Reliable advanced encryption standard hardware implementation: 32-bit and 64-bit data-paths

Cryptographic primitives are extensively used in today?s applications to provide the desired security. Malicious or accidental faults that occur in the hardware implementations of cryptographic primitives, specifically in this paper the Advanced Encryption Standard (AES), can result in an erroneous output of encryption/decryption process and reduce the reliability of the cryptographic hardware. The use of a suitable fault-tolerant scheme for AES, to recover it from failures or attacks and bring it back to an operational state, is crucial for reliability, and consequently for security purposes. In this paper, two novel online fault-tolerant schemes are proposed for AES. In the proposed fault-tolerant architecture, the round path is modified and divided it into two pipeline stages. The proposed fault-tolerant schemes are based on a combination of hardware and time redundancies, where a new hardware redundancy is proposed for the AES round function and a time redundancy for the hardware of the AES key expansion unit. The presented fault-tolerant schemes are valid for all versions of AES and are independent of its S-box implementation manner. Both ASIC and FPGA implementations of the original and the proposed fault-tolerant AES along with Full TMR (Triple Modular Redundancy) and Full TTR (Triple Time Redundancy) structures are reported as traditional fault-tolerant schemes. It is shown that the first proposed fault-tolerant architecture, named TMRrp&TTRke32, outperforms these approaches and the previous report in the literature in terms of area overhead and therefore power consumption. Also, the other approach, named TMRrp&TTRke64, is better than the other approaches in achieving a trade-off between area overhead and throughput overhead.

Automated summary

This paper presents two novel online fault-tolerant schemes for the Advanced Encryption Standard (AES) to improve the reliability of cryptographic hardware. These fault-tolerant schemes are based on a combination of hardware and time redundancies, proposing new redundancy strategies for the AES round function and key expansion unit.