Protecting Block Ciphers against Differential Fault Attacks without Re-keying (Extended Version)

In this article, we propose a new method to protect block cipher implementations against Differential Fault Attacks (DFA). Our strategy, so-called “Tweak-in-Plaintext”, ensures that an uncontrolled value (‘tweak-in’) is inserted into some part of the block cipher plaintext, thus effectively rendering DFA much harder to perform. Our method is extremely simple yet presents many advantages when compared to previous solutions proposed at AFRICACRYPT 2010 or CARDIS 2015. Firstly, we do not need any Tweakable block cipher, nor any relatedkey security assumption (we do not perform any re-keying). Moreover, performance for lightweight applications is improved, and we do not need to send any extra data. Finally, our scheme can be directly used with standard block ciphers such as AES or PRESENT. Experimental results show that the throughput overheads, for incorporating our scheme into AES-128, range between ≈ 5% to ≈ 26.9% for software, and between ≈ 3.1% to ≈ 25% for hardware implementations; depending on the tweakin size.