Research On FA-Resistant AES Circuit And Verification

Research on side channel attack(SCA) and its countermeasures is one of the hot spots in the field of information security. As a new kind of SCA, fault attack(FA) has become the main threat to the security of cryptographic chip because of the advantages of strong attack ability and low time complexity. Therefore, it is very important to study the FA-resistant cryptographic circuit.The main work of this paper is to study and design the FA-resistant AES circuit. Firstly, this paper has studied the previous FA, and designed a simulation platform based on differential fault attack(DFA), which can be used to take FA to AES circuit. Then, based on the in-depth analysis of the principle of infection, this paper has designed an infection strategy with random mask. The infection strategy prevents the encryption process of AES from double-fault attack by indroducing two different boolean masks, while using a random multiplicative mask to solve the problem of the fixed mode of fault propagation. Finally, this paper has designed an evolvable hardware(EHW) system of three-stage pipeline structure, which is based on genetic algorithm(GA) and virtual reconfigurable circuits(VRC). The EHW system evolve one generation just takes 0.311 millisecond. Compared to traditional EHW system of PC+FPGA, the evolution speed is increased by two orders of magnitude. Based on the EHW system, this paper proposes a fault-tolerant circuit structure of S-box. The 8×8 bits circuit of S-box is decomposed into 64 4×2 bits circuits which can be evolved independently to against the multi-byte FA.By using the simulation platform to inject a single bit fault to the output of S-box in the ninth round, attacker can retrieve the key with 4 fault ciphertexts. The AES circuit with the countermeasure of random mask infection strategy can not be broken by FA, which indicates that the infection strategy is effective. Finally, the S-box circuit can work normally when Stuck-At-0 or Stuck-At-1 error happened, which indicates the effectiveness of the FA-resistant S-box proposed in this paper.