 (2019). https://eprint.iacr.org/2019/937

  29. Schneider, T., Moradi, A., Güneysu, T.: ParTI – towards combined hardware countermeasures against side-channel and fault-injection attacks. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 302–332. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_11

    CrossRef  Google Scholar 

  30. Simon, T., et al.: Towards lightweight cryptographic primitives with built-in fault-detection. IACR ePrint Archive 2018/729 (2018)

    Google Scholar 

  31. Song, L., Guo, J., Shi, D., Ling, S.: New MILP modeling: improved conditional cube attacks on keccak-based constructions. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 65–95. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_3

    CrossRef  Google Scholar 

  32. TS Developers: SageMath (2016)

    Google Scholar 

  33. Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Soft analytical side-channel attacks. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 282–296. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_15

    CrossRef  Google Scholar 

Download references

Acknowledgments

Joan Daemen is supported by the European Research Council under the ERC advanced grant agreement under grant ERC-2017-ADG Nr. 788980 ESCADA. Francesco Regazzoni received support from the European Union Horizon 2020 research and innovation program under CERBERO project (grant agreement number 732105). Lejla Batina and Pedro Maat C. Massolino were supported by the Technology Foundation STW (project 13499 - TYPHOON), from the Dutch government.

Author information

Authors and Affiliations

  1. Digital Security Group, Radboud University, Nijmegen, The Netherlands

    Thierry Simon, Lejla Batina, Joan Daemen, Vincent Grosso, Pedro Maat Costa Massolino, Kostas Papagiannopoulos & Niels Samwel

  2. CNRS/Univ. Lyon, Laboratoire Hubert Curien, UMR 5516, Saint-Etienne, France

    Vincent Grosso

  3. ALaRI, University of Lugano, Lugano, Switzerland

    Francesco Regazzoni

  4. STMicroelectronics Diegem, Diegem, Belgium

    Thierry Simon

  5. NXP Semiconductors Hamburg, Hamburg, Germany

    Kostas Papagiannopoulos

Authors
  1. Thierry Simon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lejla Batina
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joan Daemen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vincent Grosso
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Pedro Maat Costa Massolino
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Kostas Papagiannopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Francesco Regazzoni
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Niels Samwel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Thierry Simon or Joan Daemen .

Editor information

Editors and Affiliations

  1. Équipe-projet COSMIQ, Inria, Paris, France

    Anne Canteaut

  2. Computer Science Department, Technion, Haifa, Israel

    Yuval Ishai

A Design Strategy for a \([6, 3, 3]_2\)-abiding Permutation

A Design Strategy for a \([6, 3, 3]_2\)-abiding Permutation

In this section, we discuss adapting the code embedding technique on a larger linear code. We focus on code \(C = [6, 3, 3]_2\) and showcase the different limb transposition operations that a C-abiding permutation could take advantage of.

Let \({f_C}\) be a \(C\)-abiding permutation on a state (abcdef), with abc native limbs and def parity limbs satisfying equations:

$$\begin{aligned} d = b+c, \quad e = a+c, \quad f = a+b. \end{aligned}$$

Let’s say that a native and a parity limb are related when both of them appear in the same parity equation. In particular, limb a is related to limbs e and f, but not to d. A native limb transposition then requires swapping two native limbs and the two parity limbs that are related to only one of the two native limbs involved. An example for such operation is given by \(\pi (a,b,c,d,e,f) = (a,c,b,d,f,e)\). On the other hand, a non-native limb transposition requires swapping a native limb x with a parity limb \(x+y\) and bitwise add the other native limb y to the other parity limb related to x. An example for this is \(\rho (a,b,c,d,e,f) = (e,b,c,d,a,f+c)\). Note that this the same computational cost of one bitwise addition as the associated embedded operation \(\rho _C(a,b,c)= (a+c,b,c)\). By contrast, a limb adaptation operation requires three times as much computation as its embedded equivalent.

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 International Association for Cryptologic Research

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Simon, T. et al. (2020). Friet: An Authenticated Encryption Scheme with Built-in Fault Detection. In: Canteaut, A., Ishai, Y. (eds) Advances in Cryptology – EUROCRYPT 2020. EUROCRYPT 2020. Lecture Notes in Computer Science(), vol 12105. Springer, Cham. https://doi.org/10.1007/978-3-030-45721-1_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-45721-1_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-45720-4

  • Online ISBN: 978-3-030-45721-1

  • eBook Packages: Computer ScienceComputer Science (R0)