	US 12,034,831 B2
	Hardware countermeasures against DFA attacks on AES operations
Steven Cooreman, Nittedal (NO)
Assigned to Silicon Laboratories Inc., Austin, TX (US)
Filed by Silicon Laboratories Inc., Austin, TX (US)
Filed on Jun. 21, 2022, as Appl. No. 17/844,817.
Prior Publication US 2023/0412356 A1, Dec. 21, 2023
Int. Cl. H04L 9/00 (2022.01); H04L 9/06 (2006.01)

CPC H04L 9/004 (2013.01) [H04L 9/0631 (2013.01); H04L 2209/12 (2013.01)]

20 Claims

1. A method for detecting a Differential Fault Analysis (DFA) attack when executing an AES algorithm, wherein the AES algorithm requires execution of N rounds, each of a first (N−1) rounds comprising a SubBytes operation, a ShiftRows operation, a MixColumns operation and an adder operation, and wherein a last round comprises the SubBytes operation, the ShiftRows operation and the adder operation, the method comprising:

providing plaintext data to the AES algorithm;

performing a first (N−2) rounds;

saving interim data after completion of the MixColumns operation in the (N−2)^ndround;

performing at least a portion of a (N−1)^stround;

saving results after completion of the MixColumns operation in the (N−1)^stround;

repeating a portion of the AES algorithm using the interim data, using a same circuit as was used to perform the at least a portion of the (N−1)^stround, wherein the portion of the AES algorithm that is repeated comprises all operations starting after the interim data was saved and ending with an operation after which the results were stored;

comparing an output of the repeated portion of the AES algorithm with the saved results; and

flagging an error if the output of the repeated portion of the AES algorithm and the saved results do not match.