c. walter, data integrity for modular arithmetic, ches 2000 ches 2000 data integrity in hardware for...

C. Walter, Data Integrity for Modular Arithmetic, CHES 2000

CHES 2000CHES 2000

Data Integrity in Data Integrity in Hardware for Modular Hardware for Modular

ArithmeticArithmetic

Colin WalterColin Walter

Computation Department, UMIST, UK Computation Department, UMIST, UK

www.co.umist.ac.ukwww.co.umist.ac.uk


OverviewOverview

Cryptographic etc Cryptographic etc MotivationsMotivations

Checker Function for Error Checker Function for Error DetectionDetection

Properties and CostsProperties and Costs

Error CorrectionError Correction

ConclusionConclusion


MotivationMotivation

Fault DetectionFault Detection Cryptographic Arithmetic e.g. RSA, Diffie-Cryptographic Arithmetic e.g. RSA, Diffie-

HellmanHellman

Design Errors in Embedded SystemsDesign Errors in Embedded Systems Undetected Fabrication FaultsUndetected Fabrication Faults Sporadic Errors e.g. Ionising RadiationSporadic Errors e.g. Ionising Radiation

Fault ToleranceFault Tolerance for Increased Yield for Increased Yield Active Attacks - Differential Fault AnalysisActive Attacks - Differential Fault Analysis


Current MethodsCurrent Methods

Duplication of hardware: too expensive.Duplication of hardware: too expensive.

Error correcting codes: don’t apply.Error correcting codes: don’t apply.

Modular checker functions for integer Modular checker functions for integer arithmetic: don’t apply.arithmetic: don’t apply.

Verification by performing the inverse Verification by performing the inverse crypto function: too expensive, unwise or crypto function: too expensive, unwise or unavailable.unavailable.

A cost effective solution is needed.A cost effective solution is needed.


The Integer ArithThe Integer Arithicic Solution Solution

We will adapt a standard choice for an We will adapt a standard choice for an integerinteger checker function, namely: checker function, namely:

f(A) = A mod Df(A) = A mod Dwhere often where often D = 3D = 3 or or 55. .

Conveniently, Conveniently, f(A ¤B) = f (A) ¤ f(B)f(A ¤B) = f (A) ¤ f(B) for any for any aritharithicic op opnn ¤¤. This equality is checked for . This equality is checked for each operationeach operation

This doesn’t work for arithmetic This doesn’t work for arithmetic mod M mod M ..


NotationNotation

RSA :RSA : public modulus public modulus MM, , keys keys dd and and ee, one public, one private, one public, one private

Plain text Plain text TT and cipher text and cipher text CC are related are related byby

C = TC = Tee mod M mod M andand T = CT = Cdd mod M mod M


Number RepresentationsNumber Representations

Hardware represents Hardware represents AA as as

A = aA = aiirrii

where where radix radix rr is typically is typically 22,, 4 4,, 2 21616 oror 2 23232

n+1n+1 is its number of digits is its number of digits digits digits aaii are in are in [0..r–1][0..r–1] or or are redundant are redundant

using using 11 or or 22 extra bits or twice as many extra bits or twice as many bits (as in a carry-save repbits (as in a carry-save repnn).).

ni 0


Montgomery MultiplicationMontgomery Multiplication

{ Pre-Conditions: r prime to M, A has n+1 digits }{ Pre-Conditions: r prime to M, A has n+1 digits }

P := 0 ;P := 0 ;For i := 0 to n doFor i := 0 to n doBeginBegin

qqii := ( P + a := ( P + aiiB )( –MB )( –M–1 –1 ) mod r ; ) mod r ; P := ( P + aP := ( P + aiiB + qB + qiiM ) div r ; M ) div r ;

EndEnd

{ Post-condition: P { Post-condition: P (A×B×R (A×B×R-1-1 ) mod M for R = ) mod M for R =

rrn+1n+1 } }


An Integer EquationAn Integer Equation

The initial digits The initial digits qqjj form an integer form an integer

QQii = q = q jjrrjj

Similarly, the initial digits Similarly, the initial digits aajj form an integer form an integer AAi i ..

PrPri+1i+1 = A = Aii×B + Q×B + Qii×M ×M holds at the end of each loop iteration.holds at the end of each loop iteration.

So, for So, for Q = QQ = Qnn and and R = rR = rn+1n+1,,

P×R = A×B + Q×MP×R = A×B + Q×M

ij 0


A Check for MultA Check for Multnn Errors Errors

The function The function

f(A) = A mod Df(A) = A mod D can now be applied to verify Montgomery can now be applied to verify Montgomery

productsproducts

P×R = A×B + Q×MP×R = A×B + Q×Mby checking thatby checking that

f(P) × f(R) = f(A) × f(B) + f(Q) × f(P) × f(R) = f(A) × f(B) + f(Q) × f(M)f(M)

holds in the ring of residues holds in the ring of residues mod Dmod D. .


The Choice of Modulus DThe Choice of Modulus D

Requirements for Requirements for DD include: include:

mod Dmod D operations must be cheap and fast; operations must be cheap and fast; the check should reveal most or all errors.the check should reveal most or all errors.

We will conclude that We will conclude that D = r ± 1D = r ± 1 is a good is a good choice (unless radix choice (unless radix rr is very small). is very small).


Stuck-at FaultsStuck-at Faults

Stuck-at faults change inputs Stuck-at faults change inputs AA by by 22ii, some , some ii. . So So f(A)f(A) changes if changes if DD has has anan oddodd factorfactor. .

Then in Then in f(A)×f(B) + f(Q)×f(M)f(A)×f(B) + f(Q)×f(M), the error is , the error is detected when detected when f(B) f(B) is non-zero, i.e. is non-zero, i.e. inin 1/D1/D of all casesof all cases..

B B changes during an exponentiation, so changes during an exponentiation, so almost certainlyalmost certainly some some f(B) f(B) will be non-zero will be non-zero and the error will be detected.and the error will be detected.


Modulus MModulus M

M M is fixed for many exponentiations. is fixed for many exponentiations.

If stuck-at the correct value, results will be OK If stuck-at the correct value, results will be OK ( and the H/W may never compute ( and the H/W may never compute incorrectly! ) incorrectly! )

If stuck at the wrong value, If stuck at the wrong value, Q Q changes during changes during an exponentiation, so almost certainly some an exponentiation, so almost certainly some f(Q) f(Q) will be non-zero and again the error will be non-zero and again the error willwill be be detected.detected.

f(P)×f(R) =f(P)×f(R) = f(A)×f(B) + f(Q)×f(M)f(A)×f(B) + f(Q)×f(M)


Digit Slice ErrorsDigit Slice Errors

At the level of the jAt the level of the jthth digit slice, the digits satisfy digit slice, the digits satisfy

ppjj + r×c + r×cout out := p := pjj + a + aii×b×bjj – q – qii×m×mjj + c + cinin ((j=0j=0,,11,,…,…,nn) )

where where ccinin and and ccout out are carries from/to neighbouring are carries from/to neighbouring slices, bounded by slices, bounded by 2r–22r–2..

The right side is The right side is < 2r< 2r22, so any error makes a , so any error makes a difference to the output of difference to the output of drdrjj where where d < 2rd < 2r22. .

AnyAny D D larger than and prime tolarger than and prime to 2r2r22 will detect such will detect such single errors sincesingle errors since f(P)f(P) will change.will change.

But, in But, in 1/D1/D cases cases f(P)f(P) will eventually be restored to will eventually be restored to the value it should have had, even though the value it should have had, even though PP is wrong. is wrong.


Summary so far:Summary so far:

Most crypto hardware can be protected Most crypto hardware can be protected against transient and permanent faults against transient and permanent faults by the checker function by the checker function f(A) = A mod Df(A) = A mod D..

Errors are detected except in at most Errors are detected except in at most 1/D1/D

of cases if of cases if D D is larger than and prime to is larger than and prime to 2r2r22 . .


Efficient Choice of DEfficient Choice of D

For compatibility with the H/W multiplier, it will be For compatibility with the H/W multiplier, it will be best to keep best to keep D < rD < r since since f(A)×f(B) f(A)×f(B) andand f(Q)×f(M) f(Q)×f(M) etc must be computed.etc must be computed.

Taking Taking D = r–1D = r–1 enables enables f(A)f(A) to be evaluated by to be evaluated by summing the digits of summing the digits of AA and repeating the and repeating the process on the result until a value process on the result until a value < D< D is is obtained.obtained.

(cf adding digits base 10 to check divisibility by 9)(cf adding digits base 10 to check divisibility by 9)


Costs for CheckingCosts for Checking

The correct The correct f(M) f(M) and and f(R) f(R) should be stored to avoid should be stored to avoid recomputation.recomputation.

Each multiplication in an exponentiation produces Each multiplication in an exponentiation produces two new outputs, two new outputs, PP and and QQ..

Approx Approx nn22 digit operations are performed in each digit operations are performed in each multmultnn..

Approx Approx 2n2n operations will evaluate operations will evaluate f(P)f(P), , f(Q)f(Q) and the and the two sides of the equation.two sides of the equation.

So the So the time costtime cost is close to increasing is close to increasing nn by by 11..

The result is obtained before the next multThe result is obtained before the next multnn is is

completed.completed.


Error RecoveryError Recovery

An error may indicate an attack and An error may indicate an attack and suggest termination of the computation.suggest termination of the computation.

If re-calculation is required, If re-calculation is required, transienttransient errors errors only need storage of a previous input set.only need storage of a previous input set.

For multipliers of size For multipliers of size O(nO(n22)) and registers of and registers of size size O(n)O(n), we expect this cost to be , we expect this cost to be equivalent to adding equivalent to adding O(1)O(1) to the area, i.e. to the area, i.e. 11 or or 22 to to nn. .


Permanent FaultsPermanent Faults

Comprehensive production testing Comprehensive production testing isis expensive. expensive.

So shortcuts So shortcuts willwill lead to faulty products being lead to faulty products being delivered. delivered.

Error detection is necessary.Error detection is necessary.

MM is not usually changed very frequently. So is not usually changed very frequently. So some errors in the hardware may not surface some errors in the hardware may not surface at testing nor even occur during the chip's life. at testing nor even occur during the chip's life.


Permanent FaultsPermanent Faults

Recovery from recurring faults: re-using the Recovery from recurring faults: re-using the same inputs is same inputs is uselessuseless..

Inputs can be Inputs can be modifiedmodified in an attempt to avoid in an attempt to avoid the errors. the errors.

Try a Try a shiftshift: compute : compute TTee mod M mod M via via TTee mod mod rMrM. .

Try a Try a scalingscaling: : TTee mod dM mod dM where where dd is prime to is prime to rr..


General CaseGeneral Case

The paper looks in detail at a number of The paper looks in detail at a number of different H/W situations and different different H/W situations and different algorithms. algorithms.

The same conclusions in hold each case, even The same conclusions in hold each case, even for for r = 2r = 2. (Pick . (Pick D = rD = rkk±1±1 with with k = 4k = 4, say.), say.)

The checker function is always much cheaper The checker function is always much cheaper than other solutions such as voting between than other solutions such as voting between copies of the hardware. copies of the hardware.


Summary and ConclusionSummary and Conclusion

Error detection is Error detection is desirabledesirable in many situations. in many situations.

It is It is easyeasy to detect and correct transient errors to detect and correct transient errors in H/W for cryptosystems based on modular in H/W for cryptosystems based on modular aritharithicic..

Such checks Such checks defeatdefeat certain types of certain types of active active attackattack on embedded systems such as on embedded systems such as smartcards. smartcards.

The check described here is The check described here is cheap cheap andand efficient efficient in time and space, and reliable.in time and space, and reliable.

c. walter, data integrity for modular arithmetic, ches 2000 ches 2000 data integrity in hardware for...

Documents