Using linear codes as a fault countermeasure for nonlinear operations: application to AES and formal verification

Abstract

Recently, Bringer et al. [10] introduced a new countermeasure based on linear codes. This elegant design aims at protecting advanced encryption standard against both side-channel attacks and fault attacks (FA). However, the fault detection during nonlinear operations (for example SubBytes operation) was left as an open question. The present work studies how linear systematic error correcting codes can simply be used to detect fault injections during nonlinear operations in a symmetric block cipher. In particular, for the faults that cause errors with limited Hamming weight, this method can lead to interesting detection capabilities. Considering this way of protecting AES encryption against FA, a concrete implementation is presented. For a given fault model, a methodology of formal verification is applied to some parts of this implementation, assessing the fault resistance of one linear operation AddRoundKey and one nonlinear operation SubBytes. © 2016, Springer-Verlag Berlin Heidelberg.