Operand Folding Hardware Multipliers

This paper describes a new accumulate-and-add multiplication algorithm. The method partitions one of the operands and re-combines the results of computations done with each of the partitions. The resulting design turns-out to be both compact and fast. When the operands' bit-length $m$ is 1024, the new algorithm requires only $0.194m+56$ additions (on average), this is about half the number of additions required by the classical accumulate-and-add multiplication algorithm ($\frac{m}2$)

Differential Analysis of Round-Reduced AES Faulty Ciphertexts

International audienceThis paper describes new Round Reduction analysis attacks on an Advanced Encryption Standard (AES) implemen- tation by laser fault injection. The previous round reduction attacks require both of spatial and temporal accuracies in order to execute only one, two or nine rounds. We present new attacks by more flexible fault injection conditions. Our experiments are carried out on an 8-bit microcontroller which embeds a software AES with pre-calculated round keys. Faults are injected either into the round counter itself or into the reference of its total round number. The attacks may result to the use of a faulty round key at the last one or two executed rounds. The cryptanalysis of the obtained round-reduced faulty ciphertexts resorts to the differentiation techniques used by Differential Fault Analysis

Electromagnetic glitch on the AES round counter

International audienceThis article presents a Round Addition Analysis on a software implementation of the Advanced Encryption Standard (AES) algorithm. The round keys are computed on-the-fly during each encryption. A non-invasive transient fault injection is achieved on the AES round counter. The attack is performed by injecting a very short electromagnetic glitch on a 32-bit microcontroller based on the arm Cortex-M3 processor. Using this experimental setup, we are able to disrupt the round counter increment at the end of the penultimate round and execute one additional round. This faulty execution enables us to recover the encryption key with only two pairs of corresponding correct and faulty ciphertexts

Study of the vulnerability of cryptographic circuits by laser fault injection.

Les circuits cryptographiques peuvent etre victimes d'attaques en fautes visant leur implementation materielle. elles consistent a creer des fautes intentionnelles lors des calculs cryptographiques afin d'en deduire des informations confidentielles. dans le contexte de la caracterisation securitaire des circuits, nous avons ete amenes a nous interroger sur la faisabilite experimentale de certains modeles theoriques d'attaques. nous avons utilise un banc laser comme moyen d'injection de fautes.dans un premier temps, nous avons effectue des attaques en fautes dfa par laser sur un microcontroleur implementant un algorithme de cryptographie aes. nous avons reussi a exclure l'effet logique des fautes ne correspondants pas aux modeles d’attaque par un jeu precis sur l'instant et le lieu d'injection. en outre, nous avons identifie de nouvelles attaques dfa plus elargies.ensuite, nous avons etendu nos recherches a la decouverte et la mise en place de nouveaux modeles d'attaques en fautes. grace a la precision obtenue lors de nos premiers travaux, nous avons developpe ces nouvelles attaques de modification de rondes.en conclusion, les travaux precedents constituent un avertissement sur la faisabilite averee des attaques par laser decrites dans la litterature scientifique. nos essais ont temoigne de la faisabilite toujours actuelle de la mise en place des attaques mono-octets ou mono-bits avec un faisceau de laser qui rencontre plusieurs octets ; et egalement reveler de nouvelles possibilites d’attaque. cela nous a amenes a etudier des contre-mesures adaptees.Cryptographic circuits may be victims of fault attacks on their hardware implementations. fault attacks consist of creating intentional faults during cryptographic calculations in order to infer secrets. in the context of security characterization of circuits, we have examined practical feasibility of some theoretical models of fault attacks. we used a laser bench as a means of the fault injection.at the beginning, we performed laser fault injections on a microcontroller implementing an aes cryptographic algorithm. we succeeded to exclude the logical effect of mismatched faults by temporal and spatial accuracy in fault injection. moreover, we identified extended new dfa attacks.then, we extended our research to identify and to implement new fault attack models. with the precision obtained in our earlier work, we developed new round modification analysis (rma) attacks.in conclusion, the experiments give a warning for the feasibility of described attacks in the literature by laser. our tests have demonstrated that single-byte or single-bit attacks are still feasible with a laser beam that hits additional bytes on the circuit when the laser emission is accurate and associated with other techniques. they also revealed new attack possibilities. therefore, it conducted us to study of appropriate countermeasures

Etude de la vulnérabilité des circuits cryptographiques l'injection de fautes par laser.

Cryptographic circuits may be victims of fault attacks on their hardware implementations. fault attacks consist of creating intentional faults during cryptographic calculations in order to infer secrets. in the context of security characterization of circuits, we have examined practical feasibility of some theoretical models of fault attacks. we used a laser bench as a means of the fault injection.at the beginning, we performed laser fault injections on a microcontroller implementing an aes cryptographic algorithm. we succeeded to exclude the logical effect of mismatched faults by temporal and spatial accuracy in fault injection. moreover, we identified extended new dfa attacks.then, we extended our research to identify and to implement new fault attack models. with the precision obtained in our earlier work, we developed new round modification analysis (rma) attacks.in conclusion, the experiments give a warning for the feasibility of described attacks in the literature by laser. our tests have demonstrated that single-byte or single-bit attacks are still feasible with a laser beam that hits additional bytes on the circuit when the laser emission is accurate and associated with other techniques. they also revealed new attack possibilities. therefore, it conducted us to study of appropriate countermeasures.Les circuits cryptographiques peuvent etre victimes d'attaques en fautes visant leur implementation materielle. elles consistent a creer des fautes intentionnelles lors des calculs cryptographiques afin d'en deduire des informations confidentielles. dans le contexte de la caracterisation securitaire des circuits, nous avons ete amenes a nous interroger sur la faisabilite experimentale de certains modeles theoriques d'attaques. nous avons utilise un banc laser comme moyen d'injection de fautes.dans un premier temps, nous avons effectue des attaques en fautes dfa par laser sur un microcontroleur implementant un algorithme de cryptographie aes. nous avons reussi a exclure l'effet logique des fautes ne correspondants pas aux modeles d’attaque par un jeu precis sur l'instant et le lieu d'injection. en outre, nous avons identifie de nouvelles attaques dfa plus elargies.ensuite, nous avons etendu nos recherches a la decouverte et la mise en place de nouveaux modeles d'attaques en fautes. grace a la precision obtenue lors de nos premiers travaux, nous avons developpe ces nouvelles attaques de modification de rondes.en conclusion, les travaux precedents constituent un avertissement sur la faisabilite averee des attaques par laser decrites dans la litterature scientifique. nos essais ont temoigne de la faisabilite toujours actuelle de la mise en place des attaques mono-octets ou mono-bits avec un faisceau de laser qui rencontre plusieurs octets ; et egalement reveler de nouvelles possibilites d’attaque. cela nous a amenes a etudier des contre-mesures adaptees

Reproducible Single-Byte Laser Fault Injection

International audienceThis note describes laser fault experiments on an 8-bit 0.35µm microcontroller with no countermeasures. We show that reproducible single-byte faults, often considered unfeasible, can be obtained by careful beam-size and shot-instant tuning

Design of robust and high-performance 1-bit CMOS Full Adder for nanometer design

Full-adders are the core element of the complex arithmetic circuits like addition, multiplication, division and exponentiation. Regarding to this importance, new idea and investigations for constructing full-adders are required. As far as related literature is concerned, generality and ease of use, as well as voltage and transistor scaling are considerable advantages of CMOS logic design versus other design style such as CPL specially when cell-based design are targeted. This paper proposes a novel, symmetric and efficient design for a CMOS 1-bit full-adder. Besides, another fully symmetric full-adder has been presented. Results and simulations demonstrate that the proposed design leads to an efficient full-adder in terms of power consumption, delay and area in comparison to a well-known conventional full-adder design. The post-layout simulations have been done by HSPICE with nanometer scale transistors considering all parasitic capacitors and resistors

Photonic power firewalls

International audienceThis paper describes a new countermeasure against side-channel power attacks. We show that a conventional chipcard can be powered using an organic electroluminescent diode (OLED) facing a photovoltaic cell. By doing so, the card’s power consumption becomes constant and equal to the OLED’s power consumption. Despite size, energy conversion and heat dissipation issues, we believe that this countermeasure nicely suits several high-security applications. Because photonic power firewalls guarantee physical isolation, we recommend photonic firewalls for applications where energy and form factor considerations are not as important as security ( e.g., diplomatic encryption devices)

Revue expérimentale des techniques d'injection de fautes

International audienc

Fault Round Modification Analysis of the Advanced Encryption Standard

International audienceThis paper describes a new physical analysis technique based on changing the number of the AES rounds. It is an extension of the already known Round Reduction Analysis techniques. Round Modification Analysis is a specific algorithm modification attack. However, the cryptanalysis of the obtained erroneous ciphertexts resorts to the differentiation techniques used by Differential Fault Analysis. Faults were induced thanks to a laser in a software AES, either on the round counter itself or on the reference of its total round number, to obtain an increase or a decrease in the number of rounds. We report here successful attacks and their corresponding cryptanalysis