Concurrent Error Detection in Finite Field Arithmetic Operations

With significant advances in wired and wireless technologies and also increased shrinking in the size of VLSI circuits, many devices have become very large because they need to contain several large units. This large number of gates and in turn large number of transistors causes the devices to be more prone to faults. These faults specially in sensitive and critical applications may cause serious failures and hence should be avoided. On the other hand, some critical applications such as cryptosystems may also be prone to deliberately injected faults by malicious attackers. Some of these faults can produce erroneous results that can reveal some important secret information of the cryptosystems. Furthermore, yield factor improvement is always an important issue in VLSI design and fabrication processes. Digital systems such as cryptosystems and digital signal processors usually contain finite field operations. Therefore, error detection and correction of such operations have become an important issue recently. In most of the work reported so far, error detection and correction are applied using redundancies in space (hardware), time, and/or information (coding theory). In this work, schemes based on these redundancies are presented to detect errors in important finite field arithmetic operations resulting from hardware faults. Finite fields are used in a number of practical cryptosystems and channel encoders/decoders. The schemes presented here can detect errors in arithmetic operations of finite fields represented in different bases, including polynomial, dual and/or normal basis, and implemented in various architectures, including bit-serial, bit-parallel and/or systolic arrays

Efficient Lattice-based Authenticated Encryption: A Practice-Oriented Provable Security Approach

Lattice-based cryptography has been received significant attention in the past decade. It has attractive properties such as being a major post-quantum cryptography candidate, enjoying worst-case to average-case security reductions, and being supported by efficient implementations.In recent years, lattice-based schemes have achieved enough maturity to become interesting also for the industry. Additionally, authenticated encryption (AE) is another important topic in the community of cryptography. In this paper, considering two above-mentioned subjects, we propose three lattice-based AEs with an acceptable practical efficiency. These schemes are provably secure assuming the hardness of elementary lattice problems. That is in contrast to the other practical provably-secure AEs, which are based on the hardness assumption of another cryptographic primitive, such as AES. Moreover, we analyze the exact security of these schemes in the paradigm of practice-oriented provable security, while the security proofs of almost all previous lattice-based schemes are asymptotic. The implementation results show that one of the proposed schemes becomes even faster than an AES-256-GCM implementation to encrypt messages of length 64 bytes or longer. Particularly, for a 1500-byte message, this scheme is 34% faster than AES-256-GCM

On Constrained Implementation of Lattice-based Cryptographic Primitives and Schemes on Smart Cards

Most lattice-based cryptographic schemes with a security proof suffer from large key sizes and heavy computations. This is also true for the simpler case of authentication protocols which are used on smart cards, as a very-constrained computing environment. Recent progress on ideal lattices has significantly improved the efficiency, and made it possible to implement practical lattice-based cryptography on constrained devices. However, to the best of our knowledge, no previous attempts were made to implement lattice-based schemes on smart cards. In this paper, we provide the results of our implementation of several state-of-the-art lattice-based authentication protocols on smart cards and a microcontroller widely used in smart cards. Our results show that only a few of the proposed lattice-based authentication protocols can be implemented using limited resources of such constrained devices, however, cutting-edge ones are suitably efficient to be used practically on smart cards. Moreover, we have implemented fast Fourier transform (FFT) and discrete Gaussian sampling with different typical parameter sets, as well as versatile lattice-based public-key encryptions. These results have noticeable points which help to design or optimize lattice-based schemes for constrained devices

On concurrent detection of errors in polynomial basis multiplication

Cryptographic systems implemented using VLSI technologies require a large number of circuits and are prone to various types of faults. Attacks on cryptosystems that exploit erroneous results due to deliberately injected faults in hardware have recently been reported in the literature. As a result, the detection and the correction of errors in cryptographic operations have become an important issue. This paper discusses the detection of multiple-bit errors due to faults in bit-serial and bit-parallel polynomial basis (PB) multipliers over binary extension fields. Our approach is based on multiple parity bits. Experimental results presented here show that due to an increase in the number of parity bits, the area overhead tends to increase linearly, but the probability of error detection approaches unity fairly quickly, e.g., for 8 parity bits. In bit-serial implementation of a GF(2 163) PB multiplier using 8 parity bits, the area overhead and the probability of error detection are 10.29 % and 0.996, respectively. This is achieved without any increase in the computation time of the multiplier. Index Terms polynomial basis multiplication, concurrent error detection, finite field. I