Diffusional Side-Channel Leakage From Unrolled Lightweight Block Ciphers: A Case Study of Power Analysis on PRINCE

Yli-Mäyry, Ville; Ueno, Rei; Miura, Noriyuki; Nagata, Makoto; Bhasin, Shivam; Mathieu, Yves; Graba, Tarik; Danger, Jean‐Luc; Homma, Naofumi

doi:10.1109/tifs.2020.3033441

Cited by 12 publications

(10 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The difference in inputs will be masked by the algorithm, and the difference will not be observed after a certain number of rounds. In [26], the authors proposed a leakage model based on differential inputs. All the aforementioned techniques aim to increase the SNR of the power consumption or the effectiveness and precision of the analysis phase.…”

Section: Introductionmentioning

confidence: 99%

“…In [23], the authors proposed an improved CFA [24] attack, which makes it feasible to extract first-order side-channel leakages from combinational logic in the initial rounds of unrolled datapaths. In [26], the authors were able to deepen the attack by using the intermediate values of the first round (i.e., the difference in switching), which showed up as a side channel leakage during the processing of the inner round. However, they were only able to recover all of the keys in the third round, and only 1/16 of the keys were recovered in the fourth round.…”

mentioning

confidence: 99%

“…The chosen-input attack proposed in this paper can generate a difference of only 1 bit at the MixColumn output in the first round. The minimum difference in the first round decreases from 3 nibbles to 1 nibble as compared to [26], necessitating more rounds of iterations to completely mask this difference. Since only the input from the first round is used as the computational element, we are able to obtain the complete key information from the fourth round regardless of the protection of the first three rounds.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Side-Channel Attack of Lightweight Cryptography Based on MixColumn: Case Study of PRINCE

Xue

Jiang

et al. 2023

Electronics

View full text Add to dashboard Cite

Lightweight cryptography is implemented in unrolled architecture generally, which has the characteristics of low latency and high real-time performance but also faces the threat of Side-Channel Attack (SCA). Different from traditional loop architecture, the unrolled architecture requires separate protection against SCA in each round. This leads to the unrolled architecture that is very sensitive to the number of rounds that need to be protected against SCA. In this paper, we propose an optimized method for the chosen-input attack that can effectively increase the number of rounds of differential propagation and recover the key from the fourth round of unrolled PRINCE for the first time. This research also evaluates the hardware overhead and performance of two types of Threshold implementation (TI) for PRINCE. The experimental results indicate that TI imposes substantial hardware overhead on the circuit, therefore a specified number of protection rounds is required.

show abstract

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Side-Channel Attack of Lightweight Cryptography Based on MixColumn: Case Study of PRINCE

Xue

Jiang

et al. 2023

Electronics

View full text Add to dashboard Cite

show abstract

“…However, there are new analysis techniques that do not attack the mathematical implementation of the algorithm itself, but the physical implementation of it. These analysis techniques are known as passive and active attacks [1][2][3][4][5][6][7]. Passive attacks are the so-called side channel attacks, which exploit physical leakages during encryption processes, such as power consumption, electromagnetic radiation, or timing, to reveal secret information, e.g., power analysis (PA) [1,2].…”

Section: Introductionmentioning

confidence: 99%

“…These analysis techniques are known as passive and active attacks [1][2][3][4][5][6][7]. Passive attacks are the so-called side channel attacks, which exploit physical leakages during encryption processes, such as power consumption, electromagnetic radiation, or timing, to reveal secret information, e.g., power analysis (PA) [1,2]. On the other hand, active attacks are any invasive or noninvasive attacks that exploit the information provided by cryptographic devices during an erroneous encryption or decryption process.…”

Section: Introductionmentioning

confidence: 99%

Experimental FIA Methodology Using Clock and Control Signal Modifications under Power Supply and Temperature Variations

Potestad-Ordonez

Tena-Sánchez

Mora

et al. 2021

Sensors

View full text Add to dashboard Cite

The security of cryptocircuits is determined not only for their mathematical formulation, but for their physical implementation. The so-called fault injection attacks, where an attacker inserts faults during the operation of the cipher to obtain a malfunction to reveal secret information, pose a serious threat for security. These attacks are also used by designers as a vehicle to detect security flaws and then protect the circuits against these kinds of attacks. In this paper, two different attack methodologies are presented based on inserting faults through the clock signal or the control signal. The optimization of the attacks is evaluated under supply voltage and temperature variation, experimentally determining the feasibility through the evaluation of different Trivium versions in 90 nm ASIC technology implementations, also considering different routing alternatives. The results show that it is possible to inject effective faults with both methodologies, improving fault efficiency if the power supply voltage decreases, which requires only half the frequency of the short pulse inserted into the clock signal to obtain a fault. The clock signal modification methodology can be extended to other NLFSR-based cryptocircuits and the control signal-based methodology can be applied to both block and stream ciphers.

show abstract

Blind Side Channel Analysis on the Elephant LFSR Extended Version

Maillard,

Meraneh,

Sarry

et al. 2023

Communications in Computer and Information Science

View full text Add to dashboard Cite

The National Institute of Standards and Technology (NIST) started a competition for lightweight cryptography candidates for authenticated encryption. Elephant is one of the ten finalists. Many physical attacks exist on the different traditional cryptographic algorithms. New standard are a new targets for this domain. In this paper, an improvement of the first theoretical blind side channel attack against the authenticated encryption algorithm Elephant is presented. More precisely, we are targeting the LFSR-based counter used internally. LFSRs are classic functions used in symmetric cryptography. In the case of Elephant, retrieving the initial state of the LFSR is equivalent to recovering the encryption key. This paper is an extension of a previous version. So an optimization of our previous theoretical attack is given. In the previous version, in only half of the cases, the attack succeeds in less than two days. In this extended paper, with optimization, the attack succeeds in three quarters of the cases.

show abstract

Diffusional Side-Channel Leakage From Unrolled Lightweight Block Ciphers: A Case Study of Power Analysis on PRINCE

Cited by 12 publications

References 29 publications

Side-Channel Attack of Lightweight Cryptography Based on MixColumn: Case Study of PRINCE

Side-Channel Attack of Lightweight Cryptography Based on MixColumn: Case Study of PRINCE

Experimental FIA Methodology Using Clock and Control Signal Modifications under Power Supply and Temperature Variations

Blind Side Channel Analysis on the Elephant LFSR Extended Version

Contact Info

Product

Resources

About