Cipher Key Secret, cryptographic key that is used by the Key Expansion routine to generate a set of Round Keys; can be pictured as a rectangular array of bytes, having four rows and Nk columns.

Plaintext Data input to the Cipher or output from the Inverse Cipher.

Ciphertext Data output from the Cipher or input to the Inverse Cipher.

Rijndael Cryptographic algorithm specified in this Advanced Encryption Standard (AES).

for more details about the AES standard, please refer to AES home page.

Method 1: hardware redundancy-based solution. performing a test decryption immediately after the encryption and then checking whether the original data block is obtained, or perform another encryption using additional redundant hardware, and check whether they are equal.

This method can detect all the faults.

Method 2: Error detecting codes (EDCs). associating one parity bit with each byte element of the state matrix S , for a total of 16 parity bits. These parity bits can be arranged as a 4X4 parity matrix, the bit elements of which are in one-to-one correspondence to the byte elements of the state matrix S . Each parity bit is computed so that the parity of the data byte and the associated parity bit will be even. To implement this coding scheme, it is necessary to develop, for each round transformation, a method for predicting the output parity, given the input state and the input parity.

This method can detect all the faults of odd order, and can detect most of the faults of even order.

for more details about this EDC method, please refer to the article:
G. Bertoni, L. Breveglieri, I. Koren, P. Maistri and V.
Piuri,
"Error Analysis and Detection Procedures for a Hardware
Implementation of the Advanced Encryption Standard," (pdf file),* IEEE Trans. on
Computers,* April 2003.

SubBytes (or Sbox). The Sbox is usually implemented as a 256X8 bits memory, consisting of a data storage section and an address decoding circuit. The incoming data bytes will normally have properly generated even parity bits. To generate the outgoing parity bits, an even parity bit can be stored with each data byte in the Sbox memory, which will now be of size 256X9 bits.

ShiftRows. The prediction of the output parity bits is straightforward: It is simply a rotated version of the input parity bits following the same rule.

MixColumns. The prediction of the output parity bits of MixColumns is the most mathematically complex one. The detailed solution is described in Appendix A of the paper. The final set of equations for predicting the parity bits are, however, quite simple.

AddRoundKey. The prediction of the output parity bits is almost straightforward: It consists of adding the input parity matrix associated with the data block to the parity matrix associated with the current round key.

The complete prediction scheme for one round is obtained by cascading the prediction schemes of the four round transformations. To check the parity bits and generate a parity error flag, we need a set of byte parity generators and comparators which will compare the predicted parity bits to the generated parity bits.

On the scheduling of the parity checks. Assuming that the rounds are computed sequentially, we adopt the following policy: Perform a single check at the end of the last round. The detection latency is the highest and only one parity checker is needed.

Encryption:

Input your plaintext in the plaintext in Hex text box. and then click the Encryption button to get the encrypted cipher text in the ciphertext in Hex text box. Also, you will get the intermediate results for round # you specified in the "Round #" box.

Decryption:

Input your cipher text in the ciphertext in Hex text box. and then click the Decryption button to get the decrypted plain text in the plaintext in Hex text box. Also, you will get the intermediate results for round # you specified in the "Round #" box.

Reset:

Reset the contents of all input boxes.

Inject Fault:

Inject faults at the current position. You must inject faults before you show fault detection results.

Show Fault Detection for Encryption:

After injecting faults, then click the "Show Fault Detection for Encryption" button, the result of fault detection will be given in the last five text boxes. and also, the intermediate results will be updated according to the Round # you selected.

Show Fault Detection for Decryption:

After injecting faults, then click the "Show Fault Detection for Decryption" button, the result of fault detection will be given in the last five text boxes. and also, the intermediate results will be updated according to the Round # you selected.

Yongkui Han

Many thanks to Fritz Schneider. the implementation of AES algorithm is based on his implementation of AES algorithm.

- Last Modified: