ABSTRACT
This work applies side channel analysis on hardware implementations of two CAESAR candidates, Keyak and Ascon. Both algorithms are cryptographic sponges with an iterated permutation. The algorithms share an s-box so attacks on the non-linear step of the permutation are similar. This work presents the first results of a DPA attack on Keyak using traces generated by an FPGA. A new attack is crafted for a larger sensitive variable to reduce the number of traces. It also presents and applies the first CPA attack on Ascon. Using a toy-sized threshold implementation of Ascon we try to give insight in the order of the steps of a permutation.
- Farzaneh Abed, Christian Forler, and Stefan Lucks. 2014. General Overview of the Authenticated Schemes for the First Round of the CAESAR Competition. Technical Report. Cryptology ePrint Archive: Report 2014/792.{2} CAESAR submissions, second-round candidates. Available: http://competitions.cr.yp.to/caesar-submissions.html. https://pdfs.semanticscholar.org/9d87/276411a6ea1b1c6b89c7a04306221fc8b8b8.pdfGoogle Scholar
- Guido Bertoni, Joan Daemen, Nicolas Debande, Thanh Ha Le, Michaël Peeters, and Gilles Van Assche. 2012. Power analysis of hardware implementations protected with secret sharing. In Proceedings - 2012 IEEE/ACM 45th International Symposium on Microarchitecture Workshops, MICROW 2012. Institute of Electrical and Electronics Engineers (IEEE), 9--16. Google ScholarDigital Library
- G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche. 2011. The Keccak reference. (January 2011). http://keccak.noekeon.org/Keccak-reference-3.0.pdf http://keccak.noekeon.org/.Google Scholar
- Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. 2012. Permutation-based encryption, authentication and authenticated encryption. Directions in Authenticated Ciphers (2012).Google Scholar
- Guido Bertoni, Joan Daemen, MichaÃńl Peeters, Gilles van Assche, and Ronny van Keer. 2016. CAESAR submission: Keyak v2. (2016). http://keyak.noekeon.org/Keyakv2-doc2.2.pdfGoogle Scholar
- BegÃijl Bilgin, Joan Daemen, Ventzislav Nikov, Svetla Nikova, Vincent Rijmen, and Gilles Van Assche. 2014. Efficient and First-Order DPA Resistant Implementations of Keccak. In Smart Card Research and Advanced Applications. Springer Science & Business Media, 187--199.Google Scholar
- Paul Bottinelli and Joppe W Bos. 2015. Computational aspects of correlation power analysis. Journal of Cryptographic Engineering (feb 2015), 1--15.Google Scholar
- Eric Brier, Christophe Clavier, and Francis Olivier. 2004. Correlation Power Analysis with a Leakage Model. In Lecture Notes in Computer Science. Springer Nature, 16--29.Google Scholar
- Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. 1999. Towards Sound Approaches to Counteract Power-Analysis Attacks. In Advances in Cryptology --- CRYPTO' 99. Springer Nature, 398--412. Google ScholarDigital Library
- Joan Daemen. 2016. Changing of the Guards: a simple and efficient method for achieving uniformity in threshold sharing. (2016), 1--8.Google Scholar
- C. Dobraunig, M. Eichlseder, F. Mendel, and M. SchlÃd'ffer. 2015. Ascon v1.l Submission to CAESAR. (2015). https://competitions.cr.yp.to/round2/asconv11.pdfGoogle Scholar
- Jack W Dunlap. 1937. Combinative properties of correlation coefficients. The Journal of Experimental Education 5, 3 (jan 1937), 286--288.Google ScholarCross Ref
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Advances in Cryptology --- CRYPTO' 99. Springer Nature, 388--397. Google ScholarDigital Library
- Pei Luo, Yunsi Fei, Xin Fang, A. Adam Ding, David R. Kaeli, and Miriam Leeser. 2015. Side-channel analysis of MAC-Keccak hardware implementations. In Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy - HASP '15. Association for Computing Machinery (ACM). Google ScholarDigital Library
- Stefan Mangard, Elisabeth Oswald, and Thomas Popp. 2008. Power analysis attacks: Revealing the secrets of smart cards. Vol. 31. Springer Science & Business Media. Google ScholarDigital Library
- Svetla Nikova, Christian Rechberger, and Vincent Rijmen. 2006. Threshold Implementations Against Side-Channel Attacks and Glitches. In Information and Communications Security. Springer Science & Business Media, 529--545. Google ScholarDigital Library
- Svetla Nikova, Vincent Rijmen, and Martin SchlÃd'ffer. 2010. Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches. Journal of Cryptology 24, 2 (oct 2010), 292--321. Google ScholarDigital Library
- Philippe Pierre Pebay. 2008. Formulas for robust, one-pass parallel computation of covariances and arbitrary-order statistical moments. Technical Report. Sandia National Laboratories.Google Scholar
- Eric Peeters, François-Xavier Standaert, Nicolas Donckers, and Jean-Jacques Quisquater. 2005. Improved higher-order side-channel attacks with FPGA experiments. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 309--323. Google ScholarDigital Library
- Emmanuel Prouff and Matthieu Rivain. 2013. Masking against side-channel attacks: A formal security proof. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Springer Science & Business Media, 142--159.Google ScholarCross Ref
- François-Xavier Standaert, Nicolas Veyrat-Charvillon, Elisabeth Oswald, Benedikt Gierlichs, Marcel Medwed, Markus Kasper, and Stefan Mangard. 2010. The World Is Not Enough: Another Look on Second-Order DPA. In Advances in Cryptology - ASIACRYPT 2010. Springer Nature, 112--129.Google Scholar
- Mostafa Taha and Patrick Schaumont. 2013. Side-Channel Analysis of MAC-Keccak. In 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). Institute of Electrical and Electronics Engineers (IEEE).Google Scholar
Recommendations
Ascon hardware implementations and side-channel evaluation
Having ciphers that provide confidentiality and authenticity, that are fast in software and efficient in hardware, these are the goals of CAESAR, the Competition for Authenticated Encryption: Security, Applicability, and Robustness. In this paper, the ...
Automatic Search of Linear Structure: Applications to Keccak and Ascon
Information Security and CryptologyAbstractThe linear structure technique was developed by Guo et al. at ASIACRYPT 2016, notably boosting the preimage attacks on Keccak. This technique transforming the preimage attack into solving algebraic systems allows entire linearization of the ...
Suit up! -- Made-to-Measure Hardware Implementations of ASCON
DSD '15: Proceedings of the 2015 Euromicro Conference on Digital System DesignHaving ciphers that provide confidentiality and authenticity, that are fast in software and efficient in hardware, these are the goals of the CAESAR authenticated encryption competition. In this paper, the promising CAESAR candidate ASCON is implemented ...
Comments