Protecting RSA hardware accelerators against differential fault analysis through residue checking

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Hardware accelerators for cryptographic algorithms are ubiquitously deployed in nowadays consumer and industrial products. Unfortunately, the HW implementations of such algorithms often suffer from vulnerabilities that expose systems to a number of attacks, among which differential fault analysis (DFA). It is therefore crucial to protect cryptographic circuits against such attacks in a cost-effective and power-efficient way. In this paper, we propose a lightweight technique for protecting circuits implementing the RSA algorithm against DFA. The proposed solution borrows residue checking from the traditional fault tolerance and applies it to RSA circuits in order to first detect the occurrence a fault and then to react to the attack by obfuscating the output values. An experimental campaign demonstrated that the proposed solution detects the 100% of the possible fault attacks while leading to a 2.85% area overhead, a 16.67% power consumption increase and with no operating frequency decrease.Peer ReviewedPostprint (author's final draft

Protecting RSA hardware accelerators against differential fault analysis through residue checking

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Hardware accelerators for cryptographic algorithms are ubiquitously deployed in nowadays consumer and industrial products. Unfortunately, the HW implementations of such algorithms often suffer from vulnerabilities that expose systems to a number of attacks, among which differential fault analysis (DFA). It is therefore crucial to protect cryptographic circuits against such attacks in a cost-effective and power-efficient way. In this paper, we propose a lightweight technique for protecting circuits implementing the RSA algorithm against DFA. The proposed solution borrows residue checking from the traditional fault tolerance and applies it to RSA circuits in order to first detect the occurrence a fault and then to react to the attack by obfuscating the output values. An experimental campaign demonstrated that the proposed solution detects the 100% of the possible fault attacks while leading to a 2.85% area overhead, a 16.67% power consumption increase and with no operating frequency decrease.Peer Reviewe