A Secure Architecture for Modular Division over a Prime Field against Fault Injection Attacks

Abstract

Fault injection attacks pose a serious threat to many cryptographic devices. The security of most cryptographic devices hinges on a key block called modular division (MD) over a prime field. Although a lot of research has been done to implement the MD over a prime field in hardware efficiently, studies on secure architecture against fault injection attack are very few. A few of the studies that focused on secure architecture against fault injection attack can only detect faults but not locate faults. In this regard, this paper designs a novel secure architecture for the MD over a prime field, which can not only detect faults, but also can locate the error processing element. In order to seek the best optimal performance, four word-oriented systolic structures of a main function module (MFM) were designed, and three error detection schemes were developed based on different linear arithmetic codes (LACs). The MFM structures were combined flexibly with the error detection schemes. The time and area overheads of our architecture were analyzed through the implementation in an application-specific integrated circuit (ASIC), while the error detection and location capabilities of our architecture were demonstrated by C++ simulation, in comparison to two existing methods. The results show that our architecture can detect single-bit error (SBE) with 100% accuracy and locate the erroneous processing element (PE), and correctly identify most of the single PE errors and almost all of the multi-PE errors (when there are more than three erroneous PEs). The only weakness of our architecture is the relatively high time and area overhead ratios.

1. Introduction

Currently, there are various important integrated circuit (IC) devices, ranging from pivotal calculators to security-sensitive devices. Many of these IC devices face the risk of fault injection attacks. The consequences of these attacks include sudden failure of the IC and the leak of key secret information [1,2,3,4]. Over the years, many fault injection methods have emerged, namely, heavy ion radiation, electromagnetic interference, and laser exposure, posing an increasingly high threat to IC devices.

In the field of IC security, widespread attention has been paid to the protection against fault injection attacks [5,6,7,8,9,10], resulting in multiple measures to prevent the ICs from being attacked by fault injection. The typical measures include physical protection [11], the hardware/time redundancy (module duplication/re-computation) method [12,13,14,15], and the error detection codes (EDC)-based technique [10,16,17,18,19,20,21,22,23]. Among them, the EDC-based technique achieves the best tradeoff between fault coverage and hardware/time overheads [24]. Recently, Mustafa et al. [25] presented a novel differential fault attack (DFA)-aware floor-planning technique, which mitigates the threat from different fault attacks. The authors confirmed that this technique, involving no algorithm, circuit nature, or protocol, falls into the category of physical protection. Despite being an attractive approach to design secure ICs, the DFA-aware technique is not directly linked to our research, which focuses on the EDC-based technique for fault detection.

Finite field arithmetic has important applications in cryptography and coding theory. One of the most essential and complex operation over a finite field is the modular division/inversion (MD/MI) over a prime field. The secure implementation of this operation preludes the security of related cryptographic devices.

Because of modular division in cryptography, researchers have paid much attention to it. Various algorithms have been presented to compute modular division. They can be classified into three categories: repeated exponentiation, the extended Euclidean algorithm, and the extended binary GCD algorithm. The extended GCD algorithm is most suitable to be implemented in hardware. Many implementation architectures of this algorithm have been presented [26,27,28,29,30,31,32,33]. These works made great contributions to improve hardware implementation performance of modular division, however, they did not guarantee the architectures were reliable when the chip was injected into the fault.

Considering the reliability of finite field arithmetic, researchers have also developed many fault detection schemes [6,10,34,35,36,37,38,39,40]. Some scholars [34,35,36] explored deep into concurrent error detection schemes for division/division over the Galois field GF(2^m). Based on time redundancy, Bayat Sarmadi and Hasan [34] put forward a security scheme for MD over polynomial basis and normal basis finite fields but did not implement the proposed scheme. Mozaffari Kermani and Reyhani Masoleh [35] proposed a fault detection scheme for multiplicative division on GF(2^m) based on parity prediction. Mozaffari Kermani et al. [36] applied a similar technique to ensure the structural reliability of an extended Euclidean algorithm over GF(2^m). The parity prediction scheme is efficient for MD over GF(2^m), but not the best choice for arithmetic operations like MD over a prime field. This is because the parity prediction of arithmetic operations is usually more complicated than logic operations. The complexity leads to large area and time overheads. Compared with parity code, arithmetic codes are efficient in protecting arithmetic operations [37]. Some fault-tolerant schemes have been investigated based on different arithmetic codes [6,10,38,39], yet fail to tackle MD over a prime field.

Focusing on modular division over a prime field, Hu et al. [40] came up with a concurrent error detection scheme based on linear arithmetic code (LAC), and applied it to systolic implementation of MD. As shown in Figure 1, the scheme consists of a main function module (MFM) and an error detection module (EDM). The former is responsible for the MD computation, and the latter for error detection of the MFM, using the LAC. The EDM involves three sub-modules, namely, actual check part generator (ACPG), check part predictor (CPP), and comparator (CMP). Among them, the ACPG accepts the results of each iteration from the MFM, and generates their actual check parts; the CPP predicts the check parts of iterative results; the CMP compares the actual check parts with the predicted ones—if the two parts are consistent in each iteration, then no fault has been injected in the MFM, and the system will continue to run; otherwise, the architecture will issue an alarm about the probability of fault attacks in the MFM. The MD output is regarded as valid, if and only if the actual and predicted check parts of any iteration are equal to each other. On the upside, the scheme in [40] can detect errors accurately with limited area and time overheads. On the downside, this scheme cannot report the detected errors in real-time because it takes the entire n-bit iterative result as the detection cell so that the system cannot output the iterative detection result until the last word of the iteration result is valid. Neither could this scheme locate the detected errors.

Inspired by the concurrent error detection scheme for the MD in [40], this paper proposes a novel MD architecture capable of effectively detecting and locating erroneous processing elements, and applicable to related cryptographic implementations, laying the basis for prevention of natural faults and fault attacks. The contributions of this paper are as follows:

• This paper extends our work in [40] to present a new secure MD architecture that can not only detect, but also locate, the error.
• Twelve combinations of four word-oriented systolic implementations of MFM and three error-detecting schemes with different LAC values were explored to seek the best tradeoff between area, time overheads, and error detection capability. These combinations were modeled using Verilog language and synthesized using Synopsys Design Complier with the TMSC (Taiwan Semiconductor Manufacturing) 90nm CMOS (Complementary metal-oxide-semiconductor) standard cell library. Their functions were also verified using Modelsim.
• Random fault injections were simulated using the C++ program and the simulation result shows that the proposed architecture can detect single-bit error (SBE) with 100% accuracy and locate the erroneous processing element (PE). The detection capability of single-PE error (multiple-bit error is injected into one PE) and multi-PE error vary with the value of LAC. However, it reaches 99.898% when the number of erroneous processing elements is three or more.
• In addition, the proposed architecture can greatly shorten the delay in error reporting.

The remainder of this paper is organized as follows: Section 2 briefly reviews the MD algorithm and the LAC; Section 3 sets up our architecture and describes its algorithm; Section 4 analyzes the error detection and location capabilities of our architecture; Section 5 presents the application-specific integrated circuit (ASIC) implementation results of our architecture, and compares them with those of existing schemes; Section 6 puts forward the conclusions of this research.

2. Preliminaries

2.1. The MD Algorithm

Let X, Y, and M be three integers, where the greatest common divisor GCD(Y, M) = 1. The MD problem aims to find an integer R satisfying RY ≡ X(mod M). Chen and Qin [31] optimized the extended binary GCD algorithm for the MD over a prime field, which requires less iteration than the other existing algorithms. Its equivalent description is shown as Algorithm 1.

Algorithm1 Equivalent Description of Modular division algorithm over prime field in [31]

Input:$X,Y,M\left(M \mathrm{is} \mathrm{a} \mathrm{prime}\right)$, $0\le Y\le M, 0\le X\le M$

Output:$R\left(RY\equiv X mod M\right)$

$1:Initialization$

$2:i=0,{\varnothing }^0=1, {\delta }^0=1$

$3: \left\{A^0,B^0,R^0,S^0\right\}\leftarrow \left\{Y,M,X,0\right\}$

4: // Modular Division Computation

5: $While A^0\ne \mp 1$

6: i = i + 1

7: // Control Element

8: ${\mathsf{\alpha }}^i=\{\begin{array}{ll}0& \mathrm{if} A^{i-1} mod 2=0\\ 1& \mathrm{else} \mathrm{if} \left(A^{i-1}+B^{i-1}\right)mod 4=0\\ -1& \mathrm{else} \mathrm{if} \left(A^{i-1}-B^{i-1}\right)mod 4=0\end{array}$

9: ${ \mathsf{\beta }}^i=\{\begin{array}{ll}0& \mathrm{if} \left(R^{i-1}+{\mathsf{\alpha }}^i{S}^{i-1}\right)mod 2=0 \\ {\varnothing }^{i-1}& otherwise \end{array}$

10: ${\mathsf{\varphi }}^i=\{\begin{array}{ll} {\varnothing }^{i-1}& \mathrm{if} \left(R^{i-1}+{\mathsf{\alpha }}^i{S}^{i-1}\right)mod 2=0 \\ -{\varnothing }^{i-1}& otherwise \end{array}$

11:${ \mathsf{\lambda }}^i=\{\begin{array}{ll}0& \mathrm{if} \left(\mathsf{\alpha }=0\right)or \left({\delta }^{i-1}\le 0\right) \\ 1& otherwise \end{array}$

12: ${ \mathsf{\delta }}^i=\{\begin{array}{l}1+{\mathsf{\delta }}^{i-1} \mathrm{if} \left({\mathsf{\lambda }}^i=0\right) \\ 1-{\mathsf{\delta }}^{i-1} \mathrm{if} \left({\mathsf{\lambda }}^i=1\right) \end{array}$

13: //Compute Iteration Output

14: $\{\begin{array}{l}{A}^i=\left(A^{i-1}+{\alpha }^i{B}^{i-1}\right)/2 \\ B^i=\{\begin{array}{l}{B}^{i-1 } if \left({\lambda }^i=0\right)\\ S^{i-1} if \left({\lambda }^i=1\right)\end{array} \\ R^i=\left(R^{i-1}+{\alpha }^i{S}^{i-1}+{\beta }^{i}M\right)/2 \\ S^i=\{\begin{array}{l}{S}^{i-1 } if \left({\lambda }^i=0\right)\\ R^{i-1} if \left({\lambda }^i=1\right)\end{array} \end{array}$

15: end for

16: end while

17: $\mathrm{if} \left({\mathrm{A}}^i=-1\right) then R^i=-R^i$

18: $R=R^i$

19: Return R

2.2. The Linear Arithmetic Code (LAC)

Definition 1 (LAC).

Let A be an integer, and p be a small odd number (p << A). Then, (A, A mod p) is defined as a LAC word of A, where A mod p, denoted as ${\left|A\right|}_p$, is the check part of the LAC word, and p is the check f actor.

The LAC can be added and multiplied as normal integers:

$${\left|A+B\right|}_p={\left|{\left|A\right|}_p+{\left|B\right|}_p\right|}_p \mathrm{and} {\left|A\times B\right|}_p={\left|{\left|A\right|}_p\times {\left|B\right|}_p\right|}_p$$

In theory, p can be any relatively small prime number. In practice, however, the p value greatly affects the performance of different applications. This paper adjusts the p value for specific MFM structure, provided that it satisfies $p=2^i-1$, where l = 2,3,5 (namely, p = 3,7,31).

3. Proposed Secure Architecture and Its Algorithm Description

This section firstly proposes a secure architecture for the MD, and then shows its algorithm description. The relevant parameters are defined as in

Table 1. Parameter definitions.

Symbol	Description
p	The check factor of the LAC
n	The bit number of modulus M
w	The word size of PE (w∈{ 8, 16,32,64})
e	The number of words in operands $e=\lceil n/w\rceil$
$X^i$	The value of X at the i-th iteration of Algorithm 2
${\mathrm{X}}_k$	The k-th word of X (X can be A, B, R, or S)
$L\left(X_k\right)$	The least significant bit (LSB) of Xk
$L^{*}\left(X_0\right)$	Bits 1 to 0 from X0
$H\left(X_k\right)$	Bits w − 1 to 1 from Xk
Z	The set {A, B, R, S}
$Z_k$	The set {Ak, Bk, Rk, Sk}
$L\left(Z_k\right)$	The set $\left\{L\left(A_0\right),L\left(B_0\right),L\left(R_0\right),L\left(S_0\right)\right\}$
$L^{*}\left(Z_0\right)$	The set $\left\{L^{*}\left(A_0\right),L^{*}\left(B_0\right),L^{*}\left(R_0\right),L^{*}\left(S_0\right)\right\}$
$H\left(Z_k\right)$	The set $\{H\left(A_k\right),H\left(B_k\right),H\left(R_k\right),H\left(S_k\right)$
$X\left|\right|Y$	The concatenation of X and Y
$C{A}_k$	The 1-bit carry-out signal from the computation of the k-th word of A
$C{R}_k$	The 2-bit carry-out signal from the computation of the k-th word of R

below.

As shown in Figure 2, the proposed secure architecture contains two modules, namely, the MFM (marked by green line) and the EDM (marked by red line). The former is employed to compute the MD and the latter to detect the error in MFM. The computing process of the secure architecture is summarized as Algorithm 2. In this algorithm, Lines 4, 18–20 describe the error detection function, which is mapped into EDM of Figure 2, and the left lines describe the word-oriented computing process of MD, which is mapped to MFM.

MFM architecture of Figure 2 is similar with that in [40]. In this architecture, the n-bit operands A, B, R, S are split into e w-bit words, each of which is processed by a PE. A total of e PEs are combined into a systolic array to processes them word by word where $e=\lceil n/w\rceil$. Specifically, the control element (CE) executes the operations in Lines 9–15, producing control variables ($\alpha ,\beta ,\varphi ,\lambda ,\delta$), initial carry-in signals (1-bit CA_-1 and 2-bit CR_-1), and the f signal that controls the initialization in Lines 2–4; the PEk, the physical mapping of the k-th step in Line 17 in for-loop, targets the k-th word of A, B, R, and S. From right to left, a total of e PEs are connected to complete the computation of one iteration (e = 4 in Figure 2). In addition, in MFM, the testing element (TE) module is used to execute the condition judgment operation in Line 6. Finally, the output control element (OCE) executes the operations in Lines 23–24, ensuring that the MD problem outputs parallel results. This paper implements the secure architecture for four types of MFM structures, namely, Type-8, Type-16, Type-32, and Type-64. The number in the name of each type equals w, the word size of PE. Note that, in this paper, we do not show the implementation of MFM; the implementation details of MFM can be found in [40].

Algorithm 2 Proposed word-oriented MD Algorithm with concurrent error detection

Input:$\mathrm{X}={\displaystyle \sum }_{k=0}^{e-1}{X}_k{2}^{kw}, \mathrm{Y}={\displaystyle \sum }_{k=0}^{e-1}{Y}_k{2}^{kw},\mathrm{M}={\displaystyle \sum }_{k=0}^{e-1}{M}_k{2}^{kw}$

Output:$\mathrm{R}\left(\mathrm{RY}\equiv \mathrm{X} \mathrm{mod} \mathrm{M}\right)$

$1:Initialization$

$2:i=0,{\varnothing }^0=1, {\delta }^0=1$

$3: \left\{A^0,B^0,R^0,S^0\right\}\leftarrow \left\{Y,M,X,0\right\}$

$\begin{array}{c}4:\mathrm{for}\{k=0tok<e\}\mathrm{do}\hfill \\ \{{\overline{\underset{\cdot }{A}}}_k^0,{\overline{\underset{\cdot }{B}}}_k^0,{\overline{\underset{\cdot }{R}}}_k^0,{\overline{\underset{\cdot }{S}}}_k^0\}=\{{\left|Y_k\right|}_p,{\left|M_k\right|}_p,{\left|X_k\right|}_p,0\}\hfill \\ \{{\overline{\overline{\underset{\cdot }{A}}}}_k^0,{\overline{\overline{\underset{\cdot }{B}}}}_k^0,{\overline{\overline{\underset{\cdot }{R}}}}_k^0,{\overline{\overline{\underset{\cdot }{S}}}}_k^0\}=\{{\left|Y_k\right|}_p,{\left|M_k\right|}_p,{\left|X_k\right|}_p,0\}\hfill \\ \mathrm{if}\{{\overline{\underset{\cdot }{A}}}_k^0,{\overline{\underset{\cdot }{B}}}_k^0,{\overline{\underset{\cdot }{R}}}_k^0,{\overline{\underset{\cdot }{S}}}_k^0\}=\{{\overline{\overline{\underset{\cdot }{A}}}}_k^0,{\overline{\overline{\underset{\cdot }{B}}}}_k^0,{\overline{\overline{\underset{\cdot }{R}}}}_k^0,{\overline{\overline{\underset{\cdot }{S}}}}_k^0\}\mathrm{then}\mathrm{exit}\hfill \\ \mathrm{end}\mathrm{for}\hfill \end{array}$

$\begin{array}{l}5: //\mathrm{Modular} \mathrm{division} \mathrm{computtion}\\ 6: \mathrm{While} A^i\ne \pm 1 \mathrm{do}\end{array}$

$7: i=i+1$

$8: //\mathrm{Control} \mathrm{Element}$

$9: {\alpha }^i=\{\begin{array}{ll}0& \mathrm{if} L(A_0^{i-1})=0\\ 1& \mathrm{else} \mathrm{if} (L^{*}(A_0^{i-1})+L^{*}(B_0^{i-1}))\mathrm{mod}4=0\\ -1& \mathrm{else} \mathrm{if} (L^{*}(A_0^{i-1})-L^{*}(B_0^{i-1}))\mathrm{mod}4=0\end{array}$

$10: {\beta }^i=\{\begin{array}{ll}0& \mathrm{if} (R_0^{i-1}+\alpha S_0^{i-1})\mathrm{mod} 2=0\\ {\varphi }^{\mathrm{i}-1}& \mathrm{otherwise}\end{array}$

$11: {\varphi }^i=\{\begin{array}{ll}{\varphi }^{\mathrm{i}-1}& \mathrm{if} (R_0^{i-1}+\alpha S_0^{i-1})\mathrm{mod} 2=0\\ -{\varphi }^{\mathrm{i}-1}& \mathrm{otherwise}\end{array}$

$12: {\lambda }^i=\{\begin{array}{l}0 \mathrm{if} (\alpha =0) \mathrm{or} ({\delta }^{\mathrm{i}-1}\le 0)\\ 1 \mathrm{otherwise}\end{array}$

$13: {\delta }^i=\{\begin{array}{l}1+{\delta }^{i-1} \mathrm{if} ({\lambda }^i=0)\\ 1-{\delta }^{i-1} \mathrm{if} ({\lambda }^i=1)\end{array}$

$14: C{A}_{-1}^i=(L(A_0^{i-1})+{\alpha }^{i}L(B_0^{i-1}))/2$

$15:C{R}_{-1}^i=(L(R_0^{i-1})+{\alpha }^{i}L(B_0^{i-1})+{\beta }^{i}L(M_0))/2$

$16: \mathrm{for} \{k = 0 \mathrm{to} k < e \} \mathrm{do}$

$\begin{array}{cc}17:\hfill & //\mathrm{P}{\mathrm{E}}_{\mathrm{k}}\mathrm{Module}\hfill \\ \hfill & \left\{\begin{array}{c}C{A}_k^i∥A_k^i=L\left(A_{k+1}^{i-1}\right)∥H(A_k^{i-1})+{\alpha }^i\left(L\left(B_{k+1}^{i-1}\right)∥H(B_k^{i-1}\right))+C{A}_{{}_{k-1}}^i\hfill \\ B_k^i=\left\{\begin{array}{c}{B}_k^{i-1}\mathrm{if}{\lambda }^i=0\hfill \\ A_k^{i-1}\mathrm{if}{\lambda }^i=1\hfill \end{array}\right.\hfill \\ C{R}_k^i∥R_k^i=L\left(R_{k+1}^{i-1}\right)∥H(R_k^{i-1})+{\alpha }^i\left(L\left(S_{k+1}^{i-1}\right)∥H(S_k^{i-1}\right))+{\beta }^i\left(L\left(M_{k+1}^{}\right)∥H(M_k^{}\right))+C{R}_{{}_{k-1}}^i\hfill \\ S_k^i=\left\{\begin{array}{c}{S}_k^{i-1}\mathrm{if}{\lambda }^i=0\hfill \\ R_k^{i-1}\mathrm{if}{\lambda }^i=1\hfill \end{array}\right.\hfill \end{array}\right.\hfill \end{array}$

$\begin{array}{cc}18:\hfill & //\mathrm{Actual}\mathrm{Check}\mathrm{Part}\mathrm{Generation}(\mathrm{ACP}{\mathrm{G}}_{\mathrm{k}})\mathrm{Module}\hfill \\ \hfill & \left\{\begin{array}{c}{\overline{\underset{\cdot }{A}}}_k^i=|(C{A}_k^i\Vert A_k^i){|}_p\hfill \\ {\overline{\underset{\cdot }{B}}}_k^i=|B_k^i{|}_p\hfill \\ {\overline{\underset{\cdot }{R}}}_k^i=|(C{R}_k^i\Vert R_k^i){|}_p\hfill \\ {\overline{\underset{\cdot }{S}}}_k^i=|S_k^i{|}_p\hfill \end{array}\right.\hfill \end{array}$

$\begin{array}{cc}19:\hfill & //\mathrm{Check}\mathrm{Part}\mathrm{Predictor}(\mathrm{CP}{\mathrm{P}}_{\mathrm{k}})\mathrm{Module}\hfill \\ \hfill & \left\{\begin{array}{c}{\overline{\overline{\underset{\cdot }{A}}}}_k^i={\left||\mathcal{L}\left(A_{k+1}^{i-1}\right)\Vert \mathcal{H}\left(A_k^{i-1}\right){|}_p+{\alpha }^i|\mathcal{L}\left(B_{k+1}^{i-1}\right)\Vert \mathcal{H}\left(B_k^{i-1}\right){|}_p+C{A}_{k-1}^i\right|}_p\hfill \\ {\overline{\overline{\underset{\cdot }{B}}}}_k^i=\left\{\begin{array}{ll}|B_k^{i-1}{|}_p\hfill & if{\lambda }^i=0\\ |A_k^{i-1}{|}_p\hfill & if{\lambda }^i=1\end{array}\right.\hfill \\ {\overline{\overline{\underset{\cdot }{R}}}}_k^i={\left||\mathcal{L}\left(R_{k+1}^{i-1}\right)\Vert \mathcal{H}\left(R_k^{i-1}\right){|}_p+{\alpha }^i|\mathcal{L}\left(S_{k+1}^{i-1}\right)\Vert \mathcal{H}\left(S_k^{i-1}\right){|}_p+{\beta }^i|\mathcal{L}\left(M_{k+1}\right)\Vert \mathcal{H}\left(M_k\right){|}_p+C{R}_{k-1}^i\right|}_p\hfill \\ {\overline{\overline{\underset{\cdot }{S}}}}_k^i=\left\{\begin{array}{ll}|S_k^{i-1}{|}_p\hfill & if{\lambda }^i=0\\ |R_k^{i-1}{|}_p\hfill & if{\lambda }^i=1\end{array}\right.\hfill \end{array}\right.\hfill \end{array}$

$20: \mathrm{if} \{{\overline{\underset{\dot{}}{A}}}_k^i,{\overline{\underset{\dot{}}{B}}}_k^i,{\overline{\underset{\dot{}}{R}}}_k^i,{\overline{\underset{\dot{}}{S}}}_k^i\}\ne \{{\overline{\overline{\underset{\dot{}}{A}}}}_k^i,{\overline{\overline{\underset{\dot{}}{B}}}}_k^i,{\overline{\overline{\underset{\dot{}}{R}}}}_k^i,{\overline{\overline{\underset{\dot{}}{S}}}}_k^i\} \mathrm{then} \mathrm{exit}$

$21: \mathrm{end} \mathrm{for}$

$22: \mathrm{end} \mathrm{while}$

$23: \mathrm{if} A_{}^i=-1 \mathrm{then} R_{}^i=-R_{}^i$

$24: R=R_{}^i$

$25: \mathrm{retrun} R$

The EDM encompasses e sub-ED elements (ED_e−1, ED_e−2, ..., ED₁, ED₀). Each of them detects the errors in a specific PE. Once an error is detected in one of the PEs, the EDM will issue an alarm immediately and terminate the MD process. The structure of ED_k, shown as Figure 3, contains three components: ACPG_k, CPP_k, and CMP_k. Among them, ACPG_k executes the operation of Line 18 to generate the actual check part of $\left\{{\underset{\dot{}}{A}}_k,{\underset{\dot{}}{B}}_k,{\underset{\dot{}}{R}}_k,{\underset{\dot{}}{S}}_k\right\}$. CPP_k executes the operation of Line 19 to predict the check part of $\left\{{\underset{\dot{}}{A}}_k,{\underset{\dot{}}{B}}_k,{\underset{\dot{}}{R}}_k,{\underset{\dot{}}{S}}_k\right\}$. CMP_k compares the actual and predicted check parts. If the two parts are unequal, CMP_k will issue an alarm Ef_k about the high possibility of a fault injection attack on PE_k, and the system will terminate the MD process; otherwise, the MD process will continue. The logic diagrams of ACPG_k and CPP_k are shown as Figure 4 and Figure 5, respectively. Note that our architecture provides an ED to each PE. Hence, the validity of any Ef will lead to an error alarm and the termination of the MD, which overcomes the defect of the EDM in [40]—taking the entire n-bit iterative result as the detection so that the system cannot output the iterative detection result until the last word of the iteration result is valid.

4. Testing and Comparison of Error Detection Capability

4.1. Attacker Model

Since the emergence of fault injection, various attack methods have been created to inject fault into semiconductors [41], which makes it hard to define the fault model. Referring to the relevant literature, this paper puts forward the following common hypotheses on the capability of attackers: (1) Attackers are incapable of directly invading, modifying, or rebuilding the circuit structure, using powerful fault injection techniques like a focused ion beam [42]. It is a most powerful assumption of the capability of attacker. If attackers are capable of rebuilding the circuit, then our secure architecture is not able to resist this attack. However, the attack is high-cost and is hard to carry out in practice. It needs very expensive consumables and a strong technical background [24]. (2) Attackers are incapable of tampering with the clock signal [10]. Although tampering with the clock signal is a viable option for an attacker, it is a common assumption for a secure architecture designer because the designer is usually focused on protecting the data path of the chip but not the clock. (3) Attackers are capable of injecting a fault into either MFM or EDM, but not both at the same time. However, the probability that a fault is injected into MFM and EDM at the same time and escape from a comparison result is very small in practice. (4) Attackers are incapable of controlling the error pattern in the MFM output. It is also a strong assumption of the capability of an attacker, that if an attacker is capable of injecting a fault in MFM and causes an error pattern that our architecture cannot detect, our secure scheme will not work.

4.2. Five Types of Error Models

In this paper, the five types of error models were adopted to verify the error detection capability of our secure architecture.

(1) Single-bit error (SBE): The injected fault causes a one-bit error in the PE output.

(2) Single-PE single-cycle error (SPSCE): The injected fault causes an error in the output of one PE, and the error lasts only one cycle.

(3) Single-PE multi-cycle error (SPMCE): The injected fault causes an error in the output of one PE, and the error lasts multiple cycles in a row.

(4) Multi-PE single-cycle error (MPSCE): The injected fault causes an error in the output of multiple PEs, and the errors last only one cycle.

(5) Same-iteration multi-PE error (SIMPE): The injected fault causes an error in the output of multiple continuous PEs in the same iteration.

The five error models are visualized in Figure 6, where each black rectangle represents a PE stricken by the injected fault, and each black dot represents an erroneous bit in PE output.

4.3. Simulation and Comparison of Error Detection Capabilities

In order to analyze the error detection capability of the proposed systolic MD architecture, we first verified the proposed secure architecture using the C++ program, then simulated fault injection and got the error detection capability of the architecture based on 100,000 testing cases. The testing results were compared with the result of the error detection scheme in [40] in

Table 2. The comparison of error detection capability.

MFM Arch.	Scheme	p	Prob.	Error Model								Error PE Location
				SBE	SPSCE	SPMCE		MPSCE		SIMPE
				One-bit Error	One-PE Error	Two-PE Error	Three-PE Error	Two-PE Error	Three-PE Error	Two-PE Error	Three-PE Error
Type-8	Parity [36]	8bit	P(%)	100	100	100	100	100	100	100	100	×
	Style-I [40]	28 − 1	P(%)	100	99.895	100	100	100	100	100	100	×
	Style-II (Ours)	3	P(%)	100	85.432	97.878	99.691	97.878	99.691	97.878	99.691	√
		7	P(%)	100	95.227	99.772	99.898	99.772	99.898	99.772	99.898	√
		31	P(%)	100	99.012	99.990	100	99.990	100	99.990	100	√
Type-16	Parity [36]	8bit	P(%)	100	100	100	100	100	100	100	100	×
	Style-I [40]	216 − 1	P(%)	100	100	100	100	100	100	100	100	×
	Style-II (Ours)	3	P(%)	100	85.595	97.925	99.701	97.925	99.701	97.925	99.701	√
		7	P(%)	100	95.293	99.778	99.990	99.778	99.990	99.778	99.990	√
		31	P(%)	100	99.097	99.992	100	99.992	100	99.992	100	√
Type-32	Parity [36]	8bit	P(%)	100	100	100	100	100	100	100	100	×
	Style-I [40]	232 − 1	P(%)	100	100	100	100	100	100	100	100	×
	Style-II (Ours)	3	P(%)	100	85.597	97.925	99.701	97.925	99.701	97.925	99.701	√
		7	P(%)	100	95.294	99.778	99.990	99.778	99.990	99.778	99.990	√
		31	P(%)	100	99.097	99.992	100	99.992	100	99.992	100	√
Type-64	Parity [36]	8bit	P(%)	100	100	100	100	100	100	100	100	×
	Style-I [40]	264 − 1	P(%)	100	100	100	100	100	100	100	100	×
	Style-II (Ours)	3	P(%)	100	85.598	97.925	99.701	97.925	99.701	97.925	99.701	√
		7	P(%)	100	95.295	99.779	99.990	99.779	99.990	99.779	99.990	√
		31	P(%)	100	99.098	99.992	100	99.992	100	99.992	100	√

. In addition, we also applied Mozaffari Kermani’s multi-column parity prediction scheme to our MFM, and using the same way, investigated its error detection capability. Here, we need to clarify a fact—in this paper we borrowed Mozaffari Kermani’s multi-column parity prediction idea and applied it to MD over a prime field, but in [36], Mozaffari Kermani applied it to MD over GF(2^m). The MD operations over a prime field and GF(2^m) are different, thus the cost of error detection is different.

For a simplified description, we used Parity, Style-I, and Style-II to represent the error detection scheme in [36,40], and in this paper.

Table 2 shows simulation results of all three schemes. As shown in Table 2, for the SBE model, all three methods detected 100% of the errors. For the other error models, Style-II exhibited a poorer error detection capability than Style-I and Parity, due to its extremely small p value. However, Style-II architectures with p = 7 and p = 31 were similar to Style-I and Parity in error detection performance. When there were three or more erroneous PEs, Style-II could detect 99.898% or more errors, slightly behind that of Style-I and Parity. Despite the lag in detection ability, Style-II has an advantage over the two contrastive methods—once an error was detected in a PE, the erroneous PE could be located 100%.

Table 2 also shows that the error detection capability of Style-I varied with the MFM structures—the longer the word size of the PE in the MFM, the better the error detection capability. By contrast, Style-II’s error detection capability changed only slightly with the MFM structures. For Style-II, the error detection capability increases with the check factor p, under the same MFM structure.

5. Analysis on Time and Area Overheads

This section mainly presents the time and area overheads of our architecture (Style-II) with three different check factors (p = 3, 7, and 31) under each MFM structure. In order to get time and area overheads, we first modeled the proposed architecture using Verilog, then verified using Modelsim, and finally synthesized the circuit by Synopsys Design Vision with TSMC 90nm CMOS standard cell library. For comparison, Style-I and Parity methods were also modeled and synthesized under the same conditions. The synthesized results are given in

Table 3. Comparison of time and area overheads.

MFM Types	Scheme	p	Operand Size (bit)	f (MHZ)	Total Area (K gate)	Extra Overhead		Extra Overhead Ratio		Error-Reporting Delay (ns)
						Extra Cycles	Area (K gate)	Time (%)	Area (%)
Type-8	Parity [36]	8bit	128	909	61.06	3	29.96	30.82	96.33	11.00
			256		131.16		59.68	30.11	83.50	19.80
			512		308.49		119.12	29.76	62.90	37.40
			1024		799.28		237.99	29.59	42.40	72.60
	Style-I [40]	28 − 1	128	1220	48.84	2	17.74	1.09	57.06	8.50
			256		105.70		24.22	0.54	47.88	15.30
			512		257.57		68.20	0.27	36.01	28.90
			1024		697.53		136.25	0.13	24.27	56.10
	Style-II (Ours)	3	128	1111	50.89	2	19.79	6.65	63.64	1.80
			256	1052	108.84		37.33	12.17	52.23	1.90
			512	1041	264.33		74.96	13.14	39.59	1.92
			1024	1020	705.71		150.94	15.40	27.21	1.96
		7	128	1136	63.69	2	32.59	18.50	104.80	2.00
			256	980	136.67		65.19	20.43	91.20	2.04
			512	980	319.20		129.83	20.22	68.56	2.04
			1024	952	814.37		258.60	23.64	46.80	2.10
		31	128	800	83.732	2	52.632	48.13	169.24	2.50
			256	800	175.26		104.78	47.59	148.68	2.50
			512	769	396.64		205.27	53.22	108.40	2.60
			1024	769	970.66		415.89	53.08	74.97	2.60
Type-16	Parity [36]	16bit	128	769	59.35	3	32.44	49.39	120.53	7.80
			256		122.37		64.78	58.55	112.48	13.00
			512		266.26		129.48	48.14	94.73	23.40
			1024		619.91		258.88	47.93	71.71	44.20
	Style-I [40]	216 − 1	128	1136	45.06	2	18.15	0.73	67.45	5.28
			256		97.73		36.14	0.37	62.76	8.80
			512		207.40		70.72	0.18	51.75	15.84
			1024		502.41		141.38	0.09	39.16	29.92
	Style-II (Ours)	3	128	909	42.22	2	16.33	25.94	63.09	2.20
			256	833	89.89		32.69	36.87	57.15	2.40
			512	833	202.20		65.38	36.62	47.85	2.40
			1024	833	493.96		130.77	36.49	36.01	2.40
		7	128	833	54.89	2	29.06	37.39	112.49	2.40
			256	800	115.27		58.12	42.57	101.72	2.50
			512	800	252.85		116.25	42.31	85.11	2.50
			1024	800	593.55		279.32	47.86	64.41	2.60
		31	128	714	60.86	2	35.02	60.28	135.59	2.80
			256	714	127.32		70.18	59.68	122.81	2.80
			512	689	276.33		129.73	65.08	102.30	2.90
			1024	689	640.35		279.32	64.92	77.37	2.90
Type-32	Parity [36]	32bit	128	690	59.79	3	35.13	46.65	142.44	5.80
			256		114.76		64.27	45.82	122.90	8.70
			512		237.73		123.88	45.41	108.81	14.50
			1024		517.68		246.09	45.20	89.91	26.10
	Style-I [40]	232 − 1	128	1000	34.11	2	9.45	0.76	38.31	4.00
			256		71.15		19.67	0.38	38.21	6.00
			512		151.91		38.05	0.19	33.43	10.00
			1024		346.06		74.47	0.09	26.96	18.00
	Style-II (Ours)	3	128	800	41.95	2	17.51	25.95	71.62	2.50
			256	740	82.24		30.82	35.51	59.94	2.70
			512	714	175.16		61.30	40.26	53.85	2.80
			1024	714	395.10		122.51	40.13	44.94	2.80
		7	128	667	45.40	2	21.01	51.14	86.13	3.00
			256	667	93.43		42.02	50.57	81.75	3.00
			512	645	197.89		83.05	55.29	72.94	3.10
			1024	645	440.67		167.95	55.14	61.59	3.10
		31	128	625	51.40	2	27.01	61.22	110.71	3.20
			256	625	100.38		48.97	60.60	95.28	3.20
			512	606	211.34		97.50	65.31	85.64	3.30
			1024	606	467.46		194.89	65.15	71.50	3.30
Type-64	Parity [36]	64bit	128	625	55.64	3	31.81	47.13	133.46	3.20
			256		111.73		63.07	46.28	129.62	6.40
			512		228.41		125.61	45.87	122.18	9.60
			1024		478.77		250.68	45.66	109.90	16.00
	Style-I [40]	264 − 1	128	909	34.03	2	10.19	0.77	42.78	2.20
			256		61.25		12.59	0.38	25.89	4.40
			512		120.81		18.01	0.19	17.52	6.60
			1024		256.96		28.87	0.09	12.66	11.00
	Style-II (Ours)	3	128	800	39.48	2	15.64	14.51	65.66	2.50
			256	800	79.65		30.99	14.09	63.70	2.50
			512	740	163.94		61.14	22.96	59.47	2.70
			1024	740	360.40		122.31	22.84	53.63	2.70
		7	128	645	43.36	2	19.51	41.99	81.79	3.10
			256	645	87.30		39.01	41.44	80.73	3.10
			512	645	181.10		75.99	45.73	73.70	3.20
			1024	645	385.02		153.23	45.59	66.90	3.20
		31	128	555	45.90	2	18.51	64.89	92.45	3.60
			256	555	93.68		45.37	64.26	93.92	3.60
			512	540	191.73		88.62	68.50	85.95	3.70
			1024	540	402.41		173.36	68.34	75.69	3.70

, where time (area) overhead ratio refers to the quotient between extra time (area) overhead and MFM time (area).

Firstly, as shown in Table 3, the time and area overhead ratios of Style-II always surpassed those of Style-I, whichever the check factor, but they were lower than those of Parity at p = 3 or 7. For example, when the MFM structure belonged to Type-8, the mean time and area overhead ratios of Style-I were 0.51% and 41.31%, respectively; those of Style-II with p = 3 were 11.86% and 45.67%, respectively; those of Style-II with p = 7 were 20.70% and 77.84%, respectively; those of Parity were 30.07% and 72.23%, respectively; those of Style-II with p = 31 were 49.64% and 123.22%.

Secondly, we noticed that, when the p value was fixed, the time overhead ratio increased with the operand size n, the area overhead ratio decreased with the growth in n, and the product of time and area overhead ratios decreased with n. For example, for Style-II with p = 7, the mean time and area overhead ratios were 18.50% and 104.80%, respectively, when n = 128, and 23.64% and 46.80%, respectively, when n = 1024. Judging by only time and area overheads, Style-II’s performance is negatively correlated with p-value. However, considering overall performance including time overheads, area overheads, and error detection capability, Style-II with p = 7 should be a better choice compared with Style-II with p = 3 or 31.

Thirdly, under the fixed p-value, Style-II’s performance varied with the MFM structures. The larger the word size of the PE in the MFM, the greater the time and area overhead ratios. For example, when Style-II with p = 3 was applied to Type-8 MFM, the mean time and area overhead ratios were 11.86% and 45.67%, respectively; when it was applied to Type-16 MFM, the two ratios were 33.98% and 51.02%, respectively. Hence, Style-II works better in error detection of short-word systolic implementation of the MFM. On the contrary, Style-I is more suitable for error detection of long-word systolic implementation of the MFM. In both methods, the time and area overheads are negatively correlated with the operand size n. In other words, the two methods are more efficient for large integer MD problems.

Finally, Style-II showed a much shorter delay in error reporting than Style-I and Parity. The delay of Style-II increased with w and p, but remained basically constant when the MFM structure was stable and the operand size varied. Overall, Style-II with p = 7 and Type-8 MFM strikes a good balance between time overheads, area overheads, and error detection capability.

6. Conclusions

This paper extends the work in [40] to put forward a new LAC-based secure architecture for the MD over a prime field against fault injection attacks. Instead of taking the long n-bit iteration result as a detection cell, this paper takes the short w-bit word as the detection cell to implement the function of locating the erroneous processing element. In this paper, four word-based MFM systolic structures with different word sizes and three error detection schemes with different values of linear arithmetic code were explored to seek an optimal tradeoff between different performance indexes. These combination architectures were modeled using Verilog and synthesized by Synopsys Design Vision with the TSMC 90nm CMOS standard cell library to get time and area overheads. The error detection and location capability of proposed architectures were also investigated using the C++ simulation method. The same methods were also used to test the performance of the architectures based on the Style-I scheme and the Parity scheme. The simulation results show that the proposed architecture with p = 7 and Type-8 MFM strikes a good balance between time overheads, area overheads, and error detection capability. Despite having greater area overheads than Style-I, the architecture enjoys unique advantages in the location of the error processing element and timely error reporting. The research results help to find and locate fault attacks quickly. However, the large time and area overheads of this architecture maybe limited its application; we need to optimize its implementation in future research to expand its application range.