Preventing fault attacks using fault randomisation with a case study on AES (Q1626123)

Summary: Fault attacks are one of the most effective side-channel attacks on symmetric key ciphers. Over the years a variety of countermeasure techniques have been proposed to prevent this kind of attack. Among them, infective countermeasures have been shown to be the most efficient way to prevent fault attacks. However, none of the countermeasures has been found to last in terms of security. In [``Fault analysis of infective AES computations'', in: Proceedings of the 2013 workshop on fault diagnosis and tolerance cryptography. Los Alamitos, CA: IEEE Computer Society, 101--107 (2013; \url{doi:10.1109/fdtc.2013.12})], \textit{A. Battistello} and \textit{C. Giraud}, have broken the last two surviving infective methods against fault attacks on AES and emphasised the need for a better security framework for fault attack countermeasures. The current work is the first such step towards achieving the design of a secure infective countermeasure as suggested by Battistello and Giraud [loc. cit.]. In this paper, we develop a theoretical framework based on fault randomisation to formalise the infective approach used in fault attack countermeasures. On the basis of this formalisation, a new infective countermeasure is proposed which employs a randomised nonlinear mixing coupled with a linear diffusion function. A case study on AES with a practical construction of the countermeasure is presented. To achieve a more optimised design, cellular automata is employed. Both the designs are implemented on Xilinx SPARTAN-3 FPGA platform and compared favourably with a related scheme in the literature.