Abstract
Traditionally, countermeasures against physical attacks are integrated into the implementation of cryptographic primitives after the algorithms have been designed for achieving a certain level of cryptanalytic security. This picture has been changed by the introduction of PICARO, ZORRO, and FIDES, where efficient protection against Side-Channel Analysis (SCA) attacks has been considered in their design. In this work we present the tweakable block cipher CRAFT: the efficient protection of its implementations against Differential Fault Analysis (DFA) attacks has been one of the main design criteria, while we provide strong bounds for its security in the related-tweak model. Considering the area footprint of round-based hardware implementations, CRAFT outperforms the other lightweight ciphers with the same state and key size. This holds not only for unprotected implementations but also when fault-detection facilities, side-channel protection, and their combination are integrated into the implementation. In addition to supporting a 64-bit tweak, CRAFT has the additional property that the circuit realizing the encryption can support the decryption functionality as well with very little area overhead.
Highlights
After almost two decades of the introduction of physical attacks [16, 57, 58], it is widely known that the secrets stored in and processed by an implementation of strong cryptographic algorithms can be recovered by means of physical attacks
This paper introduced the block cipher CRAFT, for which the resistance of its implementations against Differential Fault Analysis (DFA) attacks was taken into account during the design phase
Considering one of the recent developments in the areas of fault detection, we have designed the building blocks of CRAFT leading to very limited area overhead
Summary
After almost two decades of the introduction of physical attacks [16, 57, 58], it is widely known that the secrets stored in and processed by an implementation of strong cryptographic algorithms can be recovered by means of physical attacks. One of the most powerful class of such threats is certainly fault-injection attacks [16], where the adversary disturbs the cryptographic device during its operation Such disturbances, which are usually transient faults, can be created by means of a clock glitch [3] (which violates the delay of the circuit’s critical path), under-powering [23, 79] (which, in addition to setup-time violation, may modify the circuit’s execution flow), an EM glitch [31] (which can change the transistors’ state), or a laser beam [2, 23] (which as the most precise mean can change the state of particular transistors). For many years smart card (e.g. bank card) manufacturers had to integrate such
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
