New Error Detecting Codes for the Design of Hardware Resistant to Strong Fault Injection Attacks

Cryptographic devices suffer from fault injection attacks. The security of crypto-systems protected by traditional error detecting codes rely on the assumption that the information bits and the error patterns are not both controllable by the attacker. For applications where the assumption is not valid, the security of systems protected by traditional error detecting codes can be easily compromised. In this paper, we present constructions for algebraic manipulation detection (AMD) codes based on the nonlinear encoding functions. For a (k,m, r) AMD code, a message contains three parts: k-bit information data y, m-bit random data x and r-bit redundancy f(y, x). For any error e and information y, the fraction of x that masks the error e is less than 1. In this paper we describe lower and upper bounds on AMD codes and show that the presented constructions can generate optimal or close to optimal AMD codes in many cases. We presented efficient encoding and decoding methods for AMD codes minimizing the number of multipliers using the multivariate Horner scheme. The proposed codes can provide a guaranteed high error detecting probability even if both the information bits of the code and the non-zero error patterns are controllable by an attacker. These codes can be used for design of secure multipliers, secure memories or secure hardware implementing cryptography algorithms resistant to fault injection attacks. Keywords-Error Detecting Codes, Nonlinear Codes, Secure Hardware, Fault Injection Attacks.