Fault Attacks Resistant Architecture for KECCAK Hash Function

The KECCAK cryptographic algorithms widely used in embedded circuits to ensure a high level of security to any systems which require hashing as the integrity checking and random number generation. One of the most efficient cryptanalysis techniques against KECCAK implementation is the fault injection attacks. Until now, only a few fault detection schemes for KECCAK have been presented. In this paper, in order to provide a high level of security against fault attacks, an efficient error detection scheme based on scrambling technique has been proposed. To evaluate the robust of the proposed detection scheme against faults attacks, we perform fault injection simulations and we show that the fault coverage is about 99,996%. We have described the proposed detection scheme and through the Field-Programmable Gate Array analysis, results show that the proposed scheme can be easily implemented with low complexity and can efficiently protect KECCAK against fault attacks. Moreover, the FieldProgrammable Gate Array implementation results show that the proposed KECCAK fault detection scheme realises a compromise between implementation cost and KECCAK robustness against fault attacks. Keywords—Cryptographic; KECCAK SHA-3; Fault detection; Embedded systems; FPGA implementation


I. INTRODUCTION
In August 2015, the cryptographic hash algorithm SHA-3 was finalised by the National Institute of Standard and Technology (NIST), when the KECCAK algorithm was adopted.Currently, the KECCAK algorithm replaced the Secure Hash Algorithm (SHA-2) which has been in use since 2009 [1][2].
Currently, various hardware implementation architectures and optimisations of KECCAK algorithm have been proposed for different applications and their performances have been evaluated by using ASIC and FPGA [3][4][5][6][7].
Improving the performance of the KECCAK circuits is a critical problem when the circuits are used in embedded systems.Cryptographic algorithm KECCAK is currently used in a very large variety of scenarios as the financial transactions, which has high security requirements.Moreover, the necessity to secure the KECCAK algorithm against various attacks as fault injection attacks [8][9] KECCAK hash function is used for data integrity in conjunction with digital signature schemes.Also, for several reasons a message is typically hashed first.Then, the hashvalue, as a representative of the message, is signed in place of the original message [10][11].
Yet, the malicious injected and the natural faults decrease the KECCAK robustness in may cause secure data leakage in non-secure implementation.The injected faults are caused by ambient environment, power consumption, computation time or electromagnetic radiation; the cryptographic systems are sensitive to these errors.We noted that the random errors are presenting false results which make these systems unreliable.Also we can inject faults temporarily in the cryptographic system in reason to retrieve the secret key or state.Many error detection schemes have been implemented to make a robust hardware design and to secure cryptographic systems against faults injection attacks [12][13][14][15][16][17][18][19][20][21].
In [12] Bayat-Sarmadi et al. proposed a new fault detection scheme for the KECCAK hash function.This is based on rotated by a random number before each round operation, and shifted back after KECCAK operations without changing the results.Then, they implement another copy of the hardware KECCAK algorithm to perform a comparison between the two copies results.Moreover, they perform fault attacks simulations and they show that the detection capability of close to 100% is derived.[20] a new detection scheme based on parity checking in reason to protect the operations KECCAK.This scheme consists of comparing the parity inputs with the parity outputs of each operation.The simulation security results show that the scheme leads to high security against fault attacks.

Luo et al. presented in
In this paper, we proposed a new fault detection scheme for obtaining an efficient KECCAK implementation with a high level of security against faults attacks.This scheme based on the scrambling technique to secure KECCAK algorithm.
The paper is organised as: Section 2 describes the background knowledge.In Section 3 we present the KECCAK design.Section 4 presents the KECCAK fault detection scheme.Section 5 deals with the detection capability evaluation of the proposed architecture.In Section 6, the FPGA implementation results and performances are discussed and compared.Finally, in Section 7, we conclude the paper.

A. Algorithm KECCAK
The KECCAC algorithm is based on the sponge construction.The KECCAK hash function is the permutation f.This is applied to a fixed length state of b, with b = r + c; c is a capacity, r is a bit rate.The higher security and speed level www.ijacsa.thesai.orgcorrespond to higher values of c and r respectively.The hash procedure is as follow: first, to get a fixed size message, the input message is padded.Then, five internals steps are applied for each round.Finally, the squeezing phase occurs.The sponge function is composed of two phases: Absorbing and squeezing phases.Figure 1 shows the Sponge Function.Table 2 shows the constants rounds RC[i].These values are specified in hexadecimal notation for lane size 64.The hash function KECCAK-f consists of 24 rounds, there are identical.The process for each round has had five steps: Theta (), Rho (ρ), Pi (π), Chi (χ) and Iota ().They feature simple logical operations and permutations of the state bits.Should be noted that the initial state is all zero and in each round, the introduced data is mixed with the current state.RC [1] 0x0000000000008082 RC [13] 0x800000000000008B RC [2] 0x800000000000808A RC [14] 0x8000000000008089 RC [3] 0x8000000080008000 RC [15] 0x8000000000008002 RC [4] 0x000000000000808B RC [16] 0x800000000000808B RC [5] 0x0000000080000001 RC [17] 0x8000000000000080 RC [6] 0x8000000080008081 RC [18] 0x000000000000800A RC [7] 0x8000000000008081 RC [19] 0x800000008000000A RC [8] 0x000000000000008A RC [20] 0x8000000080008081 RC [9] 0x0000000000000088 RC [21] 0x8000000000008080 RC [10] 0x0000000000008082 RC [22] 0x0000000080000001 RC [11] 0x000000080000000A RC [23] 0x8000000800008008  and  steps:  step:

B. Fault Injection Attacks
Among the techniques that can break the cryptographic algorithms, we find the fault injection attacks.This technique is to inject one or several faults during the hash process and to use the erroneous output to extract the secret information.

A. Implementation details of KECCAK
Figure 2 shows the block diagram of proposed KECCAK architecture.This architecture takes 1600-bit for the inputs data.Then it performs the padding operation and the hash process.The output data is 512-bit.

B. FPGA Implementation of KECCAK Architecture
In this subsection, we present the hardware FPGA implementation of the proposed KECCAK architecture.The hardware description was performed via the VHDL language, simulated by ModelSim simulator and synthesised using ISE XILINX 14.1.The FPGA platform used is the Virtex-5.
Table 3 illustrated the occupied slices number; throughput (Gigabits per second), frequency (MegaHertz) and the efficiency (Gigabits per second per slices).
The data throughput and efficiency are calculated by equation 5 and equation 6 respectively.bit frequency Throughput clock cycles Table 3 shows that the proposed KECCAK architecture necessitates 1356 slices for 296.5 MHz working frequency and 11.86 Gbps throughput.In addition, Table 3 presents a comparison between the proposed KECCAK designs and other previous works.Compared to [22] and [23], the proposed architecture has the lowest area and the highest working frequency.From hardware performances viewpoint, the proposed architecture requires 1356 slices for 296.5 MHz working frequency while the KECCAK design in [23] requires 2640 slices with 122 MHz working frequency.Although the design in [22] increases the throughput compared to our work, the proposed design is more efficient from area and frequency viewpoint.Therefore, our design realises a trade-off between the implementation hardware performances.

IV. PROPOSED FAULT DETECTION SCHEME FOR THE KECCAK
In this section, we present the proposed scheme to protect the hardware KECCAK implantation against the fault injection attacks.
Duplicated the KECCAK hardware design means that the hash process data is duplicated.Therefore, two KECCAK round execute simultaneously.It is simple to scramble the KECCAK slices between two KECCAK rounds by using the hardware duplication technique.
We applied the scrambling technique at the end of each KECCAK operation.In other words, we applied this technique at the end of Theta, Rho, Pi, Chi and Iota.
Then, if a fault is injected into one data hash path, it causes faulty data process on the other data hash path.
The advantage of the proposed architecture is that this method avoids the fault injection attacks and does not modify the exact KECCAK Round process in the absence of attacks.
In this work, in order to increase the robustness against the fault attacks, we applied the scrambling at the bit level which means that each bit of the first data hash path is scrambling with the corresponding bit in the second data hash path The proposed methodology is presented in Figure 4.
The slice KECCAK half (in data path 1) are scrambled with the KECCAK slice (in data path 2).The bit level scrambling technique causes a robust KECCAK design.In addition, in terms of hardware implementation, it is effortless to implement this technique.Also, it does not augment the implementation complexity level.www.ijacsa.thesai.orgMany experiences of faults injection attacks were performed using the VHDL language to verify the robustness of the KECCAK architecture against the fault injection attacks.We considered two types of faults:  Single-bit faults mean that one bit in the data hash path is changed.
 Multiple-bit faults mean that more than one bit in the data hash path is changed.
The single-bit and the multiple-bit faults are injected into all KECCAK operations where the erroneous bits number for the multiple-bit faults varies from 1 to 16.For this purpose, we developed a simulation fault model as shown in Figure 5.
The KECCAK detection scheme is tested using 17 tests different by fault multiplicity where each fault pattern is composed of 1000000 faulty vectors.The vector's length is 64 bits.The simulation faults attacks results are shown in Figure 6.As shown in Figure 6, the undetectable faults percentage decreases considerably when the fault multiplicity augmented.In the random faulty bit case, the percentage of the undetectable faults is about 0.004% which means that the detection capability percentage achieves 99.996%.Consequently, the proposed KECCAK detection scheme guarantees a high security level against fault attacks.

VI. FPGA IMPLEMENTATION
In this section, we present the hardware FPGA implementation of the original KECCAK and the protected KECCAK designs.The hardware description was performed via the VHDL language the proposed architectures are simulated by ModelSim simulator and synthesised using ISE XILINX 14.1.The FPGA platform used is the Virtex-5.Table 4 illustrated the occupied slices number; throughput (Gigabits per second), frequency (MegaHertz), the frequency and throughput degradations and the area overhead, for the protected and the unprotected KECCAK implementation.As seen in Table 4, the original KECCAK hash function requires 1356 occupied slices for 296.5 MHz maximal frequency.However, the proposed protected KECCAK requires 66.66% more occupied slices and the maximal frequency decreased by 1.75% than the original KECCAK.Also, the proposed secured design causes 1.77% throughput degradation.Thus, our proposed KECCAK design realises a compromise between implementation cost and KECCAK robustness against fault attacks.

VII. CONCLUSION
In this work, to improve the KECCAK safety, we proposed a new KECCAK fault detection scheme based on scrambling technique.We discuss the robustness of the proposed KECCAK architecture against fault attacks.We implemented the architectures: the original and the protected KECCAK on FPGA Virtex-5.Compared to the original implementation, the proposed KECCAK achieves 99.996% fault coverage and causes a very little frequency and throughput degradations.In the future works, we will try to protect the KECCAK architecture against the power attacks.

Fig. 1 .
Fig. 1.Sponge Function The state is composed of an array of 5×5 lanes.w is a length of lane, when w {1, 2, 4, 8, 16, 32, 64}, and (b = 25w).The sponge construction is applied to KECCAK-f, so we applied the padding to the message input for obtaining the KECCAK-f [r,c].With c is capacity and r is bitrate.All the operations on the indices are done modulo 5.A signify the complete permutation state array, and A[x,y] show a particular lane in that state.The intermediate variables are B[x,y], C[x] and D[x].RC[i] present the round constants.While the constants R[x,y] are the rotation offsets.The binary cyclic shift operation is indicated by Rot (w,r).The bit is shifted by position i to position i + r (modulo the lane size).The constants R[x,y] are the cyclic shift offsets and are specified in Table1.

Fig. 2 .
Fig. 2. Block Diagram KECCAK Input/Output Interface is the input blocks.The input data is 1600-bit length while the output is 512-bit wide.So the Input/output interface has to buffer the information data.Control Unit is used to ensuring the synchronisation between all modules.Padder Unit implements the padding operation and the inversions per byte procedure and has an output of 1600-bit which is the sponge function of KECCAK.Then a 2-to-1 multiplexer drives the output data from padder to the primary KECCAK components.KECCAK Round is the main component of proposed design.It requires 25 clock cycles to produce the 512bit message digests where each clock cycle requires the previous round, as well as the constant value RC at the start of the each round.The KECCAK round is composed of five components (Figure3):  Theta component : this operation is performed in three steps: the first step, it takes the input message bits and