Skip to main content
SpringerLink
Log in

Collision-Correlation Attack Against a First-Order Masking Scheme for MAC Based on SHA-3

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8622))

Abstract

In 2012, Keccak has been selected as the SHA-3 competition winner, and NIST recently announced the standardization of a keyed version for message authentication codes. In this paper, we consider an implementation of this keyed function, protected against first-order side-channel analysis with an efficient masking scheme proposed by the designers. We show that this masking scheme is vulnerable to a non-linear collision-correlation attack. Our attack advantageously needs no assumption on device-depending parameters, and hence constitutes an interesting alternative to second-order differential analysis.

Laurie Genelle - This work was done while this author was a member of the Cryptography Group of Oberthur Technologies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    But of course, we need to find where the sensitive variables are manipulated. We will not describe this process and assume it has already been done.

References

  1. Akkar, M.-L., Bévan, R., Dischamp, P., Moyart, D.: Power analysis, what is now possible. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 489–502. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  2. Bertoni, G., Daemen, J., Debande, N., Le, T.H., Peeters, M., Van Assche, G.: Power analysis of hardware implementations protected with secret sharing. In: 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops (MICROW). pp. 9–16. IEEE Computer Society (2012)

    Google Scholar 

  3. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Building power analysis resistant implementations of Keccak. In: Second SHA-3 Candidate Conference (2010)

    Google Scholar 

  4. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic Sponge Functions, Version 0.1 (2011)

    Google Scholar 

  5. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak Reference, Version 3.0 (2013)

    Google Scholar 

  6. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: Keccak implementation overview, Version 3.2 (2012)

    Google Scholar 

  7. Bilgin, B., Daemen, J., Nikov, V., Nikova, S., Rijmen, V., Van Assche, G.: Efficient and first-order DPA resistant implementations of Keccak. In: Francillon, A., Rohatgi, P. (eds.) Smart Card Research and Advanced Applications. LNCS, vol. 8419, pp. 187–199. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  8. Biryukov, A., Khovratovich, D.: Two new techniques of side-channel cryptanalysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 195–208. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Bogdanov, A.: Improved side-channel collision attacks on AES. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 84–95. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Bogdanov, A.: Multiple-differential side-channel collision attacks on AES. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 30–44. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Bogdanov, A., Kizhvatov, I., Pyshkin, A.: Algebraic methods in side-channel collision attacks and practical collision detection. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 251–265. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye and Quisquater [19], pp. 16–29

    Google Scholar 

  13. Chari, S., Jutla, C., Rao, J., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener [36], pp. 398–412

    Google Scholar 

  14. Chari, S., Rao, J., Rohatgi, P.: Template attacks. In: Kaliski Jr, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–29. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Improved collision-correlation power analysis on first order protected AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 49–62. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  16. Dabosville, G., Doget, J., Prouff, E.: A new second-order side channel attack based on linear regression. IEEE Trans. Comput. 62(8), 1629–1640 (2013)

    Article  MathSciNet  Google Scholar 

  17. Faugère, J.C.: A new efficient algorithm for computing Gröbner bases (F4). J. Pure Appl. Algebra 139(1–3), 61–88 (1999). (http://www-salsa.lip6.fr/jcf/Papers/F99a.pdf)

    Article  MATH  MathSciNet  Google Scholar 

  18. Briais, S., et al.: 3D hardware canaries. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 1–22. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  19. Joye, M., Quisquater, J.-J. (eds.): CHES 2004. LNCS, vol. 3156. Springer, Heidelberg (2004)

    MATH  Google Scholar 

  20. Kelsey, J.: SHA3 - past, present, and future. In: Presented at the rump session of CHES 2013 (2013)

    Google Scholar 

  21. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  22. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener [36], pp. 388–397

    Google Scholar 

  23. Ledig, H., Muller, F., Valette, F.: Enhancing collision attacks. In: Joye and Quisquater [19], pp. 176–190

    Google Scholar 

  24. Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  25. Messerges, T.S.: Using second-order power analysis to attack DPA resistant software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  26. Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  27. Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical second-order DPA attacks for masked smart card implementations of block ciphers. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192–207. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  28. Prouff, E., Rivain, M., Bévan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)

    Article  MathSciNet  Google Scholar 

  29. Quisquater, J.J., Samyde, D.: A new tool for non-intrusive analysis of smart cards based on electro-magnetic emissions, the SEMA and DEMA methods. In: Presented during EUROCRYPT’00 Rump Session (2000)

    Google Scholar 

  30. Roche, T., Lomné, V.: Collision-correlation attack against some 1\(^\text{ st }\)-order boolean masking schemes in the context of secure devices. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 114–136. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  31. Schramm, K., Leander, G., Felke, P., Paar, C.: A collision-attack on AES (Combining Side Channel and Differential-Attack). In: Joye and Quisquater [19], pp. 163–175

    Google Scholar 

  32. Schramm, K., Wollinger, T., Paar, C.: A new class of collision attacks and its application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  33. Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: another look on second-order DPA. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 112–129. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  34. Taha, M., Schaumont, P.: Side-channel analysis of MAC-Keccak. In: IEEE International Symposium on Hardware-Oriented Security and Trust - HOST 2013. IEEE Computer Society (2013)

    Google Scholar 

  35. Walter, C.D.: Sliding windows succumbs to big mac attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286–299. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  36. Wiener, M. (ed.): CRYPTO 1999. LNCS, vol. 1666. Springer, Heidelberg (1999)

    MATH  Google Scholar 

  37. Zohner, M., Kasper, M., Stöttinger, M., Huss, S.A.: Side channel analysis of the SHA-3 finalists. In: Rosenstiel, W., Thiele, L. (eds.) Design, Automation and Test in Europe Conference & Exhibition, DATE 2012, pp. 1012–1017. IEEE Computer Society (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Oberthur Technologies, 420 Rue D’Estienne D’Orves, 92700, Colombes, France

    Luk Bettale, Emmanuelle Dottax, Laurie Genelle & Gilles Piret

Authors
  1. Luk Bettale
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanuelle Dottax
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Laurie Genelle
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gilles Piret
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Luk Bettale .

Editor information

Editors and Affiliations

  1. FNISA, Paris, France

    Emmanuel Prouff

A Comparison with Second-Order DSCA

A Comparison with Second-Order DSCA

We compare our new attack to second-order DSCA for different leakage models studied in the literature [16]. For the 2O-DSCA, we make predictions in the HW model and we use Pearson’s linear correlation coefficient as a distinguisher [12]. We use the normalized product as a combination function [28, 33]. The considered leakage models for our simulations are the Hamming Weight of the byte (HW), a polynomial combination of the bits of degree two (quad), and a polynomial combination of the bits not bounded on the degree (full). For the HW leakage model, we used the same noise level as the simulations in [30]. We have adapted the noise level to keep the same signal-to-noise ratio for the two other leakage functions. The number of executions needed are given in Table 3.

Table 3. Number of executions needed to perform our attack and a 20-DSCA according to the leakage model (simulations).
Full size table

We observe that for both the quad and full leakage functions, the 2O-DSCA proves to be less efficient than our attack (more traces are needed). This is due to the fact that the predicted and actual leakage functions are no more linearly related. In such cases, we conclude that a collision-correlation attack is a valuable alternative to 2O-DSCA.

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Bettale, L., Dottax, E., Genelle, L., Piret, G. (2014). Collision-Correlation Attack Against a First-Order Masking Scheme for MAC Based on SHA-3. In: Prouff, E. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2014. Lecture Notes in Computer Science(), vol 8622. Springer, Cham. https://doi.org/10.1007/978-3-319-10175-0_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10175-0_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10174-3

  • Online ISBN: 978-3-319-10175-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation