A Framework to Counter Statistical Ineffective Fault Analysis of Block Ciphers Using Domain Transformation and Error Correction

Abstract

Right from its introduction, fault attacks (FA) have been established to be one of the most practical threats to both public key and symmetric key based cryptosystems. Statistical Ineffective Fault Analysis (SIFA) is a recently proposed class of fault attacks introduced at CHES 2018. The fascinating feature of this attack is that it exploits the correct ciphertexts obtained during a fault injection campaign, instead of the faulty ciphertexts. SIFA has been shown to bypass almost all of the existing fault attack countermeasures even when they are combined with masking schemes for side-channel resistance. The goal of this work is to propose a countermeasure framework for SIFA. It has been observed that a randomized domain transformation of the intermediate computation combined with bit-level error correction can prevent SIFA attacks. The domain transformation (Transform) can be realized by standard masking schemes. In fact, we prove that if biased faults are injected at the state register of a block cipher at a certain target round, then masking is sufficient for SIFA protection, until all the shares for a specific bit are corrupted. However, masking alone cannot prevent SIFA if the faults are injected at certain specific locations inside the S-Boxes. To address this issue, we incorporate a bit-level error-correction mechanism (Encode). An instantiation of this Transform-and-Encode (TaE) framework, called AntiSIFA, has been proposed and realized for the block cipher PRESENT as a proof-of-concept. Practical evaluation of the countermeasure implementation in both hardware and software ensures our theoretical claims regarding SIFA security, as well as protection against Side-Channel-Attacks (SCA).