On Protecting Cryptographic Applications Against Fault Attacks Using Residue Codes

We propose a new class of error detection codes, {\em quadratic dual residue codes}, to protect cryptographic computations running on general-purpose processor cores against fault attacks. The assumed adversary model is a powerful one, whereby the attacker can inject errors anywhere in the data path of a general-purpose microprocessor by bit flipping. We demonstrate that quadratic dual residue codes provide a much better protection under this powerful adversary model compared to similar codes previously proposed for the same purpose in the literature. The adopted strategy aims to protect the single-precision arithmetic operations, such as addition and multiplication, which usually dominate the execution time of many public key cryptography algorithms in general-purpose microprocessors. Two so called {\em robust} units for addition and multiplication operations, which provide a protection against faults attacks, are designed and tightly integrated into the data path of a simple, embedded re-configurable processor. We report the implementation results that compare the proposed error detection codes favorably with previous proposals of similar type in the literature. In addition, we present performance evaluations of the software implementations of Montgomery multiplication algorithm using the robust execution units. Implementation results clearly show that it is feasible to implement robust arithmetic units with relatively low overhead even for a simple embedded processor.