# Feeding Two Cats with One Bowl: On Designing a Fault and Side-Channel Resistant Software Encoding Scheme (Extended Version) 

Jakub Breier ${ }^{1}$ and Xiaolu Hou ${ }^{2}$<br>${ }^{1}$ Physical Analysis and Cryptographic Engineering Temasek Laboratories at Nanyang Technological University, Singapore<br>${ }^{2}$ Divison of Mathematical Sciences<br>Nanyang Technological University, Singapore<br>jbreier@ntu.edu.sg, ho0001lu@e.ntu.edu.sg


#### Abstract

When it comes to side-channel countermeasures, software encoding schemes are becoming popular and provide a good level of security for generalpurpose microcontrollers. However, these schemes are not designed to be fault resistant, and this property is discussed very rarely. Therefore, implementers have to pile up two different countermeasures in order to protect the algorithm against these two popular classes of attacks. In our paper, we discuss the fault resistance properties of encoding schemes in general. We define theoretical bounds that clearly show the possibilities and limitations of encoding-based countermeasures, together with trade-offs between side-channel and fault resistance. Moreover, we simulate several codes with respect to most popular fault models, using a general-purpose microcontroller assembly implementation. Our algorithm shows how to implement fault resistance to an encoding scheme that currently has the best side-channel resistant capabilities. As a result, we are able to design a code by using automated methods, that can provide the optimal trade-off between side-channel and fault resistance.


Keywords: software encoding schemes, side-channel attacks, fault attacks, countermeasures

## 1 Introduction

When it comes to small, constrained devices, such as the ones designed for Internet of Things applications, they are usually easy to access and do not contain comprehensive security measures to protect them. Therefore, even though a strong cryptography is used to protect the communication, hardware attacks pose a serious threat. Side-channel and fault attacks are among the most popular means to breach the device security. When designing a cryptographic implementation, it is necessary to consider countermeasures against these attacks.

There are two main countermeasure classes to protect implementations against side channel attacks. Masking [8] is a software-level countermeasure which tries to "mask"
the relationship between the intermediate values and power leakage. Hiding [18] tries to reduce the signal and increase noise by utilizing various techniques - it "hides" the operations performed by the device. While masking can make fault attacks more challenging, it does not help to prevent them. On the other hand, some hiding techniques, such as dual-rail precharge logic (DPL), help in preventing fault attacks by detecting faults [16].

In 2011, DPL was extended to software by Hoogvorst et al. [9], by using balanced encoding schemes. Since then, there were several other proposals [13, 5, 17, 12], all of them using various coding techniques to prevent side-channel leakage. However, it was shown, that unlike hardware DPL representation, its software counterpart is not fault resistant by default [2]. Therefore, to prevent both attack techniques, it is necessary to design the coding scheme from the beginning with this goal in mind.

In this paper, we introduce a theoretical background necessary for designing software hiding countermeasures that are resistant to both side-channel and fault attacks. We provide an algorithm for constructing such codes and ranking them according to required properties. We select optimal codes for various code distances and number of codewords, and evaluate them - by using detection and correction probabilities and by simulating them in a faulty environment. This simulation is done by using a generalpurpose microcontroller implementation and an instruction set simulator that is capable of injecting different fault models into any instruction of the code. Our results show that the codes generated by our algorithm provide a high security level with respect to both side-channel and fault attacks.

The rest of the paper is organized as follows. Section 2 provides an overview of the related work in this field, together with necessary background on coding theory. Section 3 defines the properties of codes with respect to fault attacks. Section 4 details our algorithm, and provides estimated and simulated results on chosen codes. These results are further discussed in Section 5. Finally, Section 6 concludes this paper and provides a motivation for further work.

## 2 General Background

In this section we provide a necessary background on software encoding-based sidechannel countermeasures and on coding theory necessary for developing a combined countermeasure. Subsection 2.1 overviews the related work in the field. Subsection 2.2 provides basic definitions that are used later in this paper.

### 2.1 Related Work

After the paper by Hoogvorst et al. [9] presented a method to extend the DPL to software implementations, several works were published in the area of software hiding schemes.

Rauzy et al. [13] developed a scheme that encodes the data by using bit-slicing, where only one bit of information is processed at a time. They claim this kind of protection is 250 times more resistant to power analysis attacks compared to the unprotected implementation, while being 3 times slower. For testing, they used PRESENT cipher, running on an 8 -bit microcontroller.

Chen et al. [5] proposed an encoding scheme that adds a complementary bit to each bit of the processed data, resulting in a constant Hamming weight code. Their countermeasure was implemented on a Prince cipher, using an 8-bit microcontroller.

Servant et al. [17] introduced a constant weight implementation for AES, by using a (3,6)-code. To improve the performance, they split 8-bit variables into two 4 bit words and encode them separately. This implementation was also capable of detecting faults with $93.75 \%$ probability. Their implementation used a 16 -bit microcontroller.

Maghrebi et al. [12] proposed an encoding scheme that differs from the previous proposals. For their case, they did not assume the Hamming weight leakage model for register bits, therefore they concluded that balanced codes might not be the optimal ones to use. In their method, they first obtain the profile of a device to get a vector of register bit leakages. Then they estimate leakage values for each codeword and build a code by using codewords with the lowest leakage. Their algorithm selects the optimal code by ranking the codes based on the difference in power consumption between the codewords and on the power consumption variance. Our algorithm extends this idea by adding the variance of register bits in order to achieve better leakage characteristics and by adding conditions for error detection and correction.

In general, none of the previous schemes have been designed for fault resistance. Schemes proposed in [13,5] have been analyzed with respect to fault attacks by Breier et al. [2], concluding that without additional modifications to assembly code, the probability of a successful fault attack is non-negligible. Therefore, to improve the current state-of-the-art, we focus on designing fault tolerant and side-channel resistant coding schemes.

When it comes to combined countermeasures, in [15], Schneider et al. proposed a hardware countermeasure based on combining threshold implementation with linear codes. As stated in the paper, their proposal is not considered for software targets. In the execution process, there are multiple checking steps that protect the implementation against faults. However, in software, it would be easy to overcome such checks by multiple fault injections [19]. Also, it would be possible to inject faults that are impossible with hardware implementations, such as instruction skips [3].

Our contributions in this work are:

- We define theoretical bounds for encoding schemes with respect to fault attacks that are necessary to take into account when designing a fault resistant scheme.
- We show how to design a code that is capable of protecting the implementation against side-channel and fault attacks and we show trade-offs between these two resistances.
- We improve the ranking algorithm proposed in [12] (current state-of-the-art) for constructing side-channel resistant codes with better properties - by ranking the codes according to the codeword with the highest leakage, and by calculating the register bit variance. Furthermore, we add the conditions for selecting the codes with the desired error detection/correction capabilities in an automated way.
- We analyze the codes constructed by our algorithm - we calculate leakages, fault detection and correction probabilities, and we simulate the assembly code implementing the codes on a general-purpose microcontroller.


### 2.2 Coding Theory Background

A binary code, denoted by $C$, is a subset of the $n$-dimensional vector space over $\mathbb{F}_{2}-\mathbb{F}_{2}^{n}$, where $n$ is called the length of the code $C$. Each element $\boldsymbol{c} \in C$ is called a codeword in $C$ and each element $\boldsymbol{x} \in \mathbb{F}_{2}^{n}$ is called a word $[10, \mathrm{p} .6]$. Take two codewords $\boldsymbol{c}, \boldsymbol{c}^{\prime} \in C$, the Hamming distance between $\boldsymbol{c}$ and $\boldsymbol{c}^{\prime}$, denoted by dis $\left(\boldsymbol{c}, \boldsymbol{c}^{\prime}\right)$, is defined to be the number of places at which $\boldsymbol{c}$ and $\boldsymbol{c}^{\prime}$ differ [10, p.9]. More precisely, if $\boldsymbol{c}=c_{1} c_{2} \ldots c_{n}$ and $\boldsymbol{c}^{\prime}=c_{1}^{\prime} c_{2}^{\prime} \ldots c_{n}^{\prime}$, then

$$
\operatorname{dis}\left(\boldsymbol{c}, \boldsymbol{c}^{\prime}\right)=\sum_{i=1}^{n} \operatorname{dis}\left(c_{i}, c_{i}^{\prime}\right)
$$

where $c_{i}$ and $c_{i}^{\prime}$ are treated as binary words of length 1 and hence

$$
\operatorname{dis}\left(c_{i}, c_{i}^{\prime}\right)= \begin{cases}1 & \text { if } c_{i} \neq c_{i}^{\prime} \\ 0 & \text { if } c_{i}=c_{i}^{\prime}\end{cases}
$$

Furthermore, for a binary code $C$, the (minimum) distance of $C$, denoted by dis ( $C$ ), is [10, p.11]

$$
\operatorname{dis}(C)=\min \left\{\operatorname{dis}\left(\boldsymbol{c}, \boldsymbol{c}^{\prime}\right): \boldsymbol{c}, \boldsymbol{c}^{\prime} \in \mathcal{C}, \boldsymbol{c} \neq \boldsymbol{c}^{\prime}\right\} .
$$

Definition 1. [6, p.75] For a binary code $C$ of length $n$, dis $(C)=d$, let $M=|C|$ denote the number of codewords in $C$. Then $C$ is called an ( $n, M, d)$-binary code.

This minimum distance of a binary code is closely related to the error-detection and error-correction capabilities of $C$.

Definition 2. [10, p.12] Let $u$ be a positive integer. $C$ is said to be $u$-error-detecting if, whenever there is at least one but at most $u$ errors that occur in a codeword in $C$, the resulting word is not in $C$.

From the definition, it is easy to prove that $C$ is $u$-error-detecting if and only if dis $(C) \geq$ $u+1$ [10, p.12]. A common decoding method that is used is nearest neighbor decoding, which decodes a word $\boldsymbol{x} \in \mathbb{F}_{2}^{n}$ to the codeword $\boldsymbol{c}_{\boldsymbol{x}}$ such that

$$
\begin{equation*}
\operatorname{dis}\left(\boldsymbol{x}, \boldsymbol{c}_{\boldsymbol{x}}\right)=\min _{\boldsymbol{c} \in \mathrm{C}} \operatorname{dis}(\boldsymbol{x}, \boldsymbol{c}) . \tag{1}
\end{equation*}
$$

When there are more codewords $\boldsymbol{c}_{\boldsymbol{x}}$ satisfies (1), the incomplete decoding rule requires a retransmission [10, p.10].

Definition 3. [10, p.13] Let $v$ be a positive integer. $C$ is $v$-error-correcting if minimum distance decoding with incomplete decoding rule is applied, $v$ or fewer errors can be corrected.

Remark 1. $C$ is $v$-error correcting if and only if dis $(C) \geq 2 v+1$ [10, p.13].
Definition 4. [7] An ( $n, M, d$ )-binary code $C$ is called an equidistant code if $\forall \boldsymbol{c}, \boldsymbol{c}^{\prime} \in$ $C, \operatorname{dis}\left(\boldsymbol{c}, \boldsymbol{c}^{\prime}\right)=\operatorname{dis}(C)$.

For our purpose, we will use binary code for protecting the underlying implementation.
We propose two choices of lookup tables:

1. Correction Table: This table will treat a word $\boldsymbol{x} \in \mathbb{F}_{2}^{n}$ the same as the codeword $\boldsymbol{c}_{\boldsymbol{x}} \in C$ which satisfies dis $\left(\boldsymbol{c}_{\boldsymbol{x}}, \boldsymbol{x}\right) \leq\left\lfloor\frac{d-1}{2}\right\rfloor$, where $d$ is the distance of $C$. Note that this is equivalent to using bounded distance decoding [11, p.36] and taking the bounded distance to be $\left\lfloor\frac{d-1}{2}\right\rfloor$. To use this table we require that dis $(C) \geq 3$.
2. Detection Table: This is a normal lookup table that returns a null value when $\boldsymbol{x} \notin C$ is accessed.

We will give a theoretical criterion to measure the bit flip fault resistant capability of a binary code when it is used as an encoding countermeasure against fault injection attacks in Section 3. Afterwards we propose three coding schemes. The encoding scheme will be simulated (and implemented) and evaluated in Section 4.

Let $m$ be a positive integer such that $1 \leq m \leq n$, where $n$ is the code length.
Definition 5. An m-bit fault is a fault injected in the codeword that flips exactly m bits. We assume each bit has equal probability to be flipped.

Definition 6. When the fault is analyzed, we adopt the following terminologies:

- Corrected: fault is detected and corrected.
- Null: fault is detected and results into zero output.
- Invalid: fault is detected and results into an output that is not a codeword.
- Valid: fault is not detected and fault injection is successful, i.e. it results in the output of a valid but incorrect codeword.


## 3 Theoretical Analysis

In this section we will first give the theoretical analysis for the fault resistant capabilities of binary code in general. Then we propose two different coding schemes and analyze their fault resistant probabilities.

### 3.1 Correction Table

Definition 7. For an ( $n, M, d$ )-binary code $C$ such that $d \geq 3$, let

$$
F_{\boldsymbol{c}, m}:=\left\{\boldsymbol{x} \in \mathbb{F}_{2}^{n}: \operatorname{dis}(\boldsymbol{c}, \boldsymbol{x})=m \text { and } \exists \boldsymbol{c}^{\prime} \in \mathcal{C} \text { such that } \operatorname{dis}\left(\boldsymbol{x}, \boldsymbol{c}^{\prime}\right) \leq\left\lfloor\frac{d-1}{2}\right\rfloor\right\} .
$$

Then

$$
p_{m,(e)}:= \begin{cases}1 & m \leq\left\lfloor\frac{d-1}{2}\right\rfloor  \tag{2}\\ 1-\frac{1}{M\left(_{m}^{n}\right)} \sum_{\boldsymbol{c} \in C}\left|F_{\boldsymbol{c}, m}\right| & m>\left\lfloor\frac{d-1}{2}\right\rfloor\end{cases}
$$

is called the $m$-bit fault resistance probability with error correction for $C$.
As mentioned earlier, when a Correction Table is used, it is equivalent to using bounded distance decoding. When $m \leq\left\lfloor\frac{d-1}{2}\right\rfloor$ bits are flipped, by Remark 1, the error will be corrected and hence $p_{m,(e)}=1$. When $m>\left\lfloor\frac{d-1}{2}\right\rfloor$ bits are flipped, the fault will be
valid if the resulting word is at distance at most $\left\lfloor\frac{d-1}{2}\right\rfloor$ from any codeword. Thus by Definition $6,1-p_{m,(e)}$ gives the theoretical probability of a Valid fault and the bigger $p_{m,(e)}$ is, the more resistant the binary code to $m$-bit fault. Furthermore, when $m=1$, the fault will be corrected and most of the cases are expected to return Corrected.

Another interesting fault model is random fault, i.e. assuming there is an equal probability for $m$-bits fault to occur $\forall 1 \leq m \leq n$. Taking this into account, we define

Definition 8. For an $(n, M, d)$-binary code $C$ such that $d \geq 3$, let $p_{m,(e)}$ be its $m$-bit fault resistance probability with error for $1 \leq m \leq n$, then

$$
p_{\mathrm{rand},(e)}:=\sum_{m=1}^{n} \frac{1}{n} p_{m,(e)}
$$

is called the overall resistance index with error correction for $C$.
As suggested by the name, the bigger $p_{\text {rand,(e) }}$ is, the more resistant the code $C$ is to random faults.

### 3.2 Detection Table

Now we consider Detection Table.
Definition 9. For an ( $n, M, d$ )-binary code $C$ such that $d \geq 2$, let

$$
S_{m}:=\sum_{\boldsymbol{c} \in C}\left|\left\{\boldsymbol{c}^{\prime} \in C: \operatorname{dis}\left(\boldsymbol{c}^{\prime}, \boldsymbol{c}\right)=m\right\}\right| .
$$

Then

$$
\begin{equation*}
p_{m}:=1-\frac{S_{m}}{M\binom{n}{m}} \tag{3}
\end{equation*}
$$

is called the $m$-bit fault resistance probability for $C$.
When an $m$-bit fault is injected in the codeword, if the resulting word is not a codeword then the value will be set to Null. The only case when the fault is valid is when after $m$ bits are flipped, the resulting word is still a codeword. Thus by Definition 6, $1-p_{m}$ gives the theoretical probability of a Valid fault. Hence the bigger $p_{m}$ is, the better the binary code is $m$-fault resistant.

Remark 2. When $m \leq d$, no codeword is at distance $m$ from each other and hence $p_{m}=1$.

Note that if $S_{n}=M$, i.e. for each codeword $\boldsymbol{c} \in C$, there exists a $\boldsymbol{c}^{\prime} \in C$ such that $\operatorname{dis}\left(\boldsymbol{c}, \boldsymbol{c}^{\prime}\right)=n$, then we have

$$
p_{n}=1-\frac{M}{M\binom{n}{n}}=1-1=0 .
$$

That means, for this code, $n$-bit fault will always be injected successfully. In view of this, we exclude these kind of codes from our selection (see Algorithm 1). In practice, $n$
and $M$ are fixed known values, from equation (3), to get bigger $p_{m}$ the goal of choosing the code $C$ is to make $S_{m}$ small. There are several ways of achieving this depending on the preference of the user:

1. For small values of $m$, make $p_{m}=0$ : choose code with a bigger minimum distance $d$, then $p_{m}$ will be 1 for more values of $m$. Of course, there is a limit for the minimum distance that can be achieved (see Table 1). This particular scheme will be discussed in Section 3.3, where it is called Detection Scheme.
2. A certain $m_{0}$-bit fault resistance is desired: choose code such that $S_{m_{0}}=0$.
3. Sacrificing one $m_{0}$-bit fault resistance to achieve $m$-bit fault resistance for all other values of $m \neq m_{0}$ : this is is possible by using equidistant codes. That is, take code such that $\left|S_{m_{0}}\right|=M$. This particular scheme will be discussed in Section 3.3, where it is called Equidistant Detection Scheme.
4. Making all $p_{m}$ almost equally large: choose $C$ such that $S_{m}$ are similar for all $m>d$. Note that

$$
\sum_{m=d+1}^{n} S_{m}=2 M
$$

is always true.
Similar to last subsection, considering random fault, we define
Definition 10. For an ( $n, M, d$ )-binary code $C$ such that $d \geq 2$, let $p_{m}$ be its $m$-bit fault resistance probability for $1 \leq m \leq n$, then

$$
p_{\text {rand }}:=\sum_{m=1}^{n} \frac{1}{n} p_{m}
$$

is called the overall resistance index for $C$.
Note that the bigger $p_{\text {rand }}$ is, the more resistant the code $C$ is to random faults.
Lemma 1. For an $(n, M, d)$-binary code $C$, if it is equidistant, then

$$
p_{m}=\left\{\begin{array}{ll}
1 & m \neq d \\
1-\frac{M-1}{\binom{n}{d}} & m=d
\end{array}, \quad \text { and } \quad p_{\mathrm{rand}}=1-\frac{M-1}{\binom{n}{d} n} .\right.
$$

### 3.3 Coding Schemes

Here we propose two different coding schemes:

1. Detection Scheme: using binary code which has minimum distance at least 2.
2. Correction Scheme: using binary code which has minimum distance at least 3 with error correction enabled lookup table.

Furthermore, as will be seen from the rest of this paper, equidistant codes have different behaviors than codes that are not equidistant. Hence when equidistant codes are used, we emphasize the usage by referring to the schemes as "Equidistant detection scheme" and "Equidistant correction scheme" respectively.

We will analyze the $m$-bit fault resistant probability (with error) as well as overall resistance index (with error) for each of them using ( $n, M, d$ ) binary codes for $n=$
$8,9,10$ and $M=4,16$. We chose $M=4$ because it is easy to analyze and explain, and $M=16$ because it can encode one nibble of the data, therefore it is usable in a practical scenario. To illustrate the usage of the schemes we refer the reader to Appendix B for calculations of the probabilities for some specific codes as examples.

Firstly, we discuss the possible values of the minimum distance $d$. As is well known in coding theory, fixing the length of the code $n$ and minimum distance $d, M$ is upper bounded by certain value. This upper bound is tight for small values $n$ and $d$ and still open for a lot of other values [6, p.247]. In particular, for $n=8,9,10$ and different values of $d$ we know the exact possible values of $M$. In return, the possible values of $d$ are known when $n, M$ are fixed. In Table 1 we list the possible minimum distances that can be achieved for $n=8,9,10$ and $M=4$ or 16 . Note that the values are taken from [6, p.247,248] and [4].

Table 1: Possible ( $n, M, d$ )-binary codes for $n=8,9,10, M=16$ and $n=8, M=4$.

| $n$ | $M$ | $d$ |
| :---: | :---: | :---: |
| 8 | 4 | $2,3,4,5$ |
| 8 | 16 | $2,3,4$ |
| 9 | 16 | $2,3,4$ |
| 10 | 16 | $2,3,4$ |

For equidistant binary code, we have the following constraint on $d$ :
Lemma 2. Let $C$ be an $(n, M, d)$ equidistant binary code such that $M \geq 3$, then $d$ is even.

Proof. Recall the Hamming weight of a word $\boldsymbol{x} \in \mathbb{F}_{2}^{n}$, denoted by $\mathrm{wt}(\boldsymbol{x})$ is defined to be the number of nonzero coordinates in $\boldsymbol{x}$ [10, p.46]. And we have the following relation (see [10, Corollary 4.3.4 and Lemma 4.3.5])

$$
w t(\boldsymbol{x})+w t(\boldsymbol{y}) \equiv \operatorname{dis}(\boldsymbol{x}, \boldsymbol{y}) \bmod 2
$$

Take an $(n, M, d)$ equidistant binary code $C$ and any three distinct codewords $\boldsymbol{x}, \boldsymbol{y}, \boldsymbol{z} \in \mathcal{C}$, we have

$$
\operatorname{dis}(\boldsymbol{x}, \boldsymbol{y})+\operatorname{dis}(\boldsymbol{y}, z)+\operatorname{dis}(z, \boldsymbol{x}) \equiv 2 w t(\boldsymbol{x})+2 w t(\boldsymbol{y})+2 w t(z) \equiv 0 \bmod 2 .
$$

Hence, $d$ cannot be odd.
Furthermore we have $M \leq n+1[7]$. Thus we will only consider $(8,4,2)$ and $(8,4,4)$ equidistant binary codes. The fact that such codes exist can be derived from [7].

## 4 Evaluation Methodology and Results

In this section, we will utilize the findings stated in Section 3 to build the codes with the optimal side-channel and fault detection properties. First, we construct an algorithm that finds the codes based on searching criteria in Section 4.1. Then we show properties of
the codes that were produced by the algorithm in Section 4.2. To verify our theoretical results, we simulate fault injections into these codes, by using the fault simulator which will be explained in Section 4.3. Finally, we present and discuss the simulation results in Section 4.4.

### 4.1 Code Generation and Ranking Algorithm

When it comes to device leakage, it normally depends on the processed intermediate values. In [12], they proposed the first encoding scheme that assumed a stochastic leakage model over the Hamming weight model. In such model, leakage is formulated as follows:

$$
\begin{equation*}
T(x)=L(x)+\epsilon, \tag{4}
\end{equation*}
$$

where $L$ is the leakage function mapping the deterministic intermediate value $(x)$ processed in the register to its side-channel leakage, and $\epsilon$ is the (assumed) mean-free Gaussian noise. For 8-bit microcontroller case, we can specify this function as $L(x)=$ $\alpha_{0}+\alpha_{1} x_{1}+\ldots . \alpha_{8} x_{8}$, where $x_{i}$ is the $i$-th bit of the intermediate value, and $\alpha_{i}$ is the $i$-th bit weight leakage for specific register [14] The $\alpha_{i}$ values can be obtained by using the following equation:

$$
\begin{equation*}
\alpha=\left(\mathbf{A}^{T} \mathbf{A}\right)^{-1} \mathbf{A}^{T} \mathbf{T}, \tag{5}
\end{equation*}
$$

where $\mathbf{A}$ is a matrix of intermediate values and $\mathbf{T}$ is a set of traces. After the device profiling which obtains the $\alpha$, we can use our ranking algorithm for selecting the optimal code (Algorithm 1). Note that one can still use the Hamming weight model - for that case, $\alpha$ has to be defined as unity. In the following, we will explain how the algorithm works.

First, the inputs have to be specified - length $(n)$, number of the codewords $(M)$, minimum distance $(d)$ and leakages of the register bits $\left(\alpha_{i}\right)$. Depending on these values, the algorithm analyzes every possible set of $M$ codewords that can be a potential code candidate. Lines 2-3 iterate over every combination of two codewords. Lines 4-6 test if the minimum distance condition is fulfilled. Then, lines 7-10 check, whether for each codeword there exists another codeword which is at distance $n$ from it - if yes, we skip this set. This condition is necessary in order to get a code resistant against $n$-bit flip (we will detail such case in Section 5). Lines 11-13 compute the 3 values that are used in order to calculate the values for the whole code in the later phase: estimated power consumption for the codeword, stored in table $A$, estimated variance for bit leakages in the codeword, stored in table $B$, and the highest bit leakage value, stored in table $C$. Next, the codeword value is stored in the index table $I$.

Lines 14-16 use the values from tables $A, B, C$ to compute the register leakage variance ( $\mu_{S[x]}$ denotes the mean leakage for a word $S[x]$ ), highest variance for bit leakages within registers, and value of the highest bit leakage within registers for the set $S$. These values are stored in tables $D, E, F$, respectively, and are used in the final evaluation.

The final evaluation is the last phase of the algorithm. First, it takes a subset of $D$ with the best register leakage variance ( $\mu_{S}$ denotes the mean leakage for codewords in $S$ ). It narrows this subset to candidate codes with the lowest value of the highest bit leakage according to set $E$. From these, it chooses the code with the lowest bit leakage variance using table $F$.

```
Algorithm 1: Ranking algorithm that chooses the code with the optimal leakage
properties.
    Input : \(n\) : the codeword bit-length, \(M\) : number of codewords, \(d\) : minimum distance of
            the code, \(\alpha_{i}\) : the leakage bit weights of the register, where i in \(\llbracket 1, n \rrbracket\)
    Output: An \((n, M, d)\) binary code
    for Every set \(S\) of \(M\) words do
        for \(x==0 ; x<|S| ; x++\) do
            for \(y==x+1 ; y<|S| ; y++\) do
                Calculate the distance dis ( \(S[x], S[y]\) );
                if \(\operatorname{dis}(S[x], S[y])<d\) (or \(\operatorname{dis}(S[x], S[y])!=d\), depends on equidistance
                    condition) then
                    continue with a different set \(S\);
                if \(\operatorname{dis}(S[x], S[y])==n\) then
                    \(n_{\text {distance }}{ }^{++}\)
            if \(n_{\text {distance }}==n\) then
                continue with a different set \(S\);
            Compute the estimated power consumption for codeword \(S[x]\) and store the
            result in table \(A: A[S[x]]=\sum_{i=1}^{n} \alpha_{i} S[x][i]\);
            Compute the estimated variance for bit leakages in \(S[x]\) and store the result in
            table \(B: B[S[x]]=\sum_{i=1}^{n}\left(\left(\alpha_{i} S[x][i]\right)-\mu_{S[x]}\right)^{2}\);
            Compute the bit with the highest bit leakage in \(S[x]\) and store the result in table
            \(C: C[S[x]]=\max \left(\alpha_{i} S[x][i]\right)\);
        Compute the register leakage variance for codewords in \(S\) and store the result in table
            \(D: D[S]=\sum_{S[x]=1}^{|S|}\left(A[S[x]]-\mu_{S}\right)^{2}\);
            Choose the highest variance for register bit leakages for codewords in \(S\) and store the
            result in table \(E: E[S]=\max (B)\);
            Choose the value of the highest register bit leakage among the codewords in \(S\) and
            store the result in table \(F: F[S]=\max (C)\);
    17 Get the optimal candidate using the following criteria:
    1. Choose the candidates with the lowest register variances from \(D[S]\);
    2. From this set, choose the candidates with the lowest value of the highest leakage
        according to \(F[S]\);
    3. Finally, choose from the previous set, take the candidate with the lowest bit leakage
        variance according to \(E[S]\);
    return \(M\) codewords in case all the conditions are met, or an empty set otherwise
```


### 4.2 Estimated Values for Chosen Codes

Codes with the best side-channel and fault resistance properties according to Algorithm 1 with 4 codewords and length 8 can be found in Table 2 . Their detailed properties are stated in Table 3. More codes with cardinality 16 and various distances can be found in Appendix A.

For calculating the register variance, we follow the similar methodology as used in [12], together with their generated $\alpha$ values, but we improved their ranking algorithm
by calculating the bit variances inside registers and by selecting the code which has the lowest leakage value for the highest leaking codeword. First part of Table 3 shows these three values, with the order of preference according to our ranking algorithm. Second part of the table shows bit fault resistance probabilities, denoted by $p_{m}$ for $m$-bit flips in the codeword, as well as overall resistance index, denoted by $p_{\text {rand }}$ for the code. The last part of the table shows the fault resistance probabilities with error correction, denoted by $p_{m,(e)}$, as well as overall resistance index with error correction, which is denoted by $p_{\text {rand,(e) }}$. We do not consider codes with distance 1 because such codes do not provide protection against 1-bit flips and therefore the fault protection would be very low. However, such codes can still be used for minimizing the side-channel leakage.

In general, if we aim for higher distance values, we get better detection and correction capabilities, but the side-channel leakage is higher as well. That is because if the distance is higher, it is more likely that the variance of leakage among the codewords is bigger. Also, we can see that equidistant codes have a constant detection probability of 1 except the case when number of bit flips is the same as the code distance. Moreover, if we sum up the probabilities of all the bit flip faults for non-equidistant codes, the overall detection probability is lower. However, the side-channel leakage of equidistant codes is more than 10 times higher compared to non-equidistant codes.

Table 2: Codes used in evaluation.

| Code | Distance | Denoted by |
| :---: | :---: | :---: |
| 0x3D, 0x9D, 0xAD, 0xBC | $=2$ | $C_{8,4, e q 2}$ |
| 0x0B, 0x19, 0x35, 0xA6 | $>=2$ | $\mathcal{C}_{8,4, \min 2}$ |
| 0x19, 0x35, 0x8A, 0xA6 | $>=3$ | $\mathcal{C}_{8,4, \min 3}$ |
| 0x55, 0x93, 0xA5, 0xC6 | $=4$ | $\mathrm{C}_{8,4, e q 4}$ |
| 0x19, 0x27, 0x8A, 0xB4 | $>=4$ | $C_{8,4, \min 4}$ |
| 0x19, 0x6A, 0x87, 0xF4 | $>=5$ | $\mathcal{C}_{8,4, \text { min } 5}$ |

### 4.3 Fault Simulation

The fault simulator we used was customized for the purpose of evaluating a microcontroller assembly table look-up implementation of the encoding schemes presented in this paper. More details on this simulator are provided in [1]. This simulator helps us to extend the theoretical results to real-world results, where one has to use capabilities of microprocessors for computing the results.

A high-level overview is given in Figure 1. There are three instructions in total - the first two LDI load the two operands into registers r0 and r1. Both of the operands are already encoded according to one of the coding schemes. The LPM instruction loads the data from the look-up table stored in the memory by using the values in r0 and r1, and the result is stored to register r 2 . This part works as a standard instruction set simulator. During each execution, a fault is injected into the code. For each type of fault, we test all the possible combinations of codewords, and we disturbed all the instructions in our code. We have tested the following fault models:

- Bit faults: in this fault model, one to $n$ bits in the destination register change its value to a complementary one.

Table 3: Side-channel and fault properties of the codes.

| $\alpha=[0.613331,0.644584,0.602531,0.190986,0.586268,0.890951,1.838814,1.257943,0.899922,0.614699]$ |  |  |  |  |  |  |
| :---: | :---: | :---: | :---: | :---: | :---: | :---: |
| Code | $C_{8,4, e q 2}$ | $C_{8,4, \min 2}$ | $C_{8,4, \min 3}$ | $C_{8,4, e q 4}$ | $C_{8,4, \min 4}$ | $C_{8,4, m i n}$ |
| Codeword Variance | 0.0158 | $1.150 \times 10^{-5}$ | $9.800 \times 10^{-6}$ | 0.0021 | $6.440 \times 10^{-5}$ | $6.743 \times 10^{-3}$ |
| Highest Leakage | 4.9003 | 3.3445 | 3.3413 | 2.9514 | 3.3377 | 3.3445 |
| Bit Variance | 0.2492 | 0.2748 | 0.2776 | 0.1535 | 0.2776 | 0.3702 |
| $p_{1}$ | 1 | 1 | 1 | 1 | 1 | 1 |
| $p_{2}$ | 0.8929 | 0.9821 | 1 | 1 | 1 | 1 |
| $p_{3}$ | 1 | 0.9911 | 0.9821 | 1 | 1 | 1 |
| $p_{4}$ | 1 | 0.9929 | 0.9857 | 0.9571 | 0.9857 | 1 |
| $p_{5}$ | 1 | 0.9821 | 1 | 1 | 0.9643 | 0.9643 |
| $p_{6}$ | 1 | 1 | 1 | 1 | 1 | 0.9643 |
| $p_{7}$ | 1 | 0.9375 | 0.8750 | 1 | 1 | 1 |
| $p_{8}$ | 1 | 1 | 1 | 1 | 1 | 1 |
| $p_{\text {rand }}$ | 0.9866 | 0.9857 | 0.9804 | 0.9946 | 0.9938 | 0.9911 |
| $p_{1,(e)}$ | - | - | 1 | 1 | 1 | 1 |
| $p_{2,(e)}$ | - | - | 0.8929 | 1 | 1 | 1 |
| $p_{3,(e)}$ | - | - | 0.9107 | 0.7857 | 0.9286 | 1 |
| $p_{4,(e)}$ | - | - | 0.9143 | 0.9571 | 0.8429 | 0.8571 |
| $p_{5,(e)}$ | - | - | 0.9286 | 0.7857 | 0.8929 | 0.8571 |
| $p_{6,(e)}$ | - | - | 0.7500 | 1 | 0.7857 | 0.75 |
| $p_{7,(e)}$ | - | - | 0.8750 | 1 | 1 | 0.75 |
| $p_{8,(e)}$ | - | - | 0 | 1 | 1 | 1 |
| $p_{\text {rand,(e) }}$ | - | - | 0.7839 | 0.9411 | 0.9313 | 0.9018 |



Fig. 1: Fault simulator operation overview.

- Random byte faults: The random byte fault model changes random number of bits in the destination register.
- Instruction skip: instruction skip is a very powerful model that is capable of removing some countermeasures completely. We have tested a single instruction skip on all three instructions in the code.
- Stuck-at fault: in this fault model, the value of the destination register changes to a certain value, usually to all zeroes. Therefore, we have tested this value in our simulator.

After the output is produced under a faulty condition, it is analyzed by the output checker, which decides on its classification. Outputs can be of four types (Corrected, Valid, Invalid, Null), and these types are described in detail in Section 2.2.


Fig. 2: Simulation results for $C_{8,4, e q 4}$ with equidistant detection scheme in (a) and with equidistant correction scheme in (b); $C_{8,4, \min 4}$ with detection scheme in (c) and with correction scheme in (d).

### 4.4 Simulated Results

Figure 2 shows plots for $\mathcal{C}_{8,4, \text { min } 4}$ and $\mathcal{C}_{8,4, e q 4}$, with and without the error correction. Instruction skip faults and stuck-at faults show zero success when attacking any of the generated codes. When it comes to bit flips, we can see that for better fault tolerance, one should not use the error correction capabilities, since the properties of such codes allow changing the faulty codeword into another codeword, depending on the number of bit flips and minimum distance of the code. When deciding whether to choose an equidistant code or not, situation is the same as in Table 3 - equidistant codes have slightly better fault detection properties, but worse side-channel leakage protection. Therefore, it depends on the implementer to choose a compromise between those two.

## 5 Discussion

First, we would like to explain the difference between the calculated results in Table 3 and simulated results in Figure 2 in equidistant code $C_{8,4, \min 4}$. Table 3 shows theoretical results assuming that error happens before using the lookup table. However, in a realworld setting, fault can be injected at any point of the execution, including the table look-up, or even after obtaining the result from the table. That is also why there are Invalid faults, despite the table always outputs Null in case of being addressed by a
word that does not correspond to any codeword. Because there are three instructions in the assembly code, faulting the destination register of the last one after returning the value from the table results into $1 / 3$ of Invalid faults in all the cases except instruction skips.

To explain the condition on lines 7-8 of the Algorithm 1, we can take the code with $n=8, M=16$, and $d=4$ as an example. The simulation result for this code is stated in Figure 3 (a). Full results for this code are then in Table 5 in the appendix. There are no codes with these parameters that could satisfy the abovementioned condition - all 480 codes that can be constructed, have the property that if any codeword is faulted by $n$ bit flip, it will change to other codeword. Therefore, such codes are not suitable for protecting implementations against fault attacks. For this reason, it is more suitable to use the $\mathcal{C}_{8,16, \min 3}$ code, stated in Figure 3 (b), that does not suffer from such property.


Fig. 3: Simulation results for the codes: (a) $\mathcal{C}_{8,16, \min 4}$ and (b) $\mathcal{C}_{8,16, \min 3}$.
To summarize the results, we point out the following findings:

- Correction Scheme is not suitable for fault tolerant implementations - while it can be helpful in non-adversary environments, where it can be statistically verified, how many bits are usually faulted, and therefore, a proper error correction function can be specified, in adversary-based settings, one cannot estimate the attacker capabilities. In case of correcting 1 bit error for example, attacker who can flip multiple bits will have a higher probability of producing Valid faults, compared to using detection scheme with the same code.
- We can design optimal code either from the fault tolerance perspective, or from side-channel tolerance perspective - if we consider both, a compromise has to be made, depending on which attack is more likely to happen or how powerful an attacker can be in either setting. If we sacrifice the fault tolerance, we will normally get a code with distance 2 (e.g. side-channel resistant codes in [12] all have distance 2 and they are not equidistant codes), therefore such codes will be vulnerable to 2-bit faults. On the other hand, by relaxing the power consumption variance condition, we will be able to choose codes with bigger distance, being able to resist higher number of bit faults.
- Both types of resistances can be improved if we sacrifice the memory and choose codes with greater lengths.
- Equidistant detection schemes is a good option in case the implementation can be protected against certain number of bit flips - because all the Valid faults are achieved only if the attacker flips the same number of bits as is the distance. However, this condition does not hold in case of equidistant correction schemes.


## 6 Conclusions

In this paper, we provided a necessary background for constructing side-channel and fault attack resistant software encoding schemes. Current encoding schemes only cover side-channel resistance, and either do not discuss fault resistance, or only state it as a side product of the construction, such as [17]. Our work defines theoretical bounds for fault detection and correction and provides a way to construct efficient codes that are capable of protecting the underlying computation against both physical attack classes.

To support our result with a practical case study, we simulated the table look-up under faulty conditions, by using a microcontroller assembly code. As expected, the codes constructed by using our algorithm provide noticeably better fault resistance properties compared to state-of-the-art, while keeping the side-channel leakage at the minimum.

For the future work, we would like to use our scheme to implement all the operations in a symmetric cryptographic algorithm and test both the side-channel leakage and fault tolerance in a real world setting. Also, we would like to examine the timing leakage implications of the table look-ups with respect to processed data.

Acknowledgments. The authors would like to thank Dr. Punarbasu Purkayastha for the useful discussions and the anonymous reviewers for their valuable suggestions. The research of X. Hou is supported by Nanyang President Graduate Scholarship.

## References

1. Breier, J.: On analyzing program behavior under fault injection attacks (to appear). In: Availability, Reliability and Security (ARES), 2016 Eleventh International Conference on. pp. 1-5. IEEE (Aug 2016)
2. Breier, J., Jap, D., Bhasin, S.: The other side of the coin: Analyzing software encoding schemes against fault injection attacks. In: 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). pp. 209-216. IEEE (2016)
3. Breier, J., Jap, D., Chen, C.N.: Laser profiling for the back-side fault attacks: With a practical laser skip instruction attack on aes. In: Proceedings of the 1st ACM Workshop on CyberPhysical System Security. pp. 99-103. CPSS '15, ACM, New York, NY, USA (2015), http: //doi.acm.org/10.1145/2732198.2732206
4. Brouwer, A.E., Shearer, L.B., Sloane, N., et al.: A new table of constant weight codes. In: IEEE Trans Inform Theory. Citeseer (1990)
5. Chen, C., Eisenbarth, T., Shahverdi, A., Ye, X.: Balanced Encoding to Mitigate Power Analysis: A Case Study. In: CARDIS. Lecture Notes in Computer Science, Springer (November 2014), paris, France
6. Conway, J.H., Sloane, N.J.A.: Sphere packings, lattices and groups, vol. 290. Springer Science \& Business Media (2013)
7. Fu, F.W., Kløve, T., Luo, Y., Wei, V.K.: On equidistant constant weight codes. Discrete applied mathematics 128(1), 157-164 (2003)
8. Goubin, L., Patarin, J.: DES and Differential Power Analysis. The "Duplication" Method. In: CHES. pp. 158-172. LNCS, Springer (1999), Worcester, MA, USA
9. Hoogvorst, P., Danger, J.L., Duc, G.: Software Implementation of Dual-Rail Representation. In: COSADE (2011), Darmstadt, Germany
10. Ling, S., Xing, C.: Coding theory: a first course. Cambridge University Press (2004)
11. MacWilliams, F.J., Sloane, N.J.A.: The theory of error correcting codes. Elsevier (1977)
12. Maghrebi, H., Servant, V., Bringer, J.: There is wisdom in harnessing the strengths of your enemy: Customized encoding to thwart side-channel attacks - extended version -. Cryptology ePrint Archive, Report 2016/183 (2016), http://eprint.iacr.org/
13. Rauzy, P., Guilley, S., Najm, Z.: Formally Proved Security of Assembly Code Against Leakage. IACR Cryptology ePrint Archive 2013, 554 (2013)
14. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: International Workshop on Cryptographic Hardware and Embedded Systems. pp. 30-46. Springer Berlin Heidelberg (2005)
15. Schneider, T., Moradi, A., Güneysu, T.: Parti - towards combined hardware countermeasures against side-channel and fault-injection attacks. Cryptology ePrint Archive, Report 2016/648 (2016), http://eprint.iacr.org/2016/648
16. Selmane, N., Bhasin, S., Guilley, S., Graba, T., Danger, J.L.: WDDL is Protected Against Setup Time Violation Attacks. In: FDTC. pp. 73-83 (2009)
17. Servant, V., Debande, N., Maghrebi, H., Bringer, J.: Study of a Novel Software Constant Weight Implementation, pp. 35-48. Springer International Publishing, Cham (2015), http: //dx.doi.org/10.1007/978-3-319-16763-3_3
18. Tiri, K., Verbauwhede, I.: A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation. In: DATE'04. pp. 246-251 (2004), Paris, France.
19. Trichina, E., Korkikyan, R.: Multi fault laser attacks on protected crt-rsa. In: Fault Diagnosis and Tolerance in Cryptography (FDTC), 2010 Workshop on. pp. 75-86 (Aug 2010)

## A Generated Codes

In this section, we state the remaining codes generated by the Algorithm 1, for $M=16$ and $n=8,9,10$.

Table 4: Codes generated by the Algorithm 1.

| Code | Length | Distance | Denoted by |
| :---: | :---: | :---: | :---: |
| $\begin{array}{llll} \hline 0 x 0 E, & 0 x 4 D, & 0 x F 1, & 0 x E C, \\ 0 x 86, & 0 x 8 D, & 0 x A 5, & 0 x 46, \\ 0 x D 9, & 0 x 13, \\ 0 x D 2, & 0 x 79, & 0 x 72, & 0 x 5 A \end{array}$ | 8 | $>=2$ | $C_{8,16, \min 2}$ |
|  | 8 | $>=3$ | $\mathcal{C}_{8,16, \min 3}$ |
| $\begin{array}{lllll} \hline 0 x B A, & 0 x D 9, & 0 x E F, & 0 x 73, & 0 x 1 F, \\ 0 x 83, & 0 x B 5, & 0 x 26, & 0 x 4 \mathrm{~A}, & 0 x 7 C, \\ 0 x 29, & 0 x 8 C, & 0 x E 0, & 0 x 10 \end{array}$ | 8 | $>=4$ | $C_{8,16, \min 4}$ |
| ```0x145, 0x15A, 0x1CA, 0x95, 0xCC, 0xDA, 0xC5, 0x18C, 0x0E, 0xD3, 0x19A, 0x185, 0x07, 0x193, 0x9C, 0x153``` | 9 | $>=2$ | $C_{9,16, \text { min } 2}$ |
| $\begin{aligned} & \text { Ox07, 0xF3, 0x146, 0xB5, 0xEC, 0x2E, } \\ & 0 x 1 B A, ~ 0 x 165, ~ 0 x 13 C, ~ 0 x 1 D, ~ 0 x 1 D 9, \\ & 0 x 5 B, ~ 0 x 1 D 4, ~ 0 x 18 B, ~ 0 x 96, ~ 0 x 185 \end{aligned}$ | 9 | $>=3$ | $C_{9,16, \min 3}$ |
| $\begin{aligned} & \text { 0x3B, 0x75, 0x9D, 0x14B, 0x1D4, } \\ & \text { 0x1A5, 0xEC, 0x13C, 0x1F9, 0x193, } \\ & \text { 0x07, 0xDA, 0x166, 0xB6, 0x1AA, 0xE3 } \end{aligned}$ | 9 | $>=4$ | $C_{9,16, \text { min } 4}$ |
| $\begin{aligned} & 0 \times 5 D, \quad 0 x D C, \quad 0 \times 34 B, \quad 0 \times 25 C, 0 \times 1 C B, \\ & 0 \times 359, \quad 0 \times C, \quad 0 \times 3 C A, \quad 0 \times 3 E 6, \quad 0 \times 1 F 5, \\ & 0 \times 1 E 7, \quad 0 \times 3 F 4, \quad 0 \times 375, \quad 0 \times 24 E, \quad 0 \times 4 F, \\ & 0 \times 1 D 9 \end{aligned}$ | 10 | $>=2$ | $C_{10,16, \min 2}$ |
| ```0xA7, 0x235, 0x3C8, 0x22A, 0x14C, 0x39, 0x298, 0x3C5, 0x3B1, 0x8B, 0x1B4, 0x1C, 0x326, 0x156, 0x169, 0x353``` | 10 | $>=3$ | $\mathcal{C}_{10,16, \min 3}$ |
|  | 10 | $>=4$ | $C_{10,16, \min 4}$ |


| 0St80 | LSL8 0 | － | ¢989＊0 | ZS9L．0 | － | 0¢ ${ }^{\text {a }}$ | てZしが0 | － | ${ }^{\text {（）}}{ }^{\text {puxa }} d$ |
| :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: |
| 0¢Z9＊0 | I | － | － | － | － | － | － | － | ${ }^{(2)}{ }^{4} \mathrm{OI} d$ |
| SLE80 | OSL8 0 | － | 0 | 0SL8．0 | － | － | － | － | ${ }^{\text {（）})^{6} 6} d$ |
| $8208^{\circ}$ | LII $8^{\circ} 0$ | － | $6888{ }^{\circ} 0$ | $6 \mathrm{C9L} 0$ | － | 0 | 0 | － | （a） $88 d$ |
| \＆ $288^{\circ} 0$ | 0ヵて8．0 | － | $6905^{\circ} 0$ | カャ69＊0 | － | 0 | IESt＊ 0 | － | （a）$\llcorner\square d$ |
| 0L6L＇0 | IEI80 | － | \＆19600 | t969\％ | － | 1 | 680¢ ${ }^{\circ} 0$ | － | （2）${ }^{9} 9 \mathrm{~d}$ |
| 6 IZ80 | EtE8＊ | － | L8It 0 | 92L9 0 | － | 0 | カんIt＊ | － | （a）＇s $d$ |
| I8E80 | $66 E 8^{\circ} 0$ | － | LヵI6．0 | L99900 | － | 8.0 | 6LIt゚0 | － | （a）${ }^{2} d$ |
| $8 \mathrm{St} 8^{\circ} 0$ | tt $88^{\circ} 0$ | － | I88t＊ 0 | Z8LLO | － | 0 | てZOS＊0 | － | （a）＇$\varepsilon d$ |
| I | OSL8 0 | － | I | $00 t L^{\circ} 0$ | － | I | 8LLt゚ 0 | － | （a）＇ $2 d$ |
| I | I | － | I | I | － | I | I | － | （a）${ }^{\text {I }}$ d $d$ |
| 1886．0 | t0660 | 29860 | 6EL6\％ | t0860 | ILL6 0 | S8．0 | 26E60 | ¢0S8．0 | ${ }^{\text {pub．}} d$ |
| I | I | I | － | － | － | － | － | － | ${ }^{01} d$ |
| S2960 | I | I | I | I | I | － | － | － | ${ }^{6} d$ |
| ［9860 | ［9860 | 19860 | $6888{ }^{\circ}$ | 19860 | I | 0 | OSL80 | 0SてI「0 | ${ }^{8 d}$ |
| ¢9860 | IZL60 | $\dagger$ ¢ $86{ }^{\circ}$ | 1 | 2ZL6 0 | $6 \pm$ S6．0 | I | $9068^{\circ} 0$ | I | $L_{d}$ |
| $1166{ }^{\circ}$ | $6886{ }^{\circ}$ | 11660 | \＆19600 | \＆ャ96．0 | ［8860 | I | tSc60 | It 260 | ${ }^{9} d$ |
| L9L60 | ［9860 | 99860 | I | 26960 | E8960 | I | IZ960 | 80E60 | ${ }^{5} d$ |
| 08L60 | LS860 | LS860 | Lヵ16．0 | 26960 | ZSL60 | 8.0 | $6 \mathrm{LI} 6^{\circ} 0$ | 7IL6．0 | ${ }^{\dagger} d$ |
| I | tt $86{ }^{\circ}$ | $\dagger$ ¢ $86{ }^{\circ}$ | I | 82960 | てEL60 | I | 62160 | 98260 | $\varepsilon_{d}$ |
| I | I | LIt 6.0 | I | I | L9160 | I | I | It ${ }^{\circ} 6^{\circ}$ | ${ }^{2} d$ |
| I | I | I | I | I | I | I | I | I | ${ }^{1} d$ |
| $626 \varepsilon^{\circ} 0$ | SL8E＊ 0 | 0LIE＇0 | $998 \varepsilon^{\circ} 0$ | ILSE＇0 | ZSSで0 | L9EE0 | $6+6 \varepsilon^{\circ} 0$ | LS97＊ |  |
| I $066^{\circ} \mathrm{E}$ | StS8．${ }^{\circ}$ | てI8L＇t | $096 \mathrm{C}^{\circ} \mathrm{E}$ | L966 ${ }^{\circ}$ | 01S6．${ }^{\circ}$ | 0I6I 0 | L09て＇E | L09でE |  |
| $\dagger \mathcal{L} 0^{\circ} 0$ | LIOO 0 | ${ }_{\text {c－0 }} 0$ I $\times 026^{\circ} \mathrm{E}$ | $\varepsilon ャ 0 \mathrm{I}^{\circ} 0$ | L600 0 |  | IEZ8．1 | 06II「0 | \＆100＇0 | әЈиец® $\Lambda$ рıомәроว |
| ${ }^{\text {tulur }}$ ¢1001O | عıuı＇91＇01 $^{\text {a }}$ | てuıt＇9101つ | ${ }^{\text {tulur } 91}{ }^{\text {¢ }}$ ¢ | ${ }^{\text {¢unur }} 1^{1} 6 \bigcirc$ | 2unu＇91＇6ว | ${ }^{\text {เulu＇91＇8つ }}$ | ยuıu＇918\％ | 2ulu＇91＇8 | әроつ |
|  |  |  |  |  |  |  |  |  | 0 |

## B Fault Resistance Probabilities

In this section, we show the detailed theoretical calculations of fault resistance probabilities and the overall resistance index (with error) for some specific examples.

Equidistant Detection Scheme. Using Lemma 1, we list the values of $p_{m} \mathrm{~S}$ and $p_{\text {rand }}$ in Table 6 for $(8,4,2)$ and $(8,4,4)$ equidistant binary codes.

Table 6: Theoretical values of $p_{m}$ for $(n, M, d)$-equidistant binary code.

| $(n, M, d)$ | $p_{1}$ | $p_{2}$ | $p_{3}$ | $p_{4}$ | $p_{5}$ | $p_{6}$ | $p_{7}$ | $p_{8}$ | $p_{\text {rand }}$ |
| :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: |
| $(8,4,2)$ | 1 | 0.8929 | 1 | 1 | 1 | 1 | 1 | 1 | 0.9866 |
| $(8,4,4)$ | 1 | 1 | 1 | 0.9571 | 1 | 1 | 1 | 1 | 0.9946 |

Detection Scheme. Since we require that dis $(C) \geq 2$ for Detection Scheme, for 1 -bit fault, we expect the results to be Null, which means $p_{1}=1$. Now we give a theoretical calculation for the $(8,4,4)$-binary code $\mathcal{C}_{8,4, \min 4}=\{00011001,00100111,10001010$, $10110100\}$. We first list the distance between every pair of codewords in Table 7.

Table 7: Distance between each pair of codewords in the $(8,4,4)$-binary code $C_{8,4, \min 4}$.

| $\operatorname{dis}(\cdot, \cdot)$ | 00011001 | 00100111 | 10001010 | 10110100 |
| :---: | :---: | :---: | :---: | :---: |
| 00011001 | 0 | 5 | 4 | 5 |
| 00100111 | 5 | 0 | 5 | 4 |
| 10001010 | 4 | 5 | 0 | 5 |
| 10110100 | 5 | 4 | 5 | 0 |

By equation (3), we can then calculate the $m$-bit fault resistance probabilities and the overall resistance index for $C$ :

$$
\begin{array}{ll}
p_{2}=p_{3}=1-\frac{1}{4}(0+0+0+0)=1, & p_{4}=1-\frac{1}{4\binom{8}{4}}(2+0+1+1)=\frac{69}{70} \approx 0.9857, \\
p_{5}=1-\frac{1}{4\binom{8}{5}}(2+2+2+2)=\frac{27}{28} \approx 0.9643, & p_{6}=p_{7}=p_{8}=1-\frac{1}{4}(0+0+0+0)=1, \\
p_{\text {rand }}=\sum_{m=1}^{8} \frac{1}{8} p_{m}=0.9938 . &
\end{array}
$$

Correction Scheme. We give a theoretical calculation for the $m$-bit fault resistance probabilities with error correction for the same $(8,4,4)$-binary code $C_{8,4, \text { min } 4}=\{00011001$, $00100111,10001010,10110100\}$. As dis $(C)=4$, by Remark 1 it is an 1 -error correcting code. By equation (2), $p_{m,(e)}=1$ for $m=1$. To calculate $p_{m,(e)}$ for $m \geq 2$, we first list the table of cardinalities of $F_{c, m}$ for $\boldsymbol{c} \in \mathcal{C}$ and $m=2,3, \ldots, 8$ in Table 8 .

Table 8: Cardinality of $F_{c, m}$ for $m=2,3, \ldots, 8$ and $\boldsymbol{c} \in \mathcal{C}_{8,4, \text { min } 4}$.

|  | $\left\|F_{c, 2}\right\|$ | $\left\|F_{c, 3}\right\|$ | $\left\|F_{c, 4}\right\|$ | $\left\|F_{c, 5}\right\|$ | $\left\|F_{c, 6}\right\|$ | $\left\|F_{c, 7}\right\|$ | $\left\|F_{c, 8}\right\|$ |
| :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: |
| 00011001 | 0 | 4 | 11 | 6 | 6 | 0 | 0 |
| 00100111 | 0 | 4 | 11 | 6 | 6 | 0 | 0 |
| 10001010 | 0 | 4 | 11 | 6 | 6 | 0 | 0 |
| 10110100 | 0 | 4 | 11 | 6 | 6 | 0 | 0 |

By equation (2), we can then calculate the $m$-bit fault resistance probabilities with error correction as well as the overall resistance index with error correction for $C$.

$$
\begin{aligned}
& p_{2,(e)}=1-\frac{1}{4\binom{8}{2}}(0+0+0+0)=1, \\
& p_{3,(e)}=1-\frac{1}{4\binom{8}{3}}(4+4+4+4)=\frac{13}{14} \approx 0.9286, \\
& p_{4,(e)}=1-\frac{1}{4\binom{8}{4}}(11+11+11+11)=\frac{59}{70} \approx 0.8429, \\
& p_{5,(e)}=1-\frac{1}{4\binom{8}{5}}(6+6+6+6)=\frac{25}{28} \approx 0.8929, \\
& p_{6,(e)}=1-\frac{1}{4\binom{8}{6}}(6+6+6+6)=\frac{11}{14} \approx 0.7857, \\
& p_{7,(e)}=p_{8,(e)}=1-\frac{1}{4}(0+0+0+0)=1, \\
& p_{\text {rand,(e) }}=\sum_{m-1}^{8} \frac{1}{8} p_{m,(e)}=0.9313 .
\end{aligned}
$$

