Hardware such as integrated circuits are frequently manufactured overseas and in insecure environments. Such hardware may be exposed to persons with malevolent intent before, during or after the manufacturing process. At such times, it may be possible to alter intended programming, insert back doors or Trojans, or otherwise compromise the integrity of the hardware.
Some Advanced Encryption Standard (“AES”) algorithms, for example Galois Counter Mode (“GCM”) AES algorithms, produce authentication tags in addition to being able to encrypt and decrypt data. These algorithms accept as inputs: (1) a key, (2) data to be encrypted or decrypted, (3) “additional data,” which is not encrypted or decrypted, and (4) an initialization vector, also referred to as a “nonce.” All inputs are accounted for in the authentication tags produced by the algorithms. Depending on whether the tags are produced by an encryption or a decryption operation, the resulting tags will be referred to herein as “encryption authentication tags” or “decryption authentication tags,” respectively. Note also that regardless as to whether the tags were produced by an encryption or a decryption operation, if the encrypted or decrypted data represents the same plaintext data, if the same key and additional data are input, and if the initialization vectors correspond, then the encryption authentication tags will be identical to the decryption authentication tags. Otherwise, the tags will not match. Thus, the authentication tags are essentially a signature on the encrypted or decrypted data (as appropriate) that also takes into account the key used for the encryption operation, the additional data and the nonce.