[HGI-News] HGI-Seminar, Montag 18.09.06: Non-linear Residue Codes for Robust Public-Key Arithmetic

Di Sep 12 16:35:42 CEST 2006

      Prof. Berk Sunar, Worcester Polytechnic Institute, CRIS Lab
     and Visiting Researcher, Ruhr-Universitat Bochum, COSY Group

           Montag 4. September 2006, 13:15 Uhr IC 4 / 39-41

       Non-linear Residue Codes for Robust Public-Key Arithmetic 

An active side channel attack such as differential fault analysis (DFA)
relies on the manifestation of injected faults as erroneous results which
can then be observed at the output of the device. Apart from Bellcore
style attacks there exists another type of fault attack, which is aimed
at common countermeasures to passive attacks. In order to prevent power
and electro-magnetical analysis techniques, many VLSI implementations
nowadays employ power balanced logic gate libraries, whose power
consumption and hence electro-magnetic emanations are data-independent.
New fault attacks are aimed at introducing glitches into the circuit
which cause such gates to "loose balance", i.e. reveal data through power
imbalances. This opens the door to various classical attacks on the
circuit, like simple and differential power (SPA, DPA) and electromagnetic
(SEMA, DEMA) analysis.  All this demonstrates the urgent need for a truly
robust error detection scheme.

In this talk we present a scheme for robust multi-precision arithmetic
over the positive integers, protected by a novel family of non-linear
arithmetic residue codes. These codes have a very high probability of
detecting arbitrary errors of any weight. Our scheme lends itself well
for straightforward implementation of standard modular multiplication
techniques, i.e. Montgomery or Barrett Multiplication, secure against
active fault injection attacks. Due to the non-linearity of the code the
probability of detecting an error does not only depend on the error
pattern, but also on the data. Since the latter is not usually known to
the adversary a priori, a successful injection of an undetected error is
highly unlikely. We outline a proof of the robustness of these codes by
providing an upper bound on the number of undetectable errors.

Our codes are attractive due to their data dependent and asymptotically
low probability of missing errors. These properties make it nearly
impossible for an adversary to successfully inject faults that are missed
by the error detection network. Only if the attacker has the capacity to
read out the live state of the circuit and instantly compute an
undetectable error vector the attack will be successful.

_____________________________________________________________________________
Die Webseite des HGI-Seminars mit allen Informationen zu vergangenen und
zukünftigen Vorträgen: http://www.hgi.rub.de/deutsch/lehrangebot/seminar.html