We recall why linear codes with complementary duals (LCD codes) play a role in countermeasures to passive and active side-channel analyses on embedded cryptosystems. The rate and the minimum distance of such LCD codes must be as large as possible. We recall the known primary construction of such codes with cyclic codes, and investigate other constructions, with expanded Reed-Solomon codes and generalized residue codes, for which we study the idempotents. These constructions do not allow to reach all the desired parameters. We study then those secondary constructions which preserve the LCD property, and we characterize conditions under which codes obtained by direct sum, direct product, puncturing, shortening, extending codes, or obtained by the Plotkin sum, can be LCD.
CMOS gates consume different amounts of power whether their output has a falling or a rising edge. Therefore the overall power consumption of a CMOS circuit leaks information about the activity of every single gate. This explains why, using differential power analysis (DPA), one can infer the value of specific nodes within a chip by monitoring its global power consumption only. We model the information leakage in the framework used by conventional cryptanalysis. The information an attacker can gain is derived as the autocorrelation of the Hamming weight of the guessed value for the key. This model is validated by an exhaustive electrical simulation.Our model proves that the DPA signal-to-noise ratio increases when the resistance of the substitution box against linear cryptanalysis increases.This result shows that the better shielded against linear cryptanalysis a block cipher is, the more vulnerable it is to side-channel attacks such as DPA.
Faults attacks are a powerful tool to break some implementations of robust cryptographic algorithms such as AES [8] and DES [3]. Various methods of faults attack on cryptographic systems have been discovered and researched [1]. However, to the authors' knowledge, all the attacks published so far use a theoretical model of faults. In this paper we prove that we are able to reproduce experimentally the random errors model used by G. Piret and J.J. Quisquater [10] to realize practical fault attack on a smart card embedding an AES encryptor by underpowering it. In spite of the fact that this method is a convenient fault injection technique to set up, it does not often appear in the open literature. We argue that the fault model is consistent with a setup violation: errors appear at the end of combinatorial logic cones, caused by an early sampling in the downwards registers. We also carry out an extensive characterization of the faults, in terms of spatial and temporal localization.
Abstract-Detecting hardware trojans is a difficult task in general. In this article we study hardware trojan horses insertion and detection in cryptographic intellectual property (IP) blocks. The context is that of a fabless design house that sells IP blocks as GDSII hard macros, and wants to check that final products have not been infected by trojans during the foundry stage. First, we show the efficiency of a medium cost hardware trojans detection method if the placement or the routing have been redone by the foundry. It consists in the comparison between optical microscopic pictures of the silicon product and the original view from a GDSII layout database reader. Second, we analyze the ability of an attacker to introduce a hardware trojan horse without changing neither the placement nor the routing of the cryptographic IP logic. On the example of an AES engine, we show that if the placement density is beyond 80%, the insertion is basically impossible. Therefore, this settles a simple design guidance to avoid trojan horses insertion in cryptographic IP blocks: have the design be compact enough, so that any functionally discreet trojan necessarily requires a complete re-place and re-route, which is detected by mere optical imaging (and not complete chip reverse-engineering).Index Terms-Hardware trojan horses (HTH), HTH detection and insertion, optical pictures versus GDSII comparison technique, ECO place-and-route, core utilization rate (CUR).
Abstract-This paper presents an easy to design Physically Unclonable Function (PUF). The proposed PUF implementation is a loop composed of N identical and controllable delay chains which are serially assembled in a loop to create a single ring oscillator. The frequency discrepancies resulting from the oscillator driven by complementary combinations of the delay chains allows to characterize one device. The presented PUF, nicknamed the Loop PUF (LPUF), returns a frequency comparison of loops made of N delay chains (N ≥ 2). The comparisons are done sequentially on the same structure. Unlike others PUFs based on delays, there is no specific routing constraints. Hence the LPUF is particularly flexible and easy to design. The basic use of the Loop PUF is to generate intrinsic device keys for cryptographic algorithms. It can also be used to generate challenge response pairs for simple authentication. Experiments have been carried out on CYCLONE II FPGAs to assess the performance of the LPUF, such as randomness, uniqueness and steadiness. They clearly show both the easiness of design and the quality level of the LPUF. The measurement time vs steadiness, as well as resistance against side-channel and modeling attacks are discussed.
We introduce the class of multiply constant-weight codes to improve the reliability of certain physically unclonable function (PUF) response. We extend classical coding methods to construct multiply constant-weight codes from known q-ary and constant-weight codes. Analogues of Johnson bounds are derived and are shown to be asymptotically tight to a constant factor under certain conditions. We also examine the rates of the multiply constant-weight codes and interestingly, demonstrate that these rates are the same as those of constant-weight codes of suitable parameters. Asymptotic analysis of our code constructions is provided.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.