Motivations Algebraic Manipulation Detection Codes Steps to break any protections based on single error detecting codes: Select an input, observe y Investigating the code, select e=(ey,ef) so that for the codeword (y, f(y)), also belongs to the code. Inject faults manifested as e Codes that can still provide guaranteed level of protection even if the attacker can control the error as well as the input to the device are called algebraic manipulation codes. Strongest Attacker Model! Any protection based on single error detecting code won’t work! 2018/12/4 1
General Architecture Algebraic Manipulation Detection Codes Talk about attacker capability 2018/12/4 2
Definitions Algebraic Manipulation Detection Codes The codewords of the AMD code are in the format of .. We define the security kernel of the code as … 2018/12/4 3
Worst Case Error Masking Probability Algebraic Manipulation Detection Codes Worst Case Error Masking Probability The error detecting capability of AMD codes can be characterized using Q(y,e) 2018/12/4 4
Algebraic Manipulation Detection Codes Lower Bounds Can you list more classical bounds that can be used to derive dq(2m,M)? 2018/12/4 5
Algebraic Manipulation Detection Codes 2018/12/4 6
Algebraic Manipulation Detection Codes Example 2018/12/4 7
Algebraic Manipulation Detection Codes Example: r=1 2018/12/4 8
Algebraic Manipulation Detection Codes Special Cases When b=1 and y is always distorted, A(x) can be removed When t=1, the code is optimal! Encoding can be based on multivariate Horner Scheme! Close to optimal complexity! 2018/12/4 9
Algebraic Manipulation Detection Codes 2018/12/4 10
Algebraic Manipulation Detection Codes 2018/12/4 11
Algebraic Manipulation Detection Codes Example. Let t = b = 2 and assume r is large enough. Then the resulting code is a (7r; 2r; r) AMD code. At most 8 multipliers and 7 adders in GF(2r) are required for the encoding or the decoding. The critical path of the encoder contains 4 multipliers and 4 adders in GF(2^r).
Encoder Architecture for the (7r; 2r; r) AMD Code