Abstract:
Fault-injection (FI) attacks exploit corrupted ciphertexts from cryptographic hardware to extract the embedded secret key using directed laser pulses or voltage/clock gli...Show MoreMetadata
Abstract:
Fault-injection (FI) attacks exploit corrupted ciphertexts from cryptographic hardware to extract the embedded secret key using directed laser pulses or voltage/clock glitches. Laser FI attacks mounted on an unprotected fully unrolled advanced encryption standard (AES)-256 engine in Intel 4 CMOS process demonstrate a minimum-time-to-disclosure (MTD) of 6.6 M encryptions to generate eight exploitable ciphertexts, reducing AES key search space to a single guess with differential fault analysis (DFA). In this article, we present a source-agnostic FI-attack-resistant AES-256 accelerator fabricated in Intel 4 CMOS. Arithmetic and parity-based checker circuits detect runtime faults in the nonlinear and linear portions of AES, respectively. Composite-field GF(24)2 inverse checker, redundant affine parity circuits, and byte-interleaved register placement optimizations enable 99.1% error coverage against raster and box-scan laser FI attacks. The AES round datapath augmented with an all-digital laser detection circuit (LDC) provides a 13400 \times higher margin for raster-based laser pulse injections. Finally, additional timing slack introduced on the checker datapath enables a 40-mV measured margin on parity predictor paths, ensuring that timing violations are first observed at critical round output bytes, leaving the parity signals uncorrupted during undervoltage attacks. Intel 4 CMOS measurements show a 0% performance impact from FI countermeasures while providing 111 \times and 10000 \times MTD improvements against laser and undervoltage attacks, respectively.
Published in: IEEE Journal of Solid-State Circuits ( Volume: 59, Issue: 1, January 2024)