Upload
moris-kelly
View
221
Download
1
Embed Size (px)
Citation preview
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
CHES 2000CHES 2000
Data Integrity in Data Integrity in Hardware for Modular Hardware for Modular
ArithmeticArithmetic
Colin WalterColin Walter
Computation Department, UMIST, UK Computation Department, UMIST, UK
www.co.umist.ac.ukwww.co.umist.ac.uk
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
OverviewOverview
Cryptographic etc Cryptographic etc MotivationsMotivations
Checker Function for Error Checker Function for Error DetectionDetection
Properties and CostsProperties and Costs
Error CorrectionError Correction
ConclusionConclusion
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
MotivationMotivation
Fault DetectionFault Detection Cryptographic Arithmetic e.g. RSA, Diffie-Cryptographic Arithmetic e.g. RSA, Diffie-
HellmanHellman
Design Errors in Embedded SystemsDesign Errors in Embedded Systems Undetected Fabrication FaultsUndetected Fabrication Faults Sporadic Errors e.g. Ionising RadiationSporadic Errors e.g. Ionising Radiation
Fault ToleranceFault Tolerance for Increased Yield for Increased Yield Active Attacks - Differential Fault AnalysisActive Attacks - Differential Fault Analysis
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Current MethodsCurrent Methods
Duplication of hardware: too expensive.Duplication of hardware: too expensive.
Error correcting codes: don’t apply.Error correcting codes: don’t apply.
Modular checker functions for integer Modular checker functions for integer arithmetic: don’t apply.arithmetic: don’t apply.
Verification by performing the inverse Verification by performing the inverse crypto function: too expensive, unwise or crypto function: too expensive, unwise or unavailable.unavailable.
A cost effective solution is needed.A cost effective solution is needed.
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
The Integer ArithThe Integer Arithicic Solution Solution
We will adapt a standard choice for an We will adapt a standard choice for an integerinteger checker function, namely: checker function, namely:
f(A) = A mod Df(A) = A mod Dwhere often where often D = 3D = 3 or or 55. .
Conveniently, Conveniently, f(A ¤B) = f (A) ¤ f(B)f(A ¤B) = f (A) ¤ f(B) for any for any aritharithicic op opnn ¤¤. This equality is checked for . This equality is checked for each operationeach operation
This doesn’t work for arithmetic This doesn’t work for arithmetic mod M mod M ..
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
NotationNotation
RSA :RSA : public modulus public modulus MM, , keys keys dd and and ee, one public, one private, one public, one private
Plain text Plain text TT and cipher text and cipher text CC are related are related byby
C = TC = Tee mod M mod M andand T = CT = Cdd mod M mod M
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Number RepresentationsNumber Representations
Hardware represents Hardware represents AA as as
A = aA = aiirrii
where where radix radix rr is typically is typically 22,, 4 4,, 2 21616 oror 2 23232
n+1n+1 is its number of digits is its number of digits digits digits aaii are in are in [0..r–1][0..r–1] or or are redundant are redundant
using using 11 or or 22 extra bits or twice as many extra bits or twice as many bits (as in a carry-save repbits (as in a carry-save repnn).).
ni 0
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Montgomery MultiplicationMontgomery Multiplication
{ Pre-Conditions: r prime to M, A has n+1 digits }{ Pre-Conditions: r prime to M, A has n+1 digits }
P := 0 ;P := 0 ;For i := 0 to n doFor i := 0 to n doBeginBegin
qqii := ( P + a := ( P + aiiB )( –MB )( –M–1 –1 ) mod r ; ) mod r ; P := ( P + aP := ( P + aiiB + qB + qiiM ) div r ; M ) div r ;
EndEnd
{ Post-condition: P { Post-condition: P (A×B×R (A×B×R-1-1 ) mod M for R = ) mod M for R =
rrn+1n+1 } }
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
An Integer EquationAn Integer Equation
The initial digits The initial digits qqjj form an integer form an integer
QQii = q = q jjrrjj
Similarly, the initial digits Similarly, the initial digits aajj form an integer form an integer AAi i ..
PrPri+1i+1 = A = Aii×B + Q×B + Qii×M ×M holds at the end of each loop iteration.holds at the end of each loop iteration.
So, for So, for Q = QQ = Qnn and and R = rR = rn+1n+1,,
P×R = A×B + Q×MP×R = A×B + Q×M
ij 0
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
A Check for MultA Check for Multnn Errors Errors
The function The function
f(A) = A mod Df(A) = A mod D can now be applied to verify Montgomery can now be applied to verify Montgomery
productsproducts
P×R = A×B + Q×MP×R = A×B + Q×Mby checking thatby checking that
f(P) × f(R) = f(A) × f(B) + f(Q) × f(P) × f(R) = f(A) × f(B) + f(Q) × f(M)f(M)
holds in the ring of residues holds in the ring of residues mod Dmod D. .
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
The Choice of Modulus DThe Choice of Modulus D
Requirements for Requirements for DD include: include:
mod Dmod D operations must be cheap and fast; operations must be cheap and fast; the check should reveal most or all errors.the check should reveal most or all errors.
We will conclude that We will conclude that D = r ± 1D = r ± 1 is a good is a good choice (unless radix choice (unless radix rr is very small). is very small).
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Stuck-at FaultsStuck-at Faults
Stuck-at faults change inputs Stuck-at faults change inputs AA by by 22ii, some , some ii. . So So f(A)f(A) changes if changes if DD has has anan oddodd factorfactor. .
Then in Then in f(A)×f(B) + f(Q)×f(M)f(A)×f(B) + f(Q)×f(M), the error is , the error is detected when detected when f(B) f(B) is non-zero, i.e. is non-zero, i.e. inin 1/D1/D of all casesof all cases..
B B changes during an exponentiation, so changes during an exponentiation, so almost certainlyalmost certainly some some f(B) f(B) will be non-zero will be non-zero and the error will be detected.and the error will be detected.
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Modulus MModulus M
M M is fixed for many exponentiations. is fixed for many exponentiations.
If stuck-at the correct value, results will be OK If stuck-at the correct value, results will be OK ( and the H/W may never compute ( and the H/W may never compute incorrectly! ) incorrectly! )
If stuck at the wrong value, If stuck at the wrong value, Q Q changes during changes during an exponentiation, so almost certainly some an exponentiation, so almost certainly some f(Q) f(Q) will be non-zero and again the error will be non-zero and again the error willwill be be detected.detected.
f(P)×f(R) =f(P)×f(R) = f(A)×f(B) + f(Q)×f(M)f(A)×f(B) + f(Q)×f(M)
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Digit Slice ErrorsDigit Slice Errors
At the level of the jAt the level of the jthth digit slice, the digits satisfy digit slice, the digits satisfy
ppjj + r×c + r×cout out := p := pjj + a + aii×b×bjj – q – qii×m×mjj + c + cinin ((j=0j=0,,11,,…,…,nn) )
where where ccinin and and ccout out are carries from/to neighbouring are carries from/to neighbouring slices, bounded by slices, bounded by 2r–22r–2..
The right side is The right side is < 2r< 2r22, so any error makes a , so any error makes a difference to the output of difference to the output of drdrjj where where d < 2rd < 2r22. .
AnyAny D D larger than and prime tolarger than and prime to 2r2r22 will detect such will detect such single errors sincesingle errors since f(P)f(P) will change.will change.
But, in But, in 1/D1/D cases cases f(P)f(P) will eventually be restored to will eventually be restored to the value it should have had, even though the value it should have had, even though PP is wrong. is wrong.
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Summary so far:Summary so far:
Most crypto hardware can be protected Most crypto hardware can be protected against transient and permanent faults against transient and permanent faults by the checker function by the checker function f(A) = A mod Df(A) = A mod D..
Errors are detected except in at most Errors are detected except in at most 1/D1/D
of cases if of cases if D D is larger than and prime to is larger than and prime to 2r2r22 . .
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Efficient Choice of DEfficient Choice of D
For compatibility with the H/W multiplier, it will be For compatibility with the H/W multiplier, it will be best to keep best to keep D < rD < r since since f(A)×f(B) f(A)×f(B) andand f(Q)×f(M) f(Q)×f(M) etc must be computed.etc must be computed.
Taking Taking D = r–1D = r–1 enables enables f(A)f(A) to be evaluated by to be evaluated by summing the digits of summing the digits of AA and repeating the and repeating the process on the result until a value process on the result until a value < D< D is is obtained.obtained.
(cf adding digits base 10 to check divisibility by 9)(cf adding digits base 10 to check divisibility by 9)
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Costs for CheckingCosts for Checking
The correct The correct f(M) f(M) and and f(R) f(R) should be stored to avoid should be stored to avoid recomputation.recomputation.
Each multiplication in an exponentiation produces Each multiplication in an exponentiation produces two new outputs, two new outputs, PP and and QQ..
Approx Approx nn22 digit operations are performed in each digit operations are performed in each multmultnn..
Approx Approx 2n2n operations will evaluate operations will evaluate f(P)f(P), , f(Q)f(Q) and the and the two sides of the equation.two sides of the equation.
So the So the time costtime cost is close to increasing is close to increasing nn by by 11..
The result is obtained before the next multThe result is obtained before the next multnn is is
completed.completed.
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Error RecoveryError Recovery
An error may indicate an attack and An error may indicate an attack and suggest termination of the computation.suggest termination of the computation.
If re-calculation is required, If re-calculation is required, transienttransient errors errors only need storage of a previous input set.only need storage of a previous input set.
For multipliers of size For multipliers of size O(nO(n22)) and registers of and registers of size size O(n)O(n), we expect this cost to be , we expect this cost to be equivalent to adding equivalent to adding O(1)O(1) to the area, i.e. to the area, i.e. 11 or or 22 to to nn. .
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Permanent FaultsPermanent Faults
Comprehensive production testing Comprehensive production testing isis expensive. expensive.
So shortcuts So shortcuts willwill lead to faulty products being lead to faulty products being delivered. delivered.
Error detection is necessary.Error detection is necessary.
MM is not usually changed very frequently. So is not usually changed very frequently. So some errors in the hardware may not surface some errors in the hardware may not surface at testing nor even occur during the chip's life. at testing nor even occur during the chip's life.
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Permanent FaultsPermanent Faults
Recovery from recurring faults: re-using the Recovery from recurring faults: re-using the same inputs is same inputs is uselessuseless..
Inputs can be Inputs can be modifiedmodified in an attempt to avoid in an attempt to avoid the errors. the errors.
Try a Try a shiftshift: compute : compute TTee mod M mod M via via TTee mod mod rMrM. .
Try a Try a scalingscaling: : TTee mod dM mod dM where where dd is prime to is prime to rr..
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
General CaseGeneral Case
The paper looks in detail at a number of The paper looks in detail at a number of different H/W situations and different different H/W situations and different algorithms. algorithms.
The same conclusions in hold each case, even The same conclusions in hold each case, even for for r = 2r = 2. (Pick . (Pick D = rD = rkk±1±1 with with k = 4k = 4, say.), say.)
The checker function is always much cheaper The checker function is always much cheaper than other solutions such as voting between than other solutions such as voting between copies of the hardware. copies of the hardware.
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000
Summary and ConclusionSummary and Conclusion
Error detection is Error detection is desirabledesirable in many situations. in many situations.
It is It is easyeasy to detect and correct transient errors to detect and correct transient errors in H/W for cryptosystems based on modular in H/W for cryptosystems based on modular aritharithicic..
Such checks Such checks defeatdefeat certain types of certain types of active active attackattack on embedded systems such as on embedded systems such as smartcards. smartcards.
The check described here is The check described here is cheap cheap andand efficient efficient in time and space, and reliable.in time and space, and reliable.