Concurrent error detection schemes for involution ciphers

Nikhil Joshi, Kaijie Wu, Ramesh Karri

Research output: Contribution to journalArticlepeer-review

Abstract

Because of the rapidly shrinking dimensions in VLSI, transient and permanent faults arise and will continue to occur in the near future in increasing numbers. Since cryptographic chips are a consumer product produced in large quantities, cheap solutions for concurrent checking are needed. Concurrent Error Detection (CED) for cryptographic chips also has a great potential for detecting (deliberate) fault injection attacks where faults are injected into a cryptographic chip to break the key. In this paper we propose a low cost, low latency, time redundancy based CED technique for a class of symmetric block ciphers whose round functions are involutions. This CED technique can detect both permanent and transient faults with almost no time overhead. A function F is an involution if F(F(x))=x. The proposed CED architecture (i) exploits the involution property of the ciphers and checks if x=F(F(x)) for each of the involutional round functions to detect transient and permanent faults and (ii) uses the idle cycles in the design to achieve close to a 0% time overhead. Our preliminary ASIC synthesis experiment with the involutional cipher KHAZAD resulted in an area overhead of 23.8% and a throughput degradation of 8%. A fault injection based simulation shows that the proposed architecture detects all single-bit faults.

Original languageEnglish (US)
Pages (from-to)400-412
Number of pages13
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3156
StatePublished - 2004

Keywords

  • Concurrent error detection (CED)
  • Fault tolerance
  • Involutional ciphers
  • KHAZAD

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Concurrent error detection schemes for involution ciphers'. Together they form a unique fingerprint.

Cite this