### Abstract

Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption. We will describe a general concurrent error detection (CED) approach against such attacks on symmetric block ciphers using CS-cipher as an example. The proposed CED compares a carefully modified parity of the input plain text with that of the output cipher text. An analysis of the CS-Cipher shows that on one hand the parity of its inputs is modified by a constant one or zero by component-wise exclusive-or of inputs with the round keys and with the round constants; if the parity of the round keys and of the round constants is odd (even) the parity of the inputs is modified by one (not modified). On the other hand, the diffusion network based on the Fast Fourier Transform does not alter the parity. Finally, the 16-bit to 16-bit non-linear mixing function does not have any simple relation between the parity of its inputs and of its outputs. The mixing function is composed of a linear function φ and a non-linear function p. In order to maintain the invariance of the parity from the inputs to the outputs of each CS-cipher encryption round, we added a parity correction term (exclusive-or of the parity of its inputs and outputs) to the non-linear function p and slightly modified the parity function due to the linear function φ. Faults introduced into the CS-cipher design are detected by comparing the overall parity of the input modified by the parity of the round keys, round constants and correction terms of the mixing functions with the parity of the (intermediate) cipher text obtained after every step of an encryption round.

Original language | English (US) |
---|---|

Title of host publication | IEEE International Test Conference (TC) |

Pages | 919-926 |

Number of pages | 8 |

State | Published - 2003 |

Event | Proceedings International Test Conference 2003 - Charlotte, NC, United States Duration: Sep 30 2003 → Oct 2 2003 |

### Other

Other | Proceedings International Test Conference 2003 |
---|---|

Country | United States |

City | Charlotte, NC |

Period | 9/30/03 → 10/2/03 |

### Fingerprint

### ASJC Scopus subject areas

- Electronic, Optical and Magnetic Materials
- Electrical and Electronic Engineering
- Hardware and Architecture

### Cite this

*IEEE International Test Conference (TC)*(pp. 919-926)

**Parity-Based Concurrent Error Detection in Symmetric Block Ciphers.** / Karri, Ramesh; Kuznetsov, Grigori; Goessel, Michael.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*IEEE International Test Conference (TC).*pp. 919-926, Proceedings International Test Conference 2003, Charlotte, NC, United States, 9/30/03.

}

TY - GEN

T1 - Parity-Based Concurrent Error Detection in Symmetric Block Ciphers

AU - Karri, Ramesh

AU - Kuznetsov, Grigori

AU - Goessel, Michael

PY - 2003

Y1 - 2003

N2 - Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption. We will describe a general concurrent error detection (CED) approach against such attacks on symmetric block ciphers using CS-cipher as an example. The proposed CED compares a carefully modified parity of the input plain text with that of the output cipher text. An analysis of the CS-Cipher shows that on one hand the parity of its inputs is modified by a constant one or zero by component-wise exclusive-or of inputs with the round keys and with the round constants; if the parity of the round keys and of the round constants is odd (even) the parity of the inputs is modified by one (not modified). On the other hand, the diffusion network based on the Fast Fourier Transform does not alter the parity. Finally, the 16-bit to 16-bit non-linear mixing function does not have any simple relation between the parity of its inputs and of its outputs. The mixing function is composed of a linear function φ and a non-linear function p. In order to maintain the invariance of the parity from the inputs to the outputs of each CS-cipher encryption round, we added a parity correction term (exclusive-or of the parity of its inputs and outputs) to the non-linear function p and slightly modified the parity function due to the linear function φ. Faults introduced into the CS-cipher design are detected by comparing the overall parity of the input modified by the parity of the round keys, round constants and correction terms of the mixing functions with the parity of the (intermediate) cipher text obtained after every step of an encryption round.

AB - Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption. We will describe a general concurrent error detection (CED) approach against such attacks on symmetric block ciphers using CS-cipher as an example. The proposed CED compares a carefully modified parity of the input plain text with that of the output cipher text. An analysis of the CS-Cipher shows that on one hand the parity of its inputs is modified by a constant one or zero by component-wise exclusive-or of inputs with the round keys and with the round constants; if the parity of the round keys and of the round constants is odd (even) the parity of the inputs is modified by one (not modified). On the other hand, the diffusion network based on the Fast Fourier Transform does not alter the parity. Finally, the 16-bit to 16-bit non-linear mixing function does not have any simple relation between the parity of its inputs and of its outputs. The mixing function is composed of a linear function φ and a non-linear function p. In order to maintain the invariance of the parity from the inputs to the outputs of each CS-cipher encryption round, we added a parity correction term (exclusive-or of the parity of its inputs and outputs) to the non-linear function p and slightly modified the parity function due to the linear function φ. Faults introduced into the CS-cipher design are detected by comparing the overall parity of the input modified by the parity of the round keys, round constants and correction terms of the mixing functions with the parity of the (intermediate) cipher text obtained after every step of an encryption round.

UR - http://www.scopus.com/inward/record.url?scp=0142184761&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0142184761&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:0142184761

SP - 919

EP - 926

BT - IEEE International Test Conference (TC)

ER -