A Continuous Fault Countermeasure for AES Providing a Constant Error Detection Rate

Abstract

Many implementations of cryptographic algorithms have shown to be susceptible to fault attacks. To detect manipulations, countermeasures have been proposed. In the case of AES, most countermeasures deal with the non-linear and the linear part separately, which either leaves vulnerable points at the interconnections or causes different error detection rates across the algorithm. In this paper, we present a way to achieve a constant error detection rate throughout the whole algorithm. The use of extended AN+B codes together with redundant table lookups allows to construct a countermeasure that provides complete protection against adversaries who are able to inject faults of byte size or less. The same holds for adversaries who skip an instruction. Other adversaries are detected with a probability of more than $99\%$.