Professional Documents
Culture Documents
Hardware Constructions For Error Detection in Lightweight Authenticated Cipher ASCON Benchmarked On FPGA
Hardware Constructions For Error Detection in Lightweight Authenticated Cipher ASCON Benchmarked On FPGA
Hardware Constructions For Error Detection in Lightweight Authenticated Cipher ASCON Benchmarked On FPGA
4, APRIL 2022
Abstract—Lightweight cryptography plays a vital role in lightweight cipher algorithms such as [3]–[4]. ASCON [5],
securing resource-constrained embedded systems such as deeply- a NIST finalist for lightweight cryptography competition
embedded systems, RFID tags, sensor networks, and the Internet which was advanced in April 2021 [6], and a CAESAR
of nano-Things. ASCON is one of the finalists for the National competition winner [7], is a lightweight cipher suite that is
Institute of Standards and Technology (NIST) lightweight cryp- designed to provide authenticated encryption with associated
tography standardization competition advanced to the final round
data (AEAD) and hashing functionalities. ASCON provides
in April 2021. It is designed to provide authenticated encryp-
tion with associated data (AEAD) and hashing functionalities in
high security and robustness in implementations while having
hardware and software implementations. ASCON’s lightweight a low area, which is a requirement for resource-constrained
design utilizes a 320-bit permutation, bit-sliced into five 64-bit devices.
register words, providing 128-bit level security. This brief, for the The cryptographic properties of ASCON make it secure
first time, proposes error detection mechanisms for secure hard- against various linear and differential cryptanalysis. However,
ware implementations of ASCON. The proposed schemes, i.e., a number of fault analyses such as statistical ineffective
signature, interleaved signature, and cyclic redundancy check fault attacks (SIFA) [8], subset fault analysis (SSFA) [9],
approaches are presented for both LUT and logic-based imple- and fault intensity map analysis (FIMA) [10], have tar-
mentations of ASCON. The proposed error detection schemes geted the vulnerabilities of ASCON S-Box. These attacks
are also benchmarked on two FPGA families (Spartan-7 and rely on biased fault injections to recover the secret key by
Kintex-7), achieving acceptable area, power, and delay overheads. ciphertext analysis. Therefore, it is important to strengthen
The proposed mechanisms also provide a high error coverage
(99.99%) shown via simulations performed for 640,000 injected
all 64 instances of the ASCON S-Box using error detec-
faults. Hence, these approaches aim to make the respective tion to make it secure for reliable hardware implementa-
ASCON architectures more reliable. tions. Moreover, in authenticated encryption schemes, both
the authentication and encryption could be compromised
Index Terms—ASCON, authenticated cipher, cyclic redun- due to natural faults, thus reducing their reliability. Error
dancy check (CRC), field-programmable gate array (FPGA), detection schemes [13]–[22] are often used for reliable cryp-
lightweight permutation.
tographic implementations through fault detection. In this
brief, we propose error detection schemes for the non-linear
I. I NTRODUCTION S-Box of the ASCON’s lightweight authenticated cipher vari-
S THE Internet of Things (IoT) grows, especially the ant ASCON-128. The contributions of this brief are as
A Internet of Nano-Things, and devices become smaller
and heavily dependent on embedded systems, security often
follows.
• To the best of the authors’ knowledge, this is the first
work that proposes logic gate-based and look-up table
becomes an issue due to the compactness of such systems.
Thus, lightweight ciphers can be prone to security attacks (LUT) -based error detection schemes for the hard-
ware implementations of ASCON-128. The proposed
such as statistical fault analysis (SFAs) [1] or differential fault
analysis (DFAs) [2]. schemes are implemented on the 5-bit S-Box in the
nonlinear layer of ASCON-128 and aim to provide
As the National Institute of Standards and Technology
(NIST) moves towards standardizing lightweight security.
• The presented schemes, signatures, interleaved signa-
cryptography, it has approved many emerging efficient
tures, and cyclic redundancy check (CRC-3) are tailored
Manuscript received November 30, 2021; accepted December 15, for detecting both permanent and transient faults (sin-
2021. Date of publication December 17, 2021; date of current version gle, biased, or burst/adjacent faults) with acceptable
March 28, 2022. This work was supported by the U.S. Department of overheads with their high error coverage shown via
Commerce through U.S. Federal Agency under Award 60NANB20D013, simulations.
National Institute of Standards and Technology (NIST). This brief was
• The proposed schemes are benchmarked on two field-
recommended by Associate Editor B.-H. Gwee. (Corresponding author:
Mehran Mozaffari Kermani.) programmable gate array (FPGA) hardware platforms to
Jasmin Kaur and Mehran Mozaffari Kermani are with the Department confirm the achieved objectives.
of Computer Science and Engineering, University of South Florida, Tampa,
FL 33620 USA (e-mail: jasmink1@usf.edu; mehran2@usf.edu).
Reza Azarderakhsh is with the Department of Computer and Electrical II. P RELIMINARIES
Engineering, Florida Atlantic University, Boca Raton, FL 33431 USA (e-mail:
razarderakhsh@fau.edu). ASCON [5] has the key, nonce, and tag of 128 bits each
Digital Object Identifier 10.1109/TCSII.2021.3136463 while the message length is either 64 bits (ASCON-128
1549-7747
c 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: Indian Institute of Technology Indore. Downloaded on July 05,2023 at 10:10:05 UTC from IEEE Xplore. Restrictions apply.
KAUR et al.: HARDWARE CONSTRUCTIONS FOR ERROR DETECTION 2277
TABLE I
LUT R EPRESENTATION OF THE N ON -L INEAR 5-B IT S-B OX SB OF ASCON-128 IN H EXADECIMAL F ORM
TABLE II
P ROPOSED S IGNATURE (pˆ0 ) FOR THE LUT-BASED A PPROACH
TABLE III
P ROPOSED I NTERLEAVED S IGNATURES (pˆ1 , pˆ2 ) FOR O UR LUT-BASED A PPROACH
TABLE IV
P ROPOSED CRC-3 S IGNATURES (pˆ3 , pˆ4 , pˆ5 ) FOR O UR LUT-BASED A PPROACH
Authorized licensed use limited to: Indian Institute of Technology Indore. Downloaded on July 05,2023 at 10:10:05 UTC from IEEE Xplore. Restrictions apply.
2278 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS—II: EXPRESS BRIEFS, VOL. 69, NO. 4, APRIL 2022
TABLE V
Remark 1: The following shows the formulations for the T HE E RROR C OVERAGE OF THE P ROPOSED E RROR D ETECTION
original 5-bit S-Box of ASCON-128 (Fig. 1) [5] presented as S CHEMES FOR 640, 000 I NJECTED FAULTS
Logic I (1), for the input vectors (μ0 , μ1 , μ2 , μ3 , μ4 ) and the
output vectors (γ0 , γ1 , γ2 , γ3 , γ4 ).
Remark 2: The following shows the formulation of an 3) CRC-3 Check - Reducing the output polynomial f (x) =
alternate design of the 5-bit S-box using the input to out- γ0 x4 + γ3 x3 + γ2 x2 + γ1 x + γ4 using the CRC-3 reduction
put mapping given in Table I presented as Logic II (2), for polynomial g(x) = x3 + x + 1, we derive the CRC-3 equation
the input vectors (μ0 , μ1 , μ2 , μ3 , μ4 ) and the output vectors as (γ0 + γ2 )x2 + (γ0 + γ1 + γ3 )x1 + (γ1 + γ4 )x0 , where the
(γ0 , γ1 , γ2 , γ3 , γ4 ). coefficient terms of x0 , x1 , and x2 correspond to the CRC-3
γ0 = (μ¯0 μ¯1 )(μ2 ⊕ μ3 ) ∨ μ1 (μ3 ⊕ μ¯4 ) ∨ (μ0 μ¯1 )(μ2 ⊕ μ¯3 )
signatures pˆ3 , pˆ4 , and pˆ5 , respectively. The logic gate-based
equations for CRC-3 scheme are shown in (7) and (8), the
γ1 = (μ¯1 ⊕ μ2 )(μ1 ⊕ μ¯3 )(μ0 ⊕ μ4 ) ∨ (μ0 ⊕ μ¯4 )(μ¯1 μ3 ∨ μ2 μ¯3 ∨ μ1 μ¯2 )
LUT-based implementation is given in Table IV.
γ2 = (μ1 ⊕ μ¯2 )(μ¯4 ∨ μ3 ) ∨ (μ1 ⊕ μ2 )(μ¯3 μ4 )
pˆ3 = (μ1 ⊕ ((μ1 ⊕ μ2 )μ3 )) ⊕ ((μ0 ⊕ μ4 ) ⊕ (μ¯1 (μ1 ⊕ μ2 )))
γ3 = (μ1 ⊕ μ¯2 )(μ0 ∨ (μ3 ⊕ μ4 )) ∨ (μ¯0 (μ1 ⊕ μ2 )(μ3 ⊕ μ¯4 ))
∨((μ3 ⊕ μ4 ) ⊕ ((μ0 ⊕ μ4 )μ1 ))
γ4 = (μ¯1 (μ3 ⊕ μ4 )) ∨ (μ1 (μ0 ⊕ μ¯3 )). (2)
pˆ4 = ((μ0 ⊕ μ4 ) ⊕ (μ¯1 (μ1 ⊕ μ2 ))) ⊕ ((μ3 ⊕ μ4 ) ⊕ ((μ0 ⊕ μ4 )μ1 ))
The following derives the logic-gate based formulations ∨(μ1 ⊕ ((μ1 ⊕ μ2 )μ3 )) ⊕ ((μ0 ⊕ μ4 ) ⊕ (μ¯1 (μ1 ⊕ μ2 )))
using Logic-I (1) and Logic-II (2) for the presented error detec-
tion schemes using the five bit input (μ0 , μ1 , μ2 , μ3 , μ4 ) and ∨(μ3 ⊕ ((μ3 ⊕ μ4 )(μ0 ⊕ μ4 ))) ⊕ ((μ2 ⊕ μ1 ) ⊕ (μ¯3 μ4 ))
output (γ0 , γ1 , γ2 , γ3 , γ4 ) vectors of ASCON-128 S-Box. pˆ5 = ((μ0 ⊕ μ4 ) ⊕ (μ¯1 (μ1 ⊕ μ2 ))) ⊕ ((μ3 ⊕ μ4 ) ⊕ ((μ0 ⊕ μ4 )μ1 ))
1) Signature - The one-bit signature pˆ0 is computed as ∨(μ2 ⊕ μ1 ) ⊕ (μ¯3 μ4 ) (7)
modulo-2 addition of each bit of the output vector of the
pˆ3 = ((μ¯3 ∨ μ1 μ2 )μ4 ) ∨ ((μ¯1 μ¯2 ∨ μ3 )μ0 ) ∨ (μ¯1 μ3 μ¯4 )
S-Box. The logic gate-based equations for this scheme are
shown in (3) and (4), and its LUT-based implementation is ∨(μ¯0 μ1 μ¯2 μ¯4 ) ∨ (μ¯0 μ2 μ¯3 )
shown in Table II. pˆ4 = ((μ¯1 ∨ μ0 )μ4 ) ∨ (μ1 μ¯3 μ¯4 ) ∨ (μ0 μ¯1 μ¯2 ) ∨ (μ2 μ3 )
∨((μ2 ∨ μ3 )μ¯0 )
pˆ0 = ((μ0 ⊕ μ4 ) ⊕ (μ¯1 (μ1 ⊕ μ2 ))) ⊕ ((μ3 ⊕ μ4 ) ⊕ ((μ0 ⊕ μ4 )μ1 ))
pˆ5 = ((μ1 ⊕ μ¯2 )μ¯4 ) ∨ ((μ1 ⊕ μ3 )μ¯2 ) ∨ (μ¯0 μ¯1 μ2 μ¯3 )
⊕(μ1 ⊕ ((μ1 ⊕ μ2 )μ3 )) ⊕ ((μ0 ⊕ μ4 ) ⊕ (μ¯1 (μ1 ⊕ μ2 )))
∨((μ4 ∨ μ3 )μ0 μ¯1 ) ∨ (μ1 μ3 μ4 ). (8)
⊕(μ2 ⊕ μ1 ) ⊕ (μ¯3 μ4 ) ⊕ ((μ3 ⊕ μ4 ) ⊕ ((μ0 ⊕ μ4 )μ1 ))
⊕(μ3 ⊕ ((μ3 ⊕ μ4 )(μ0 ⊕ μ4 ))) ⊕ ((μ2 ⊕ μ1 ) ⊕ (μ¯3 μ4 )) (3)
pˆ0 = (μ¯0 μ¯1 μ¯3 ) ∨ (μ¯2 μ3 μ¯4 ) ∨ (μ¯0 μ2 μ3 μ4 ) ∨ (μ¯1 μ¯3 μ4 ) ∨ (μ0 μ¯2 μ3 )
IV. E RROR C OVERAGE AND FPGA B ENCHMARK
The results for overheads and error coverage for the
∨(μ0 μ1 μ¯3 μ¯4 ). (4)
proposed error detection schemes are presented in this section.
2) Interleaved Signature - The interleaved signatures
(pˆ1 , pˆ2 ) are parity-based signatures which are computed by A. Fault Model and Error Coverage
modulo-2 addition of the interleaved bits, even and odd, Our proposed signature-based error detection schemes
respectively, of the output vector of the S-Box. The logic gate- detect several faults such as stuck-at faults, single-bit upset
based equations of this scheme are shown in (5) and (6), and (SBUs), single-byte double-bit upsets (SBDBUs), single-byte
its LUT-based implementation is given in Table III. triple-bit upsets (SBTBUs), single-byte quadruple-bit upsets
(SBQBUs), other single byte (OSB) faults, and multiple byte
pˆ1 = ((μ0 ⊕ μ4 ) ⊕ (μ¯1 (μ1 ⊕ μ2 ))) ⊕ ((μ3 ⊕ μ4 ) ⊕ ((μ0 ⊕ μ4 )μ1 )) (MB) faults. Specifically, SBUs and SBTBUs are detected
fully through parities. Interleaved signatures help in detec-
⊕(μ2 ⊕ μ1 ) ⊕ (μ¯3 μ4 ) ⊕ ((μ3 ⊕ μ4 ) ⊕ (((μ0 ⊕ μ4 ))μ1 )) tion of the SBTBUs, SBQBUs, OSBs, and MBs (that are
pˆ2 = (μ1 ⊕ ((μ1 ⊕ μ2 )μ3 )) ⊕ ((μ0 ⊕ μ4 ) ⊕ (μ¯1 (μ1 ⊕ μ2 ))) more practical to mount than the costly single faults). Cyclic
redundancy schemes such as CRC-3 can detect SBUs, random
⊕(μ3 ⊕ ((μ3 ⊕ μ4 )(μ0 ⊕ μ4 ))) ⊕ ((μ2 ⊕ μ1 ) ⊕ (μ¯3 μ4 )) (5)
multi-bit upsets (MBUs), adjacent MBUs, double-bit upsets
pˆ1 = (μ¯0 μ1 μ¯2 μ3 μ4 ) ∨ (μ0 )(μ¯1 μ3 μ4 ∨ μ1 μ¯2 μ¯3 ∨ μ¯4 ∨ μ2 μ3 μ4 ) and odd errors with high probability.
∨(μ¯0 )(μ¯4 ∨ μ¯3 )(μ¯1 ∨ μ2 ) As the 5-bit ASCON-128 S-Box is implemented 64 times
in parallel, 64 error flags are produced in every permutation
pˆ2 = (μ¯0 )(μ2 μ3 ∨ μ1 μ3 ∨ μ1 μ2 ) ∨ (μ0 μ¯1 μ¯2 μ3 μ¯4 ) ∨ (μ2 μ3 μ4 ) round of ASCON-128. The error flags (ef ) generated for each
∨(μ1 μ2 μ¯3 μ¯4 ) ∨ (μ0 μ4 )(μ¯1 μ¯3 ∨ μ1 μ¯2 ). (6) of the proposed error detection schemes is either 1 (one-bit
Authorized licensed use limited to: Indian Institute of Technology Indore. Downloaded on July 05,2023 at 10:10:05 UTC from IEEE Xplore. Restrictions apply.
KAUR et al.: HARDWARE CONSTRUCTIONS FOR ERROR DETECTION 2279
TABLE VI
B ENCHMARK OF THE P RESENTED S CHEMES FOR THE S-B OX OF ASCON-128 ON S PARTAN -7 AND K INTEX -7 FPGA FAMILIES
signature), 2 (interleaved signatures), or 3 (CRC-3). The error nature but the attacks are noticed by the observers regard-
coverage of the presented error detection schemes increases as less. Hence, we note that in cryptographic applications, error
the number of S-Boxes with error detection increases. For a correction is often not intended concerning natural and tran-
single S-Box, the error coverage is ~50% for one-bit signature, sient faults. Moreover, since the presented schemes are only
~75% for interleaved signature and ~85% for CRC-3 scheme. implemented on the S-Box, they would not work for erroneous
Since the error detection is added to all 64 S-Box instances in input to S-Boxes. For a fault models which consider erroneous
ASCON-128 permutation, the error coverage of the schemes input, other components of the cipher need to be protected as
can be calculated using the formula 100·(1−(0.5)signatures )%, well to achieve a fully-protected cipher [20], as the protec-
where signatures denote the total number of signatures gen- tion for previous transformations can detect erroneous inputs.
erated by an error detection scheme per S-Box, calculated as The aforementioned extension is straightforward as the other
signatures = ef · 64. Therefore, for the proposed schemes the transformations are linear and easy to protect.
error coverage for all 64 S-Boxes is as follows: a) One-bit Fault analysis techniques such as SIFA [8], SSFA [9], and
signature scheme = 100 · (1 − (0.5)1·64 )%, b) Interleaved sig- FIMA [10], utilize various fault injection and analysis tech-
natures scheme = 100·(1−(0.5)2·64 )%, and c) CRC-3 scheme niques to target the 5-bit S-Box of ASCON. Authors of [8]
= 100 · (1 − (0.5)3·64 )%. These are all very close to full error mount SIFA on ASCON by using double-fault injection and
coverage of 100%, as shown by the results of Table V. key division strategies. The faults are injected in two selected
Using simulations, the actual error coverage of the proposed instances of the S-Boxes in the last permutation round of
schemes is determined for 640,000 injected errors and tabu- the finalization stage to recover the secret key by analyz-
lated in Table V. A stuck-at fault model is considered for ing the tag values resulting from fault injections. Authors
error coverage, and faults are injected using VHDL in the of [9] mount SSFA on ASCON-128 by using a combination
hardware implementation of ASCON-128. For example, for of correlation attack and subset cryptanalysis. The proposed
SBUs, any single bit in the S-Box output vector is kept stuck- attack assumes that the attacker can inject bit-reset faults
at 0, while for MBUs, random bits of the S-Box output vector (injected as 1-bit, 1-byte, multiple bytes, etc.) to recover the
is kept stuck-at 0 using AND operation. In our fault model, secret key. FIMA [10], combines different statistical fault
we assume that all the stuck-at faults are injected at the output analysis techniques to recover the secret key by comparing
of every S-Box during the execution phase. The parities of the faulty ciphertexts to correct ciphertexts under ineffective fault
input and the output vectors of the S-Boxes are computed and injections and data dependent intensity profiles. Since FIMA
compared to give the error flag value as either “0” (in case combines the properties of SIFA and SSFA, the faults are
of no error) or “1” (when an error gets detected), which is injected similarly as the aforementioned techniques for fault
then used to signal the presence of an error. We only focus analysis. Our proposed error detection schemes provide high
upon including error detection capabilities in the architecture error coverage for a number of bit upsets and therefore provide
of ASCON-128. This is because fault attacks are transient in significant protection against fault attacks listed above.
Authorized licensed use limited to: Indian Institute of Technology Indore. Downloaded on July 05,2023 at 10:10:05 UTC from IEEE Xplore. Restrictions apply.
2280 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS—II: EXPRESS BRIEFS, VOL. 69, NO. 4, APRIL 2022
Authorized licensed use limited to: Indian Institute of Technology Indore. Downloaded on July 05,2023 at 10:10:05 UTC from IEEE Xplore. Restrictions apply.