On smart card environment, speed and memory optimization of cryptographic algorithms are an ongoing preoccupation. In addition, there is the necessity to protect the device against various attacks. In this paper we present a fault attack detection scheme for the AES using digest values. They are deduced from the mathematical description of each AES individual transformation. The security of our countermeasure is proved in a realistic fault model. Moreover we show that it can be combined with data masking to thwart efficiently both FA and DPA. Eventually, implementations of our method are presented, showing that it can be an interesting alternative to the traditional doubling countermeasure method.
展开▼
