Abstract
This paper proposes an efficient scheme for concurrent error detection for hardware implementations of the block cipher AES. In the proposed scheme, the circuit component for the round function is divided into two stages, which are used alternately for encryption (or decryption) and error checking in a pipeline. The proposed scheme has a limited overhead with respect to size and speed for the following reasons. Firstly, the need for a double number of clock cycles is eliminated by virtue of the reduced critical path. Secondly, the scheme only requires minimal additional circuitry for error detection since the detection is performed by the remaining encryption (or decryption) components within the pipeline. AES hardware with the proposed scheme was designed and synthesized by using 90-nm CMOS standard cell library with various constraints. As a result, the proposed circuit achieved 1.66Gbps @ 12.9 Kgates for the compact version and 4.22 Gbps @ 30.7 Kgates for the high-speed version. These performance characteristics are comparable to those of a basic AES circuit without error detection, where the overhead of the proposed scheme is estimated to be 14.5% at maximum. The proposed circuit was fabricated in the form of a chip, and its error detection performance was evaluated through experiments. The chip was tested with respect to fault injection by using clock glitch, and the proposed scheme successfully detected and reacted to all introduced errors.
| Original language | English |
|---|---|
| Pages (from-to) | 1971-1980 |
| Number of pages | 10 |
| Journal | IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences |
| Volume | E94-A |
| Issue number | 10 |
| DOIs | |
| Publication status | Published - 2011 Oct |
Keywords
- Dependable architectures
- Error detection
- Fault injection attacks
- Tamper resistance
ASJC Scopus subject areas
- Signal Processing
- Computer Graphics and Computer-Aided Design
- Electrical and Electronic Engineering
- Applied Mathematics