Parity-Based Concurrent Error Detection in Symmetric Block Ciphers

Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption. We will describe a general concurrent error detection (CED) approach against such attacks on symmetric block ciphers using CS-cipher as an example. The proposed CED compares a carefully modified parity of the input plain text with that of the output cipher text. An analysis of the CS-Cipher shows that on one hand the parity of its inputs is modified by a constant one or zero by component-wise exclusive-or of inputs with the round keys and with the round constants; if the parity of the round keys and of the round constants is odd (even) the parity of the inputs is modified by one (not modified). On the other hand, the diffusion network based on the Fast Fourier Transform does not alter the parity. Finally, the 16-bit to 16-bit non-linear mixing function does not have any simple relation between the parity of its inputs and of its outputs. The mixing function is composed of a linear function φ and a non-linear function p. In order to maintain the invariance of the parity from the inputs to the outputs of each CS-cipher encryption round, we added a parity correction term (exclusive-or of the parity of its inputs and outputs) to the non-linear function p and slightly modified the parity function due to the linear function φ. Faults introduced into the CS-cipher design are detected by comparing the overall parity of the input modified by the parity of the round keys, round constants and correction terms of the mixing functions with the parity of the (intermediate) cipher text obtained after every step of an encryption round.