Parity-Based Concurrent Error Detection in Symmetric Block Ciphers

Ramesh Karri, Grigori Kuznetsov, Michael Goessel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption. We will describe a general concurrent error detection (CED) approach against such attacks on symmetric block ciphers using CS-cipher as an example. The proposed CED compares a carefully modified parity of the input plain text with that of the output cipher text. An analysis of the CS-Cipher shows that on one hand the parity of its inputs is modified by a constant one or zero by component-wise exclusive-or of inputs with the round keys and with the round constants; if the parity of the round keys and of the round constants is odd (even) the parity of the inputs is modified by one (not modified). On the other hand, the diffusion network based on the Fast Fourier Transform does not alter the parity. Finally, the 16-bit to 16-bit non-linear mixing function does not have any simple relation between the parity of its inputs and of its outputs. The mixing function is composed of a linear function φ and a non-linear function p. In order to maintain the invariance of the parity from the inputs to the outputs of each CS-cipher encryption round, we added a parity correction term (exclusive-or of the parity of its inputs and outputs) to the non-linear function p and slightly modified the parity function due to the linear function φ. Faults introduced into the CS-cipher design are detected by comparing the overall parity of the input modified by the parity of the round keys, round constants and correction terms of the mixing functions with the parity of the (intermediate) cipher text obtained after every step of an encryption round.

Original languageEnglish (US)
Title of host publicationIEEE International Test Conference (TC)
Pages919-926
Number of pages8
StatePublished - 2003
EventProceedings International Test Conference 2003 - Charlotte, NC, United States
Duration: Sep 30 2003Oct 2 2003

Other

OtherProceedings International Test Conference 2003
CountryUnited States
CityCharlotte, NC
Period9/30/0310/2/03

Fingerprint

Error detection
Cryptography
Invariance
Fast Fourier transforms

ASJC Scopus subject areas

  • Electronic, Optical and Magnetic Materials
  • Electrical and Electronic Engineering
  • Hardware and Architecture

Cite this

Karri, R., Kuznetsov, G., & Goessel, M. (2003). Parity-Based Concurrent Error Detection in Symmetric Block Ciphers. In IEEE International Test Conference (TC) (pp. 919-926)

Parity-Based Concurrent Error Detection in Symmetric Block Ciphers. / Karri, Ramesh; Kuznetsov, Grigori; Goessel, Michael.

IEEE International Test Conference (TC). 2003. p. 919-926.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Karri, R, Kuznetsov, G & Goessel, M 2003, Parity-Based Concurrent Error Detection in Symmetric Block Ciphers. in IEEE International Test Conference (TC). pp. 919-926, Proceedings International Test Conference 2003, Charlotte, NC, United States, 9/30/03.
Karri R, Kuznetsov G, Goessel M. Parity-Based Concurrent Error Detection in Symmetric Block Ciphers. In IEEE International Test Conference (TC). 2003. p. 919-926
Karri, Ramesh ; Kuznetsov, Grigori ; Goessel, Michael. / Parity-Based Concurrent Error Detection in Symmetric Block Ciphers. IEEE International Test Conference (TC). 2003. pp. 919-926
@inproceedings{b3149a39c1d54ff299ea24c69d7d73eb,
title = "Parity-Based Concurrent Error Detection in Symmetric Block Ciphers",
abstract = "Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption. We will describe a general concurrent error detection (CED) approach against such attacks on symmetric block ciphers using CS-cipher as an example. The proposed CED compares a carefully modified parity of the input plain text with that of the output cipher text. An analysis of the CS-Cipher shows that on one hand the parity of its inputs is modified by a constant one or zero by component-wise exclusive-or of inputs with the round keys and with the round constants; if the parity of the round keys and of the round constants is odd (even) the parity of the inputs is modified by one (not modified). On the other hand, the diffusion network based on the Fast Fourier Transform does not alter the parity. Finally, the 16-bit to 16-bit non-linear mixing function does not have any simple relation between the parity of its inputs and of its outputs. The mixing function is composed of a linear function φ and a non-linear function p. In order to maintain the invariance of the parity from the inputs to the outputs of each CS-cipher encryption round, we added a parity correction term (exclusive-or of the parity of its inputs and outputs) to the non-linear function p and slightly modified the parity function due to the linear function φ. Faults introduced into the CS-cipher design are detected by comparing the overall parity of the input modified by the parity of the round keys, round constants and correction terms of the mixing functions with the parity of the (intermediate) cipher text obtained after every step of an encryption round.",
author = "Ramesh Karri and Grigori Kuznetsov and Michael Goessel",
year = "2003",
language = "English (US)",
pages = "919--926",
booktitle = "IEEE International Test Conference (TC)",

}

TY - GEN

T1 - Parity-Based Concurrent Error Detection in Symmetric Block Ciphers

AU - Karri, Ramesh

AU - Kuznetsov, Grigori

AU - Goessel, Michael

PY - 2003

Y1 - 2003

N2 - Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption. We will describe a general concurrent error detection (CED) approach against such attacks on symmetric block ciphers using CS-cipher as an example. The proposed CED compares a carefully modified parity of the input plain text with that of the output cipher text. An analysis of the CS-Cipher shows that on one hand the parity of its inputs is modified by a constant one or zero by component-wise exclusive-or of inputs with the round keys and with the round constants; if the parity of the round keys and of the round constants is odd (even) the parity of the inputs is modified by one (not modified). On the other hand, the diffusion network based on the Fast Fourier Transform does not alter the parity. Finally, the 16-bit to 16-bit non-linear mixing function does not have any simple relation between the parity of its inputs and of its outputs. The mixing function is composed of a linear function φ and a non-linear function p. In order to maintain the invariance of the parity from the inputs to the outputs of each CS-cipher encryption round, we added a parity correction term (exclusive-or of the parity of its inputs and outputs) to the non-linear function p and slightly modified the parity function due to the linear function φ. Faults introduced into the CS-cipher design are detected by comparing the overall parity of the input modified by the parity of the round keys, round constants and correction terms of the mixing functions with the parity of the (intermediate) cipher text obtained after every step of an encryption round.

AB - Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption. We will describe a general concurrent error detection (CED) approach against such attacks on symmetric block ciphers using CS-cipher as an example. The proposed CED compares a carefully modified parity of the input plain text with that of the output cipher text. An analysis of the CS-Cipher shows that on one hand the parity of its inputs is modified by a constant one or zero by component-wise exclusive-or of inputs with the round keys and with the round constants; if the parity of the round keys and of the round constants is odd (even) the parity of the inputs is modified by one (not modified). On the other hand, the diffusion network based on the Fast Fourier Transform does not alter the parity. Finally, the 16-bit to 16-bit non-linear mixing function does not have any simple relation between the parity of its inputs and of its outputs. The mixing function is composed of a linear function φ and a non-linear function p. In order to maintain the invariance of the parity from the inputs to the outputs of each CS-cipher encryption round, we added a parity correction term (exclusive-or of the parity of its inputs and outputs) to the non-linear function p and slightly modified the parity function due to the linear function φ. Faults introduced into the CS-cipher design are detected by comparing the overall parity of the input modified by the parity of the round keys, round constants and correction terms of the mixing functions with the parity of the (intermediate) cipher text obtained after every step of an encryption round.

UR - http://www.scopus.com/inward/record.url?scp=0142184761&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0142184761&partnerID=8YFLogxK

M3 - Conference contribution

SP - 919

EP - 926

BT - IEEE International Test Conference (TC)

ER -