Abstract
Through pseudorandom permutation, tweakable enciphering schemes (TES) constitute block cipher modes of operation which perform length-preserving computations. The state-of-the-art research has focused on different aspects of TES, including implementations on hardware [field-programmable gate array (FPGA)/ application-specific integrated circuit (ASIC)] and software (hard/soft-core microcontrollers) platforms, algorithmic security, and applicability to sensitive, security-constrained usage models. In this article, we propose efficient approaches for protecting such schemes against natural and malicious faults. Specifically, noting that intelligent attackers do not merely get confined to injecting multiple faults, one major benchmark for the proposed schemes is evaluation toward biased and burst fault models. We evaluate a variant of TES, i.e., the Hash-Counter-Hash scheme, which involves polynomial hashing as other variants are either similar or do not constitute finite field multiplication which, by far, is the most involved operation in TES. In addition, we benchmark the overhead and performance degradation on the ASIC platform. The results of our error injection simulations and ASIC implementations show the suitability of the proposed approaches for a wide range of applications including deeply embedded systems.
- P. Ahir, M. Mozaffari Kermani, and R. Azarderakhsh. 2017. Lightweight architectures for reliable and fault detection Simon and Speck cryptographic algorithms on FPGA. ACM Transactions on Embedded Computer Systems 16, 4 (2017), 109:1--109:17. Google ScholarDigital Library
- S. Bayat-Sarmadi, M. Mozaffari Kermani, and A. Reyhani-Masoleh. 2014. Efficient and concurrent reliable realization of the secure cryptographic SHA-3 algorithm. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 33, 7 (2014), 1105--1109.Google ScholarCross Ref
- R. Beaulieu, D. Shors, J. Smith, S. T. Clark, B. Weeks, and L. Wingers. 2013. The Simon and Speck families of block ciphers. In Proc. Cryptology ePrint Archive, Report no. 2013/404.Google Scholar
- R. Beaulieu, D. Shors, J. Smith, S. T. Clark, B. Weeks, and L. Wingers. 2015. Simon andSpeck: Block ciphers for the internet of things. In Proc. Cryptology ePrint Archive, Report no. 2015/585.Google Scholar
- D. Bernstein. 2007. Polynomial evaluation and message authentication. Retrieved January 2018 from https://cr.yp.to/antiforgery/pema-20071022.pdf.Google Scholar
- R. Bhaumik and M. Nandi. 2015. An inverse-free single-keyed tweakable enciphering scheme. In Proc. ASIACRYPT. 159--180. Google ScholarDigital Library
- C. D. Cannière, O. Dunkelman, and M. Knezevic. 2009. KATAN 8 KTANTAN - A family of small and efficient hardware-oriented block ciphers. In Proc. Cryptographic Hardware and Embedded Systems. 272--288. Google ScholarDigital Library
- D. Chakraborty and P. Sarkar. 2008. HCH: A new tweakable enciphering scheme using the hash-counter-hash approach. IEEE Transactions on Information Theory 54, 4 (2008), 1683--1699. Google ScholarDigital Library
- D. Chakraborty, C. Mancillas-Lopez, F. Rodriguez-Henriquez, and P. Sarkar. 2013. Efficient hardware implementations of BRW polynomials and tweakable enciphering schemes. IEEE Transactions on Computers 62, 2 (2013), 279--294. Google ScholarDigital Library
- D. Chakraborty, C. Mancillas-Lopez, and P. Sarkar. 2017. Disk encryption: Do we need to preserve length? Journal of Cryptographic Engineering, 1--21.Google Scholar
- X. Guo and R. Karri. 2013. Recomputing with permuted operands: A concurrent error detection approach. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 32, 10 (2013), 1595--1608. Google ScholarDigital Library
- X. Guo, D. Mukhopadhyay, C. Jin, and R. Karri. 2015. Security analysis of concurrent error detection against differential fault analysis. Journal on Cryptographic Engineering 5, 3 (2015), 153--169.Google ScholarCross Ref
- J. Guo, T. Peyrin, A. Poschmann, and M. J. B. Robshaw. 2011. The LED block cipher. In Proc. Cryptographic Hardware and Embedded Systems. 326--341. Google ScholarDigital Library
- S. Halevi. 2004. EME: Extending EME to handle arbitrary-length messages with as sociated data. In Proc. INDOCRYPT. 315--327. Google ScholarDigital Library
- S. Halevi. 2007. Invertible universal hashing and the TET encryption mode. In Proc. Advances in Cryptology-Ann. Int. Cryptology Conf. (CRYPTO). 412--429. Google ScholarDigital Library
- S. Halevi and P. Rogaway. 2003. A tweakable enciphering mode. In Proc. Advances in Cryptology-Ann. Int. Cryptology Conf. (CRYPTO). 482--499.Google Scholar
- S. Halevi and P. Rogaway. 2004. A parallelizable enciphering mode. In Proc. CT-RSA. 292--304.Google Scholar
- IEEE Security in Storage Working Group (SISWG) P1619. 2017. PRP Modes Comparison IEEE p1619. Retrieved May 2017 from http://siswg.net/, IEEE Computer Society.Google Scholar
- D. Karaklajic, J.-M. Schmidt, and I. Verbauwhede. 2013. Hardware designer’s guide to fault attacks. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 21, 12 (2013), 2295--2306. Google ScholarDigital Library
- M. Liskov, R. L. Rivest, and D. Wagner. 2002. Tweakable block ciphers. In Proc. Advances in Cryptology-Ann. Int. Cryptology Conf. (CRYPTO). 31--46. Google ScholarDigital Library
- P. Maistri and R. Leveugle. 2008. Double-Data-Rate computation as a countermeasure against fault analysis. IEEE Transactions on Computers 57, 11 (2008), 1528--1539. Google ScholarDigital Library
- C. Mancillas-Lopez, D. Chakraborty, and F. Rodriguez-Henriquez. 2010. Reconfigurable hardware implementations of tweakable enciphering schemes. IEEE Transactions on Computers 59, 11 (2010), 1547--1561. Google ScholarDigital Library
- A. Moradi, A. Poschmann, S. Ling, C. Paar, and H. Wang. 2011. Pushing the limits: A very compact and a threshold implementation of AES. In Proc. Advances in Cryptology. 69--88. Google ScholarDigital Library
- M. Mozaffari-Kermani and A. Reyhani-Masoleh. 2008. A lightweight concurrent fault detection scheme for the AES S-Boxes using normal basis. In Proc. LNCS Cryptographic Hardware and Embedded Systems (CHES). 113--129. Google ScholarDigital Library
- M. Mozaffari-Kermani and A. Reyhani-Masoleh. 2010. Concurrent structure independent fault detection schemes for the advanced encryption standard. IEEE Transactions on Computers 59, 5 (2010), 608--622. Google ScholarDigital Library
- M. Mozaffari-Kermani and A. Reyhani-Masoleh. 2012. Efficient and high-performance parallel hardware architectures for the AES-GCM. 2012. IEEE Transactions on Computers 61, 8 (2012), 1165--1178. Google ScholarDigital Library
- M. Mozaffari-Kermani and R. Azarderakhsh. 2013. Efficient fault diagnosis schemes for reliable lightweight cryptographic ISO/IEC standard CLEFIA benchmarked on ASIC and FPGA. IEEE Transactions on Industrial Electronics 60, 12 (2013), 5925--5932.Google ScholarCross Ref
- M. Mozaffari-Kermani and R. Azarderakhsh. 2015. Reliable hash trees for post-quantum stateless cryptographic hash-based signatures. In Proc. IEEE Int. Symp. Defect and Fault Tolerance in VLSI Systems (DFT). 103--108.Google Scholar
- M. Mozaffari-Kermani, K. Tian, R. Azarderakhsh, and S. Bayat-Sarmadi. 2014. Fault-resilient lightweight cryptographic block ciphers for secure embedded systems. IEEE Embedded Systems 6, 4 (2014), 89--92.Google ScholarCross Ref
- M. Mozaffari Kermani, R. Azarderakhsh, and A. Aghaie. 2016. Fault detection architectures for post-quantum cryptographic stateless hash-based secure signatures benchmarked on ASIC. ACM Transactions Embedded Computing Systems 16, 2 (2016), 59:1--59:19. Google ScholarDigital Library
- G. Di Natale, M. Doulcier, M. L. Flottes, and B. Rouzeyre. 2009. A reliable architecture for parallel implementations of the advanced encryption standard. J. Electronic Testing: Theory and Applications 25, 4 (2009), 269--278. Google ScholarDigital Library
- T. Peyrin and Y. Seurin. 2016. Counter-in-Tweak: Authenticated encryption modes for tweakable block ciphers. In Proc. Advances in Cryptology. 33-63. Google ScholarDigital Library
- M. O. Rabin and S. Winograd. 1972. Fast evaluation of polynomials by rational preparation. Communications on Pure and Applied Mathematics 25 (1972), 433--458.Google ScholarCross Ref
- P. Sarkar. 2009. Tweakable enciphering schemes using only the encryption function of a block cipher. Retrieved January 2018 from https://eprint.iacr.org/2009/216.pdf.Google Scholar
- A. Satoh, T. Sugawara, and T. Aoki. 2009. High-performance hardware architectures for Galois Counter Mode. IEEE Transactions on Computers 58, 7 (2009), 917--930. Google ScholarDigital Library
- K. Shibutani, T. Isobe, H. Hiwatari, A. Mitsuda, T. Akishita, and T. Shirai. 2011. Piccolo: An ultra-lightweight blockcipher. In Proc. Cryptographic Hardware and Embedded Systems. 342--357. Google ScholarDigital Library
- F. X. Standaert, G. Piret, N. Gershenfeld, and J. J. Quisquater. 2006. SEA: A scalable encryption algorithm for small embedded applications. In Proc. Smart Card Research and Advanced Applications. 222--236. Google ScholarDigital Library
- M. Yasin, B. Mazumdar, S. Subidh Ali, and O. Sinanoglu. 2015. Security analysis of logic encryption against the most effective side-channel attack: DPA. In Proc. DFTS. 97--102.Google Scholar
- C. H. Yen and B. F. Wu. 2006. Simple error detection methods for hardware implementation of advanced encryption standard. IEEE Transactions on Computers 55, 6, 720--731. Google ScholarDigital Library
Index Terms
- Efficient and Reliable Error Detection Architectures of Hash-Counter-Hash Tweakable Enciphering Schemes
Recommendations
Reconfigurable Hardware Implementations of Tweakable Enciphering Schemes
Tweakable enciphering schemes are length-preserving block cipher modes of operation that provide a strong pseudorandom permutation. It has been suggested that these schemes can be used as the main building blocks for achieving in-place disk encryption. ...
Tweakable enciphering schemes from hash-sum-expansion
INDOCRYPT'07: Proceedings of the cryptology 8th international conference on Progress in cryptologyWe study a tweakable blockcipher for arbitrarily long message (also called a tweakable enciphering scheme) that consists of a universal hash function and an expansion, a keyed function with short input and long output. Such schemes, called HCTR and HCH, ...
Efficient implementations of some tweakable enciphering schemes in reconfigurable hardware
INDOCRYPT'07: Proceedings of the cryptology 8th international conference on Progress in cryptologyWe present optimized FPGA implementations of three tweak-able enciphering schemes, namely, HCH, HCTR and EME using AES-128 as the underlying block cipher.We report performance timings and hardware resources occupied by these three modes when using a ...
Comments