Generalized Code-Abiding Countermeasure

Abstract

The widely used countermeasures against fault attacks are based on spatial, temporal, or information redundancy. This type of solution is very efficient, but it can be very expensive in terms of implementation cost. Thus, trying to propose a secure and efficient countermeasure for a lightweight cipher is a hard challenge, as the goal of a lightweight cipher is to be the lightest possible. This paper considers information redundancy based on parity bit code, with code-abiding transformations of the operations. This error detection code, with the code-abiding notion added, is very efficient against single fault injection and has a small overcost. The solution is tested on the LED lightweight cipher to measure its overhead. Moreover, a bitslice version of the cipher is used with the parity bit code applied to be robust against all the single-word fault injections. The challenge is to adapt the cipher functions in a way in which the parity bit is always considered, but without considering a heavy implementation. The advantage of our solution is that this countermeasure leads to a 100% fault coverage, with a reasonable overhead.

1. Introduction

Cryptographic implementations are prone to physical attacks. Physical attacks take advantage of physical properties of a device while running a cryptographic algorithm to break the security. Most popular physical attacks are fault attacks [1] (taking advantage of the circuit’s tend to perturbations) and side-channel attacks [2] (taking advantage of the circuit’s leakage). This work focuses on fault attacks. The principle of fault attacks is to use means, such as laser injection or clock glitching, in order to inject faults during an encryption and to extract information by analyzing the circuit’s behavior after the injection.

To counter fault attacks, various countermeasures have been developed, using mainly redundancy [3,4,5,6,7]. Redundancy allows one to create multiple information sources, and these multiple sources are compared at the end of the computation to detect fault injection. Redundancy can be applied at three different levels: temporal, spacial, and informational. Temporal redundancy is based on the multiple encryptions of a plaintext by the same physical cipher (same circuit) and on the comparison between the resulting ciphertexts. Spacial redundancy is based on the multiple encryptions of a plaintext by different physical ciphers (different circuits). Moreover, additional information can be added to the plaintext to create an information redundancy. This information is data-dependant and is used to detect if a fault is present. In all the cases, the potential leakages of the cipher are more numerous, and the side-channel attacks (SCA) are thus more efficient [8]. Therefore, when designing a countermeasure against fault attacks, the designer should then take into account vulnerabilities that the countermeasure considered able with regard to including for the side channel adversary. The objective in that case is to make the overcost of the countermeasure as small as possible, especially when the countermeasure is implemented on a lightweight cipher.

1.1. Related Work

Simon et al. [9] presented a solution of error detection that hardly increased the SCA vulnerability. However, this solution is restrictive for any designer that would prefer to apply code-abiding to an existing cipher, and more particularly, work-oriented block ciphers. Our goal is then to generalize the code abiding method to any existing or new word-oriented block cipher.

Bertoni et al. [10] used the parity bit code to detect the fault injected on AES. Bertoni et al. described a modification of the algorithm with the addition of the parity bit matrix, when our objective is to use a bitslice version of an algorithm to add a bitwise countermeasure to a word-oriented cipher. Then, the S-Box used in [10] with half of its entries set to $\mathtt{00}..\mathtt{001}$ is efficient in a software way, but in a hardware implementation, a big number of logical gates would be used. Moreover, the protected cipher would be robust against 1-bit fault injection, but our solution would prevent any 1-word fault injection.

Lac et al. [11] used an internal redundancy countermeasure: every data block is duplicated k times and surrounded by n reference blocks. The k copies allow us to detect up to k fault injections by comparing the results. Moreover, the reference blocks would detect a fault, even if it affects all the copies of the data block. Indeed, reference blocks are known pairs of plaintext/ciphertext, and a check is done of the cipher reference blocks to detect an injected fault. The blocks are randomly distributed in the register. Thus, for each data block, we have $k+n$ blocks of overhead. In our paper, the solution adds 1 bit for each data block. The overhead is then much lighter in our solution.

1.2. Contributions

Our first contribution is an exhibition of a fault injection realized in precise conditions during a computation of a Friet operation [9] that results into an undetected error. The conditions are presented, with two countermeasures that can be applied to allow the detection of the error.

The second contribution is the application of the code-abiding method to an existing cipher with an example on the lightweight LED cipher [12]. The countermeasure is designed to obtain the smallest overcost possible. The secured solution presented in our work should be $25\%$ more expensive than the original LED implementation, as only one parity bit is added for each nibble. Our work thus focuses on the cost optimization of the countermeasure, in terms of the number of gates and memory space needed, as well as power consumption.

This work should allow implementations to be robust against a single injection fault with an optimization of the overcost brought by the countermeasure.

2. Background

In this section, we briefly introduce notions on coding theory that are useful for the countermeasure presented. We also recall the operation of LED block cipher [12] on which we apply our countermeasure as a proof of efficiency of our method.

2.1. Error Detection

The solutions presented in this paper use the code-abiding concept introduced in [9]. This solution is based on computation over data encoded with error detection. In the following, we give the goal and the principle of error detection, which is a set of techniques that makes it possible to detect errors during the transmission of information.

Definition 1 

(Error detection code). Let E be a set and $\mathcal{C}\subset E$. We denote $\overline{\mathcal{C}}=E\setminus \left\{\mathcal{C}\right\}$. $\mathcal{C}$ is an error detection code if and only if:

• $\forall x\in \mathcal{C},\forall y\in \overline{\mathcal{C}},x+y\in \overline{\mathcal{C}}$
• $\forall x\in \mathcal{C},\forall z\in \mathcal{S}⊊\mathcal{C},x+z\in \mathcal{C}$

In this case, + is the addition operator, according to the set E.

An error detection code allows one to divide a set into two different subsets with a minimal Hamming distance between a word of a subset and a word from the other.

Definition 2 

(Parity bit). Let x be a n-bit word. We denote $x_i$ as the i-th bit of x, then we have $x=x_{n-1}\left|\right|x_{n-2}\left|\right|...\left|\right|x_1\left|\right|x_0$, where $\left|\right|$ is the concatenation operator. The parity bit $x_p$ is the sum of all the $x_i$ (using XOR operator): $x_p=x_{n-1}\oplus x_{n-2}\oplus ...\oplus x_1\oplus x_0$. We use the even parity in our case, so the XOR of all the bits (including the parity bit) is 0. Its purpose is to detect an odd number of fault in the output.

Example 1 

(Parity bit). Let $x=011010$. The parity bit $x_p=0\oplus 1\oplus 1\oplus 0\oplus 1\oplus 0=1$.

The parity bit method is the error detection scheme that is used during this work. The two subsets are composed by the words with an even parity for the first one and the words with an odd parity for the second one.

Definition 3 

(Check function). The $\mathtt{CheckFunction}$ applied to a word verifies its parity characteristic. The function returns a Boolean with $\mathtt{TRUE}$ when an even parity is verified and $\mathtt{FALSE}$ when odd parity is verified.

Example 2 

(Check function).

• $\mathtt{CheckFunction}\left(011011\right)=\mathtt{TRUE}$
• $\mathtt{CheckFunction}\left(110010\right)=\mathtt{FALSE}$

2.2. Code Abiding

We now want to implement the error detection scheme into an encryption algorithm. Then, we need to use functions that keep the parity characteristic of the words. With this intention, we use the code abiding notion. Code abiding was introduced in [9]. In this work, the idea was to build permutation over the space E. In order to detect fault, the permutation built must respect separation of the space. In other words, the permutation over E can be seen as two permutations, one over $\mathcal{C}$, the other over $\overline{\mathcal{C}}$. The separation between the two spaces should allows detection of every single fault injection.

Definition 4 

(Code abiding function). f is a $\mathcal{C}$ code abiding function if and only if:

• $\forall x\in \mathcal{C},f\left(x\right)\in \mathcal{C}$
• $\forall x\notin \mathcal{C},f\left(x\right)\notin \mathcal{C}$

The algorithm has to be composed by code abiding functions to keep the parity property of the words and to propagate the error injected until the detection of the fault.

2.3. LED Cipher

The LED Cipher, presented in [12], is a lightweight block cipher. Its purpose is to offer a very small silicon footprint in comparison with other block ciphers, as well as to be secure against related-key attacks by using AES-like security proofs.

This cipher is a 64-bit block cipher using mostly 64-bit keys and 128-bit keys. However, any length between 64 bits and 128 bits can be used if the length is divisible by four. In this sense, 80-bit keys are also often used. In our work, we focus on the 64-bit key length. However, the results presented are valid for any key length and are not limited to the LED cipher. Indeed, the code abiding solution can be added on any block cipher.

A 64-bit state $St$ is conceptually divided into sixteen 4-bit nibbles ($St=s{t}_0\left|\right|s{t}_1\left|\right|\dots \left|\right|s{t}_{15}$) and arranged in a square array, as described in Matrix $state$.

$$state=\left(\begin{array}{cccc}s{t}_0& s{t}_1& s{t}_2& s{t}_3\\ s{t}_4& s{t}_5& s{t}_6& s{t}_7\\ s{t}_8& s{t}_9& s{t}_{10}& s{t}_{11}\\ s{t}_{12}& s{t}_{13}& s{t}_{14}& s{t}_{15}\end{array}\right)$$

Using the same process, the key K is divided into subkeys $k_i$ (Matrix K).

$$K=\left(\begin{array}{cccc}{k}_0& k_1& k_2& k_3\\ k_4& k_5& k_6& k_7\\ k_8& k_9& k_{10}& k_{11}\\ k_{12}& k_{13}& k_{14}& k_{15}\end{array}\right)$$

The cipher process is the combination of two operations: AddRoundKey and step (see Figure 1). The step operation is computed s times while the AddRoundKey is computed $s+1$ times. This value depends on the key length: $s=8$ for a 64-bit key and $s=12$ for a 128-bit key.

The step operation is composed by four rounds themselves composed by four operations, $\mathtt{AddConstants}$, $\mathtt{SubCells}$, $\mathtt{ShiftRows}$, and $\mathtt{MixColumnsSerial}$ (See Figure 2), while the AddRoundKey operation is the combination of the state and the subkeys using XOR.

$\mathtt{AddConstants}$. Six bits, $r{c}_5,r{c}_4,r{c}_3,r{c}_2,r{c}_1$, and $r{c}_0$ (initialized to zero), are shifted to the left ($r{c}_5=r{c}_4;\dots ;r{c}_1=r{c}_0$) and $r{c}_0=r{c}_5\oplus r{c}_4\oplus 1$. Those computations are done each round before using the constant. Moreover, the key size (written in its bit form $k{s}_7\left|\right|k{s}_6\left|\right|k{s}_5\left|\right|k{s}_4\left|\right|k{s}_3\left|\right|k{s}_2\left|\right|k{s}_1\left|\right|k{s}_0$) is used to create the constant. Then, the values are combined into a round constant (see Matrix constant), and this constant is added (using bitwise exclusive or) to the state.

$$constant=\left(\begin{array}{cccc}0\oplus \left(k{s}_7\right|\left|k{s}_6\right|\left|k{s}_5\right|\left|k{s}_4\right)& \left(r{c}_5\right|\left|r{c}_4\right|\left|r{c}_3\right)& 0& 0\\ 1\oplus \left(k{s}_7\right|\left|k{s}_6\right|\left|k{s}_5\right|\left|k{s}_4\right)& \left(r{c}_5\right|\left|r{c}_4\right|\left|r{c}_3\right)& 0& 0\\ 2\oplus \left(k{s}_3\right|\left|k{s}_2\right|\left|k{s}_1\right|\left|k{s}_0\right)& \left(r{c}_5\right|\left|r{c}_4\right|\left|r{c}_3\right)& 0& 0\\ 3\oplus \left(k{s}_3\right|\left|k{s}_2\right|\left|k{s}_1\right|\left|k{s}_0\right)& \left(r{c}_5\right|\left|r{c}_4\right|\left|r{c}_3\right)& 0& 0\end{array}\right)$$

$\mathtt{SubCells}$. The actual state is substituted by the new state using the $\mathtt{PRESENT}$ S-box presented in

Table 1. $\mathtt{PRESENT}$ S-box.

x	$\mathtt{0}$	$\mathtt{1}$	$\mathtt{2}$	$\mathtt{3}$	$\mathtt{4}$	$\mathtt{5}$	$\mathtt{6}$	$\mathtt{7}$	$\mathtt{8}$	$\mathtt{9}$	$\mathtt{A}$	$\mathtt{B}$	$\mathtt{C}$	$\mathtt{D}$	$\mathtt{E}$	$\mathtt{F}$
$S_x$	$\mathtt{C}$	$\mathtt{5}$	$\mathtt{6}$	$\mathtt{B}$	$\mathtt{9}$	$\mathtt{0}$	$\mathtt{A}$	$\mathtt{D}$	$\mathtt{3}$	$\mathtt{E}$	$\mathtt{F}$	$\mathtt{8}$	$\mathtt{4}$	$\mathtt{7}$	$\mathtt{1}$	$\mathtt{2}$

. This function adds some confusion and non-linearity during the process.

$\mathtt{ShiftRows}$. The rows of the the state are rotated: row i is rotated i positions.

$\mathtt{MixColumnsSerial}$. The state array is post-multiplied by the matrix M (see Matrix M). For the sake of efficiency, we use the matrix A (see Matrix A) with $A^4=M$ and post-multiply it four times to the state.

$$A^4={\left(\begin{array}{cccc}0& 1& 0& 0\\ 0& 0& 1& 0\\ 0& 0& 0& 1\\ 4& 1& 2& 2\end{array}\right)}^4=M=\left(\begin{array}{cccc}4& 1& 2& 2\\ 8& 6& 5& 6\\ B& E& A& 9\\ 2& 2& F& B\end{array}\right)$$

After the sstep and $s+1$ AddRoundKey, the state becomes the ciphertext.

Another approach of the cipher is its bitslice version [13], and this approach brings some important properties for this work. Let us suppose that the machine used has 64-bit length registers. Then, the 64-bit state is stored in a single register. The bitslice transformation of the cipher stores the state in 64 registers, each containing 1 bit of data. This approach allows us to have a bit-oriented cipher, rather than a word-oriented one. This is very important for the implementation of the parity scheme.

Another advantage of the bitslice version is the parallel encryptions. In the same conditions as the previous point, instead of using 64 registers containing only 1 bit of useful data, we can encrypt n plaintexts in parallel and then store 64 n-bit useful data. As the bitslice version is bitwise, the cipher cannot interfere between the different states. It is this method that induces detection of any 1-word fault injection. Indeed, as every machine word is seen as the concatenation of a single bit of n states and as any 1-bit injection in a state would be detected, then up to 1-word fault injection could be detected here.

The state transformation is presented in Figure 3 within a blue register of the machine and within a red state of the cipher.

3. Error Compensation Issue

In this section, we exhibit a potential fault attack against Friet [9]. Indeed, in particular scenarios, we show that a fault injected can create several errors that can be compensated during the parity check, so the error is not detected. The scenario has a small probability of success, depending on the attack model and some requirements about implementation characteristics. We then present a countermeasure to prevent this kind of attack in a strong model where the adversary can inject the fault of his choice at the position and time one chooses.

3.1. Issue Example

We bring out the vulnerabilities with an example, and we next generalize it. We assume that the attacker can add a fault to one value during the computation.

Let $ϵ=2^{128}-1$ as Friet manipulates 128-bit data. For the sake of simplicity, we call a, b, c, and d the inputs of the ${\mu }_2$ operation. For the same reason, $a^{\prime }$, $b^{\prime }$, $c^{\prime }$, and $d^{\prime }$ are the outputs of the operation. During these operations, the parity equation followed is $d=a\oplus b\oplus c$. This parity equation is checked to ensure that no fault is injected. We inject the additive fault $ϵ$ into the word c during the ${\mu }_2$ operation, and, after that, the rotated word c is added to a and to b before the addition. The fault injection is illustrated in Figure 4, with the red line showing the modification.

When such a fault is injected, the outputs of two branches are modified: the second b and the third c. We denote $b^{\prime }$ and $c^{\prime }$ as the second and third words of the output of the faulty ${\mu }_2$ operation. Then, we have two equations:

$$\begin{array}{c}{b}^{\prime }=b\oplus ((c\oplus \mathtt{0}\mathtt{xFF}..\mathtt{FF})⋘80)=b\oplus (c⋘80)\oplus (\mathtt{0}\mathtt{xFF}..\mathtt{FF}⋘80)=b\oplus (c⋘80)\oplus \mathtt{0}\mathtt{xFF}..\mathtt{FF}\hfill \\ c^{\prime }=c\oplus \mathtt{0}\mathtt{xFF}..\mathtt{FF}.\hfill \end{array}$$

At the output of the faulty ${\mu }_2$, we have $(a^{\prime },b^{\prime },c^{\prime },d^{\prime })=(a,b\oplus (c⋘80)\oplus \mathtt{0}\mathtt{xFF}..\mathtt{FF},c\oplus \mathtt{0}\mathtt{xFF}..\mathtt{FF},d)$. Then, the check subroutine does not detect the injected fault, since the fault on the two branches cancel out when applying a XOR operation on the values.

In the previous example, we saw that the fault $\mathtt{0}\mathtt{xFF}..\mathtt{FF}$ is not detected because it remains unchanged with the shift by 80 bits (that is the shift of ${\mu }_2$). However, this is not the only fault that is not detected with this shift. Indeed, all the faults that remain unchanged with the 80-bit shift have this property. With the Algorithm 1 we can identify all the valid fault that are undetected. Indeed, we begin with the word $i=1$, and we shift this word by 80 bits, and we test when the word come back to the initial value 1. The cycle length found is 8, and the number of cycles is then $\frac{word\_length}{cycle\_length}=\frac{128}{8}=16$. That means that every fault composed by 8 same 16-bit concatenated words is not detected. Thus, we have $2^{16}-1$ undetected faults (the value $\mathtt{0}\mathtt{x}\mathtt{00}..\mathtt{00}$ is not a fault) over $2^{128}$ different faults. In terms of probability, we have a probability around $2^{-112}$ to have an undetected fault. As this probability is very tiny, then with some random faults it is difficult to identify such a weakness. Moreover, the undetected fault is a 128-bit injection, and when the registers are strictly smaller than 128-bit long, then the necessary fault would affect two registers so two faults would be needed. This constraint places the error outside of the study.

Algorithm 1 Find the length of a cycle.

Require: Size of the shift (here 80) Ensure: Length of a cycle (how many shifts to recover the former value)     $i\leftarrow 1$     $t_{cycle}\leftarrow 1$    while$(i⋘80)\%128\ne 1$do        $t_{cycle}\leftarrow t_{cycle}+1$        $i\leftarrow (i⋘80)\%128$    return $t_{cycle}$

The same analysis can be done for ${\mu }_1$, and it is easy to see that the only undetected fault is the all 1 fault. For the $\chi$, the bitwise and between two branches make the fault non-detection probabilistic in function of the data in the second branch.

3.2. Countermeasures

We assume that the registers are wide enough to ensure that the undetected faults are still in the limits of the study. An obvious solution to this issue is to increase the cycle length to limit the number of undetected faults. With a shift of 1 bit, the cycle length is maximum with a value of 128. Indeed, only the words composed by 128 same 1-bit words are undetected. However, the fault $\mathtt{0}\mathtt{xFF}..\mathtt{FF}$ remains undetected ($\mathtt{0}\mathtt{x}\mathtt{00}..\mathtt{00}$ is still not a fault), and we have to modify the former operation to implement our solution.

Another solution must be found to detect all the faults without changing the cryptographic primitives of the cipher. We copy every variable used more than once and check if the copies are equal. A Boolean $\mathtt{flag}$ is used to express the error detection ($\mathtt{flag}$ obtains the value 0 when an error is detected). With this principle, any fault injected during an operation only affects one copy and is detected before using the copies. The following Algorithm 2 presents the copies and the checks on the operation ${\mu }_2$ of the FRIET-P round and shows the overcost of this solution in comparison with the classical FRIET-P presented in Algorithm 3.

Algorithm 2 Protected ${\mu }_2$ operation of the FRIET-P round.

Require: Four 128-bit words $a,b,c$ and d Ensure: Four 128-bit words $a^{\prime },b^{\prime },c^{\prime }$ and $d^{\prime }$ computed by the protected ${\mu }_2$ operation   $c_0\leftarrow c$   $c_1\leftarrow c$   $c_2\leftarrow c$   $\mathtt{flag}\leftarrow \mathtt{flag} \& (c_0==c_1) \& (c_0==c_2)$   $a^{\prime }\leftarrow a\oplus (c_0⋘80)$   $b^{\prime }\leftarrow b\oplus (c_1⋘80)$   $c^{\prime }\leftarrow c_2$   $d^{\prime }\leftarrow d$  return($a^{\prime },b^{\prime },c^{\prime },d^{\prime }$)

Algorithm 3 Classical ${\mu }_2$ operation of the FRIET-P round.

Require: Four 128-bit words $a,b,c$ and d Ensure: Four 128-bit words $a^{\prime },b^{\prime },c^{\prime }$ and $d^{\prime }$ computed by the original ${\mu }_2$ operation   $a^{\prime }\leftarrow a\oplus (c⋘80)$   $b^{\prime }\leftarrow b\oplus (c⋘80)$   $c^{\prime }\leftarrow c$   $d^{\prime }\leftarrow d$  return($a^{\prime },b^{\prime },c^{\prime },d^{\prime }$)

The overcost of the countermeasure lies on the three copies of the value c and the comparison of these three copies. This solution is used in the rest of the paper to avoid undetected fault injection.

4. Code Abiding on LED

In this section, we present a generic method to apply code-abiding countermeasures to word-oriented block ciphers and illustrate this technique on LED cipher [12]. Word-oriented ciphers are often implemented with tables (S-boxes for the substitution layer and multiplicative tables for the diffusion layer) and with XOR operation on words in the same column. We then need to consider error detection codes at word, column, and state levels.

The basic code is defined at word level and is simply extended to the column and state level. Indeed, the columns and the state are only a concatenation of the words. Thus, if we have a code $\mathcal{C}$ of parameters $[n,k,d]$ at word level, the concatenation of l word is a code ${\mathcal{C}}^{\prime }$ of parameters $[ln,lk,d]$ at column level.

The principle of code abiding protection is to apply permutation on different codes. Thus, we have two cases if we apply always permutation to the full state, and then, either we are in the code and stay in the code or we are not in the code and stay outside the code. Since we target only one fault injection, we can at most change one set, and, due to our construction, any single fault injection forces us to change from a word of the code to a word outside the code. The last property is obtained thanks to bitslice representation and check of non-modification when we use the same variable in a different place. (Note that we can hope for security, and fault detection, for multiple random fault with high probability, thanks to parallelism we use). We next present, in more details, the adaptation made for each operation.

4.1. State Modification

Let S be the 64-bit state of the unprotected LED cipher. In order to detect fault, we need to add a redundant part. In our case, we select the 5-bit parity check code. Thus, we need to add a parity bit for each 4-bit nibble of the state. Indeed, if we denote $S_i$ the $i^{th}$ bit of S, we have: $S_{64+i}=S_{4\times i}\oplus S_{4\times i+1}\oplus S_{4\times i+2}\oplus S_{4\times i+3}$, where $S_{4\times i},S_{4\times i+1},S_{4\times i+2},S_{4\times i+3}$ are the bits of the nibble i. Eventually, we have a 80-bit state composed of 64 data bits and 16 parity bits.

In the Section 2, we presented the bitslice version of LED. This is the version that is used in this work, and we thus have to add the parity property by adding 16 registers. The Figure 5 illustrates this step within blue for a register of the machine, in red the data bits of a state, and in pink the parity bits of the red state. The code abiding notion is more bit-oriented than word-oriented, and then the bitslice approach allows us to use the code abiding notion on a classical word-oriented cipher.

These transformation functions are summarized in the following Algorithms 4 and 5.

Algorithm 4 State S transformed into its bitslice version.

Require: State S Ensure: State S in its bitslice version  for j in range(64) do      $S{j}_i\leftarrow S{i}_j$  return S

Algorithm 5 Parity bits added to the bitslice state S.

Require: Bitslice state S Ensure: State S with parity bits  for i in range(16) do      $S_{64+i}\leftarrow S_{4\times i}\oplus S_{4\times i+1}\oplus S_{4\times i+2}\oplus S_{4\times i+3}$  returnS

4.2. Key and Constant

We assume that the key and the constant are stored in an encoded manner.

We copy the key and the constant at the beginning of the computation and use the copy for the all computation at the end, and we check that the copy used stayed unchanged. Thus, any charge in the key during the encryption is detected. Since the attacker can only inject one fault, modification of the key is detected. An adversary that modifies the key may inject fault at each key addition. However, by using copy and checking at the end and thanks to the absence of key schedule in LED-64, the attacker cannot use this method for multiple fault injection.

The only method should be to modify the stored key. However, LED is known for resistance against related key attacks and, thus, no exploitable information can be obtained by the attacker.

If a fault is injected on the key, the XOR operation with the state propagates the error on the state until the parity check of the state.

4.3. AddConstant

We calculate the constant presented in Section 2. This constant is a 64-bit value that we transform into 80 n-bits values (bitslice + parity transformations) that are computed to the state using XOR operation. If n encryptions are performed in parallel, the constant must fit the n-bit length of the registers, and then the 80 bits have to be duplicated n times. This is illustrated in Algorithm 6 ($\mathtt{0}\mathtt{xFF}..\mathtt{FF}$ is composed by $\frac{n}{4}\mathtt{F}$).

Algorithm 6 Constant c bitsliced and duplicated.

Require: 64-bit constant c Ensure: 80 n-bit (with duplication of the bit) constants $c_i$ with parity and bitslice transformations.  for i in range(64) do      $c_i\leftarrow \left((c⋙(63-i))1\right)\times \mathtt{0}\mathtt{xFF}..\mathtt{FF}$  return$c_i$

If a fault is injected on the constant, the error is propagated on the state until the check parity function.

4.4. ShiftRows

This function is the same operation as the former $\mathtt{ShiftRows}$ operation. The parity bits are shifted among the nibble from which they have been computed. The bit $S_{64+i}$ is shifted $\frac{i}{4}$ bits to the left. This is illustrated in Figure 6.

During this operation, a fault can be injected on the state and stays on it until its detection. Moreover, as the state is only shifted, its value remains the same, then a fault injected before the operation is propagated on the output.

4.5. SubCells

The substitute operation brings confusion and non-linearity to encryption. It is then a critical function of the block cipher construction. The extension from the code $\mathcal{C}$ to the code ${\mathcal{C}}^{\prime }$ requires us to represent the 4-bit S-box by a 5-bit S-box, and this projection brings a choice of the 5-bit S-box.

We present, in Section 5, a way to construct the protected S-box. Here, we present the results on the $\mathtt{PRESENT}$ S-box represented by the Table 3. However, we use an alternative form of the S-box composed only by logical gates, the algebraic normal form. This form gives five equations, where $x_i$ is the $i^{th}$ bit of the input and $y_i$ the $i^{th}$ bit of the output ($x_0..x_3$ are the data bits and $x_4$ is the parity bit).

$$\begin{array}{c}{y}_0=x_3{x}_2{x}_1\oplus x_3{x}_2{x}_0\oplus x_3{x}_1{x}_0\oplus x_3\oplus x_2{x}_1\oplus x_2\oplus x_0\oplus 1\hfill \\ y_1=x_3{x}_2{x}_0\oplus x_3{x}_2\oplus x_3{x}_1{x}_0\oplus x_3{x}_0\oplus x_2{x}_0\oplus x_1\oplus x_0\oplus 1\hfill \\ y_2=x_3{x}_2{x}_1\oplus x_3{x}_2{x}_0\oplus x_3{x}_1{x}_0\oplus x_2{x}_0\oplus x_2\oplus x_1{x}_0\oplus x_0\hfill \\ y_3=x_4{x}_3{x}_2{x}_1{x}_0\oplus x_4{x}_3{x}_1{x}_0\oplus x_3{x}_2{x}_1{x}_0\oplus x_3{x}_1{x}_0\oplus x_3\oplus x_2{x}_1\oplus x_1\oplus x_0\hfill \\ y_4=x_4{x}_3{x}_2{x}_1{x}_0\oplus x_4{x}_3{x}_1{x}_0\oplus x_4\oplus x_3{x}_2{x}_1{x}_0\oplus x_3{x}_2{x}_0\oplus x_3{x}_2\oplus x_3{x}_0\oplus x_3\oplus x_2\oplus x_1{x}_0\oplus x_1\oplus x_0\hfill \end{array}$$

This function is presented in Algorithm 7. We can denote the copies of the values used more than once to avoid error compensation presented in Section 3, and as the bit $x_4$ is used only in the last two equations, this bit is copied only twice. Indeed, the output $S_{4\times i+m}$ only lies on the values $x_{m..}$, and then a fault is injected on a copy only affecting one output, and the parity characteristic allows the error detection.

Algorithm 7 $\mathtt{SubCells}$ function.

Require: State $S,i,\mathtt{flag}$ Ensure: State S after the $\mathtt{SubCells}$ operation and the flag detection $\mathtt{flag}$  for j in range(5) do      $x_{j0}\leftarrow S_{4\times i+0}$      $x_{j1}\leftarrow S_{4\times i+1}$      $x_{j2}\leftarrow S_{4\times i+2}$      $x_{j3}\leftarrow S_{4\times i+3}$      if $j>2$ then           $x_{j4}\leftarrow S_{4+i}$  for j in range(5) do      $\mathtt{flag}\leftarrow \mathtt{flag} \& (x_{0j}==x_{1j}) \& (x_{0j}==x_{2j}) \& (x_{0j}==x_{3j}) \& (x_{0j}==x_{4j})$   $S_{4\times i+0}\leftarrow x_{03}{x}_{02}{x}_{01}\oplus x_{03}{x}_{02}{x}_{00}\oplus x_{03}{x}_{01}{x}_{00}\oplus x_{03}\oplus x_{02}{x}_{01}\oplus x_{02}\oplus x_{00}\oplus 1$   $S_{4\times i+1}\leftarrow x_{13}{x}_{12}{x}_{10}\oplus x_{13}{x}_{12}\oplus x_{13}{x}_{11}{x}_{10}\oplus x_{13}{x}_{10}\oplus x_{12}{x}_{10}\oplus x_{11}\oplus x_{10}\oplus 1$   $S_{4\times i+2}\leftarrow x_{23}{x}_{22}{x}_{21}\oplus x_{23}{x}_{22}{x}_{20}\oplus x_{23}{x}_{21}{x}_{20}\oplus x_{22}{x}_{20}\oplus x_{22}\oplus x_{21}{x}_{20}\oplus x_{20}$   $S_{\times i+3}\leftarrow x_{34}{x}_{33}{x}_{32}{x}_{31}{x}_{30}\oplus x_{34}{x}_{33}{x}_{31}{x}_{30}\oplus x_{33}{x}_{32}{x}_{31}{x}_{30}\oplus x_{33}{x}_{31}{x}_{30}\oplus x_{33}\oplus x_{32}{x}_{31}\oplus x_{31}\oplus x_{30}$   $S_{64+i}\leftarrow x_{44}{x}_{43}{x}_{42}{x}_{41}{x}_{40}\oplus x_{44}{x}_{43}{x}_{41}{x}_{40}\oplus x_{44}\oplus x_{43}{x}_{42}{x}_{41}{x}_{40}\oplus x_{43}{x}_{42}{x}_{40}\oplus x_{43}{x}_{42}\oplus x_{43}{x}_{40}\oplus x_{43}\oplus x_{42}\oplus x_{41}{x}_{40}\oplus x_{41}\oplus x_{40}$

If a fault is injected before or during the function, and the separation of the codes in the S-box representation keeps the word out of the code $\mathcal{C}$, and the fault is propagated into the space.

4.6. MixColumnsSerial

This operation is composed by the four post-multiplications with the matrix A (see Section 2). The state is decomposed into four columns of four 5-bit nibbles each. These nibbles are the 4-bit data and the parity bit associated. In our operation, only a multiplication by two is used (a multiplication by four is just two multiplications by two). The Algorithm 8 show the multiplication by two operation. This operation is a shift of the bits and a XOR with the LSB of the data word on the second bit of the nibble. The computation on the parity bit is thus only a XOR with this LSB.

Algorithm 8 Multiplication by 2.

Require: Nibble $nibble$ Ensure: Nibble $nibble$× 2  function $\mathtt{mc}\mathtt{2}$($nibble$)      $ni{b}_{30}\leftarrow nibble\left[3\right]$      $ni{b}_{31}\leftarrow nibble\left[3\right]$      $ni{b}_{32}\leftarrow nibble\left[3\right]$           $\mathtt{flag}\leftarrow \mathtt{flag} \& (ni{b}_{30}==ni{b}_{31}) \& (ni{b}_{30}==ni{b}_{32})$           $nibble\left[0\right]$, $nibble\left[1\right]$, $nibble\left[2\right]$, $nibble\left[3\right]$, $nibble\left[4\right]\leftarrow ni{b}_{30}$, $nibble\left[0\right]\oplus ni{b}_{31}$, $nibble\left[1\right]$, $nibble\left[2\right]$, $nibble\left[4\right]\oplus ni{b}_{32}$

The Algorithm 9 presents the state divided into columns and the multiplication with the matrix A. Same as in the $\mathtt{SubCells}$ function, we create a copy of each element used more than once to avoid a future error compensation.

With the same observations than the previous operations, if a fault is injected before or during the $\mathtt{MixColumnsSerial}$ operation, this error is propagated through the operation on the state.

All the LED functions are converted into code abiding functions to keep the parity characteristic of the state and to allow the fault injection detection. The next section focuses on the 5-bit representation of a 4-bit S-box.

Algorithm 9 $\mathtt{MixColumnsSerial}$ function.

Require: Column $col$ composed by five 4-bit nibbles Ensure: Column $col$ composed by five 4-bit nibbles after post-multiply with the matrix M  function $\mathtt{MixSingleColumn}$($col$)      $nibble\left[0\right]\leftarrow \left[col\right[0],col[1],col[2],col[3],col[16\left]\right]$      $nibble\left[1\right]\leftarrow \left[col\right[4],col[5],col[6],col[7],col[17\left]\right]$      $nibble\left[2\right]\leftarrow \left[col\right[8],col[9],col[10],col[11],col[18\left]\right]$      $nibble\left[3\right]\leftarrow \left[col\right[12],col[13],col[14],col[15],col[19\left]\right]$     for i in range(4) do          $nibble\left[0\right]$, $nibble\left[1\right]$, $nibble\left[2\right]$, $nibble\left[3\right]\leftarrow nibble\left[1\right]$, $nibble\left[2\right]$, $nibble\left[3\right]$, $\mathtt{mc}\mathtt{2}\left(\mathtt{mc}\mathtt{2}\right(nibble\left[0\right]\left)\right)\oplus nibble\left[1\right]\oplus \mathtt{mc}\mathtt{2}\left(nibble\right[2\left]\right)\oplus \mathtt{mc}\mathtt{2}\left(nibble\right[3\left]\right)$      Require: State $RS$ Ensure: State $RS$ after the $\mathtt{MixColumnsSerial}$ operation  function$\mathtt{MixColumnsSerial}$($RS$)      $col0=\left[RS\right[0],RS[1],RS[2],RS[3],RS[16],RS[17],RS[18],RS[19],RS[32],RS[33],$      $RS\left[34\right],RS\left[35\right],RS\left[48\right],RS\left[49\right],RS\left[50\right],RS\left[51\right],RS\left[64\right],RS\left[68\right],RS\left[72\right],RS\left[76\right]]$      $col1=\left[RS\right[4],RS[5],RS[6],RS[7],RS[20],RS[21],RS[22],RS[23],RS[36],RS[37],$      $RS\left[38\right],RS\left[39\right],RS\left[52\right],RS\left[53\right],RS\left[54\right],RS\left[55\right],RS\left[65\right],RS\left[69\right],RS\left[73\right],RS\left[77\right]]$      $col2=\left[RS\right[8],RS[9],RS[10],RS[11],RS[24],RS[25],RS[26],RS[27],RS[40],RS[41],$      $RS\left[42\right],RS\left[43\right],RS\left[56\right],RS\left[57\right],RS\left[58\right],RS\left[59\right],RS\left[66\right],RS\left[70\right],RS\left[74\right],RS\left[78\right]]$      $col3=\left[RS\right[12],RS[13],RS[14],RS[15],RS[28],RS[29],RS[30],RS[31],RS[44],RS[45],$      $RS\left[46\right],RS\left[47\right],RS\left[60\right],RS\left[61\right],RS\left[62\right],RS\left[63\right],RS\left[67\right],RS\left[71\right],RS\left[75\right],RS\left[79\right]]$           $\mathtt{MixSingleColumn}\left(col0\right)$      $\mathtt{MixSingleColumn}\left(col1\right)$      $\mathtt{MixSingleColumn}\left(col2\right)$      $\mathtt{MixSingleColumn}\left(col3\right)$

5. 5-Bit Representation of a 4-Bit S-Box

In the protected version of LED, the $\mathtt{SubCells}$ function uses a 5-bit representation of the $\mathtt{PRESENT}$ S-box. This section presents how to create a 5-bit representation from a 4-bit permutation and which representation is the best in terms of cost optimization.

In the last section, the $\mathtt{SubCells}$ function requires a representation on 5 bits of the 4-bit $\mathtt{PRESENT}$. The former 4-bit S-box must remain the same with the parity bit added at the end of the words. Indeed, the 5-bit representation is already half filled with the words with an even parity (see

Table 2. 5-bit S-box derived from $\mathtt{PRESENT}$ to fill.

x	$\mathtt{00}$	$\mathtt{01}$	$\mathtt{02}$	$\mathtt{03}$	$\mathtt{04}$	$\mathtt{05}$	$\mathtt{06}$	$\mathtt{07}$	$\mathtt{08}$	$\mathtt{09}$	$\mathtt{0}\mathtt{A}$	$\mathtt{0}\mathtt{B}$	$\mathtt{0}\mathtt{C}$	$\mathtt{0}\mathtt{D}$	$\mathtt{0}\mathtt{E}$	$\mathtt{0}\mathtt{F}$
$S_x^{\prime }$	$\mathtt{18}$	⋯	⋯	$\mathtt{0}\mathtt{A}$	⋯	$\mathtt{0}\mathtt{C}$	$\mathtt{17}$	⋯	⋯	$\mathtt{12}$	$\mathtt{00}$	⋯	$\mathtt{14}$	⋯	⋯	$\mathtt{1}\mathtt{B}$
x	$\mathtt{10}$	$\mathtt{11}$	$\mathtt{12}$	$\mathtt{13}$	$\mathtt{14}$	$\mathtt{15}$	$\mathtt{16}$	$\mathtt{17}$	$\mathtt{18}$	$\mathtt{19}$	$\mathtt{1}\mathtt{A}$	$\mathtt{1}\mathtt{B}$	$\mathtt{1}\mathtt{C}$	$\mathtt{1}\mathtt{D}$	$\mathtt{1}\mathtt{E}$	$\mathtt{1}\mathtt{F}$
$S_x^{\prime }$	⋯	$\mathtt{06}$	$\mathtt{1}\mathtt{D}$	⋯	$\mathtt{1}\mathtt{E}$	⋯	⋯	$\mathtt{11}$	$\mathtt{09}$	⋯	⋯	$\mathtt{0}\mathtt{F}$	⋯	$\mathtt{03}$	$\mathtt{05}$	⋯

). Then, we have ${16}^{16}$ candidates to represent a 4-bit S-box. We must find a way to compare one candidate from another.

Only the S-boxes that correspond to permutations are considered (each output has one and only one related input). Indeed, the parity code used is the 5-bit parity code $\mathcal{C}=[5,4,2]$, but, as we want to consider this code at the state level, the resulting code ${\mathcal{C}}^{\prime }=[80,64,2]$ is selected. ${\mathcal{C}}^{\prime }$ is only a concatenation of 16 codes $\mathcal{C}$. This concatenation brings the constrains of the permutations on the S-boxes.

5.1. Score Function

To compare the candidates, a score to the S-boxes must be attributed and the best score among the candidates is selected. In this work, a focus on the implementation cost is realized. Then, the score of a candidate is the number of logic gates needed to construct the S-box. The algebraic normal form (ANF) of the S-box is used to count the number of AND and XOR gates. With the score function presented in Algorithm 10, the best representation on 5 bits is the S-box with the lowest number of logical gates. The next subsection is the application of the score function to every representation on 5 bits of a 4-bit S-box.

Algorithm 10 Score of a S-box S.

Require: S-box S Ensure:Score of S (number of logical gates in the ANF)  function$\mathtt{score}$(S)      $anf\leftarrow \mathtt{ANF}\left(S\right)$      return $\mathtt{count}\left(\right)+\mathtt{count}(\wedge )$

5.2. Exhaustive List

To fill the 5-bit S-box, a candidate must be selected among all the $16!$ permutations. The obvious way to choose the best S-box is to score every candidate and to keep the one with the lowest score. This process is summarized in Algorithm 11 and is the most precise way to find the lowest score. Indeed, we would have the score of each function and then select the best one according to the criteria of implementation cost. However, it requires us to browse all of the $16!$ permutations, and this can be a very long task. A new solution based on the construction of the 5-bit representation can be as efficient and very easier to achieve.

Algorithm 11 Selection of the S-box with the lowest number of gates.

Require: List of all the 5-bit permutations derived from a 4-bit S-box ${\mathtt{Permutation}}_{\mathtt{LIST}}$ Ensure: Permutation with the lowest score and its score  function$\mathtt{score}\_\mathtt{selection}$(${\mathtt{Permutation}}_{\mathtt{LIST}}$)      $\mathtt{low}\_\mathtt{score}\leftarrow 1000$      for $S\in {\mathtt{Permutation}}_{\mathtt{LIST}}$ do           $s\leftarrow \mathtt{score}\left(S\right)$           if $s<\mathtt{low}\_\mathtt{score}$ then               $\mathtt{low}\_\mathtt{score}\leftarrow s$               $\mathtt{selected}\leftarrow S$      return $\mathtt{low}\_\mathtt{score},\mathtt{selected}$

5.3. Construction

A new selection method is introduced with a construction approach instead of an exhaustive approach. In this paragraph, an even word denotes a word that verifies the parity characteristic, and an odd word is one which does not. Every even word is only 1 bit away from an odd word. The LSB is used to separate an even from an odd word ($\mathtt{0}\mathtt{x}\mathtt{18}$ and $\mathtt{0}\mathtt{x}\mathtt{19}$ are only 1 bit away from each other, and this bit is the LSB). Each even input is substituted by an even output, and each odd input is substituted by an odd output. The 5-bit S-box is constructed with the following rule: an odd input is substituted by the odd word 1-bit away from the even output linked to the even input 1-bit away from the odd input. Indeed, each even pair of input/output have a 1-bit away odd pair of input/output. This construction is explained in the Algorithm 12. With this method, the representation of PRESENT is shown in

Table 3. 5-bit code abiding representation constructed from $\mathtt{PRESENT}$.

x	$\mathtt{00}$	$\mathtt{01}$	$\mathtt{02}$	$\mathtt{03}$	$\mathtt{04}$	$\mathtt{05}$	$\mathtt{06}$	$\mathtt{07}$	$\mathtt{08}$	$\mathtt{09}$	$\mathtt{0}\mathtt{A}$	$\mathtt{0}\mathtt{B}$	$\mathtt{0}\mathtt{C}$	$\mathtt{0}\mathtt{D}$	$\mathtt{0}\mathtt{E}$	$\mathtt{0}\mathtt{F}$
$S_x^{\prime }$	$\mathtt{18}$	$\mathtt{19}$	$\mathtt{0}\mathtt{B}$	$\mathtt{0}\mathtt{A}$	$\mathtt{0}\mathtt{D}$	$\mathtt{0}\mathtt{C}$	$\mathtt{17}$	$\mathtt{16}$	$\mathtt{13}$	$\mathtt{12}$	$\mathtt{00}$	$\mathtt{01}$	$\mathtt{14}$	$\mathtt{15}$	$\mathtt{1}\mathtt{A}$	$\mathtt{1}\mathtt{B}$
x	$\mathtt{10}$	$\mathtt{11}$	$\mathtt{12}$	$\mathtt{13}$	$\mathtt{14}$	$\mathtt{15}$	$\mathtt{16}$	$\mathtt{17}$	$\mathtt{18}$	$\mathtt{19}$	$\mathtt{1}\mathtt{A}$	$\mathtt{1}\mathtt{B}$	$\mathtt{1}\mathtt{C}$	$\mathtt{1}\mathtt{D}$	$\mathtt{1}\mathtt{E}$	$\mathtt{1}\mathtt{F}$
$S_x^{\prime }$	$\mathtt{07}$	$\mathtt{06}$	$\mathtt{1}\mathtt{D}$	$\mathtt{1}\mathtt{C}$	$\mathtt{1}\mathtt{E}$	$\mathtt{1}\mathtt{F}$	$\mathtt{10}$	$\mathtt{11}$	$\mathtt{09}$	$\mathtt{08}$	$\mathtt{0}\mathtt{E}$	$\mathtt{0}\mathtt{F}$	$\mathtt{02}$	$\mathtt{03}$	$\mathtt{05}$	$\mathtt{04}$

and consists of 62 logical gates. Several S-Boxes (found with an exhaustive search) with good cryptographic properties were tested, and none has an ANF constructed with less than 94 logical gates (the biggest one was created with 124 logical gates). We now have to test the robustness of the protected cipher.

Algorithm 12 Construction of a code abiding 5-bit representation from a 4-bit S-box.

Require: S-box S half-filled Ensure: S-box S full-filled  for i in range(32) do      if i is odd then           $S\left[i\right]\leftarrow S[i\oplus 1]\oplus 1$

6. Experimental Results

This section presents the various tests done on the protected LED to determine its robustness against fault injection.

6.1. Robustness

To test the robustness of the protected LED cipher, three scenarios are tested. The detection of a fault injected simply sets a variable $\mathtt{flag}$ to 0. During the tests, the fault injection is simulated, so there is no case where a fault does not create an error.

• Scenario 1: A bit of the state is toggled at a random place of the state and at a random moment of the encryption. This bit-flip induces a change on the parity characteristic of the nibble where it belongs. With the code abiding properties of the functions used during the encryption, the error persists until the parity check function and thus is always detected.
• Scenario 2: A bit of the key or of the constant of the $\mathtt{AddConstant}$ function is toggled at a random place and a random round of the encryption. As the XOR operation is a code abiding operation, the fault is transmitted from the constant to the state and persists until the parity check. The error is thus always detected.
• Scenario 3: A fault is injected on data used more than once during a function at a random place and a random round of the encryption. The copies done before the use of the data are then not equal, and the test sets the $\mathtt{flag}$ to 0. The fault is thus always detected.

In all the scenarios, the fault is always detected, and then the code abiding solution is robust against 1-bit fault attack.

In all the scenarios, 1,000,000 faults have been injected, and the countermeasure (combining code abiding property and copies of the elements used more than once) always leads to a fault detection. The code abiding solution is then robust against 1-word fault attack. The results are presented in

Table 4. Robustness results of the secured implementation.

Fault Injections	Scenario 1	Scenario 2	Scenario 3
1,000,000	100% detected	100% detected	100% detected

.

6.2. Overcost of the Countermeasure

Adding the parity scheme to the LED cipher has a cost. Indeed, we convert an encryption algorithm working on 4-bit words to an encryption algorithm working on 5-bit words. Thus, the new round functions have a bigger price than the former ones. Moreover, our n states are 80-bit long instead of 64-bit long (we encrypt n plaintexts in parallel, and in the tests, we fix $n=64$). Thus, our implementation takes a bigger place in the memory and one secure encryption takes longer than an unprotected encryption. We differentiate several implementations: the classical implementation refers to the soft implementation using lookup tables; the bitslice is the bitslice version of LED without any protection; the code abiding implementation is the addition of the parity bit during the encryption; and the code abiding + copies implementation combines the code abiding properties with copies of values used more than once. The cost can be summarized in the

Table 5. Implementation results and cost comparison of the encryptions.

	Ratio Classical	Ratio Bitslice	Ratio Code Abiding
classical	1	-	-
bitslice	1.83	1	-
code abiding	2.04	1.12	1.00
CA + copies	3.28	1.79	1.6

. The compiler used was the GNU GCC Compiler without any optimization. The CPU used is the Intel Core i5 CPU. The results are presented as a ratio to have a better understanding of the overcost of countermeasures from one implementation to another. The results a must be put into perspective as the classical implementation encrypts only one plaintext at the time when the other implementations can encrypt up to 64 plaintexts at the same time (on a 64-bit length machine). The overcost of the code abiding countermeasure is then better than expected. Indeed, in terms of time overcost, a 25% rise was expected (25% more bits are computed) when an only 12% is measured. However, with the copies countermeasure, an overcost of 79% is reached.

Moreover, another comparison on each round function allows us to precisely understand where the countermeasure has the biggest impact (see

Table 6. Implementation results and cost comparison of the round functions.

Ratio Classical	Bitslice	CA	CA + Copies
$\mathtt{addConstant}$	6.6	8.6	8.6
$\mathtt{subCells}$	6.0	7.2	9.6
$\mathtt{ShiftRows}$	0.8	0.9	0.9
$\mathtt{mixColumns}$	1.9	2.1	3.6
Ratio Bitslice	CA	CA + Copies
$\mathtt{addConstant}$	1.3	1.3
$\mathtt{subCells}$	1.2	1.6
$\mathtt{ShiftRows}$	1.2	1.2
$\mathtt{mixColumns}$	1.1	1.9
Ratio CA	CA + copies
$\mathtt{addConstant}$	1.0
$\mathtt{subCells}$	1.3
$\mathtt{ShiftRows}$	1.0
$\mathtt{mixColumns}$	1.7

). The heaviest functions from the classical implementation to the other ones are clearly the $\mathtt{subCells}$, as the function does not use any lookup table and the $\mathtt{addConstant}$ as the constant used must be transformed into a bitslice and parity constant. However, as mentioned before, it is more interesting to compare the bitslice versions as they encrypt the same number of plaintexts and are based on the same principles. With these comparisons, the biggest overcost is the $\mathtt{mixColumns}$ function with all the copies brought.

7. Conclusions

The principle used in this work to prevent fault injections is to detect them using an error detecting code, the parity bit code. This code relies on a redundancy of the information contained in a word. The parity bit code used is the 5-bit parity code, with 4 data bits and 1 parity bit. This method allows us to detect a 1-bit fault injection on a value during an operation.

This work lightens an issue induced by an error compensation. Indeed, depending on the operation performed, an error injected on a value can be propagated into several computed outputs and with the parity bit code, and this error may compensate with its multiple occurrences. The first step is then to present the conditions on the fault and on the operation to reach the compensation, and then to propose a countermeasure to this error compensation that lies on copying the values used more than once and check for equality of the copies.

In addition to this first measure, a method is presented to apply code-abiding notion to word-oriented ciphers. An example on the LED cipher shows the transformations of the state and the round functions to include the parity bit code to the operations. A protected version of the existing LED cipher is then created. Its robustness against 1-bit fault injection is tested, and the results validate its security. Moreover, with the bitslice method, the robustness reaches 1-word fault injection detection.

The next step is to extend this method to a generic one to include code abiding to new cryptographic primitives. A critical operation is the S-box used, and the projection of this S-box into a larger space to add the parity bit brings many candidates. A way to differentiate them is to give them a score based on their implementation cost and select the cheapest S-box.

Eventually, future works could focus on applying the code-abiding method to a larger cipher, such as AES, rather than lightweight ciphers, as well as to evaluate the overcost of the countermeasure compared to other error detecting solutions. Moreover, 1-bit error detection has its limitations [14], and a work on multiple faults detection and correction would be interesting.