Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Constructive Side-Channel Analysis and Secure Design

COSADE 2017: Constructive Side-Channel Analysis and Secure Design pp 34–49Cite as

Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks

A Practical Security Evaluation on FPGA

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10348))

Abstract

In leakage-resilient symmetric cryptography, two important concepts have been proposed in order to decrease the success rate of differential side-channel attacks. The first one is to limit the attacker’s data complexity by restricting the number of observable inputs; the second one is to create correlated algorithmic noise by using parallel S-boxes with equal inputs. The latter hinders the typical divide and conquer approach of differential side-channel attacks and makes key recovery much more difficult in practice. The use of localized electromagnetic (EM) measurements has already been shown to limit the effectiveness of such measures in previous works based on PRESENT S-boxes and 90 nm FPGAs. However, it has been left for future investigation in recent publications based on AES S-boxes. We aim at providing helpful results and insights from LDA-preprocessed, multivariate, localized EM attacks against a 45 nm FPGA implementation using AES S-boxes. We show, that even in the case of densely placed S-boxes (with identical routing constraints), and even when limiting the data complexity to the minimum of only two inputs, the guessing entropy of the key is reduced to only \(2^{48}\), which remains well within the key enumeration capabilities of today’s adversaries. Relaxing the S-box placement constraints further reduces the guessing entropy. Also, increasing the data complexity for efficiency, decreases it down to a direct key recovery. While our results are empirical and reflective of one device and implementation, they emphasize the threat of multivariate localized EM attacks to such AES-based leakage-resilient constructions, more than currently believed.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Reducing the data complexity to 1 would mean that only a single observation (with possibly unlimited measurement complexity) would be available to adversaries. This corresponds to a simple power analysis attack scenario which is not generally considered in most contributions in the field of leakage-resilient cryptography.

  2. 2.

    This corresponds to the ranking of the key after a practical laboratory evaluation using localized EM, where the order of the key bytes is discovered during the attacks, but not all correct subkeys are ranked first. In contrast, the previously mentioned \(2^{44}\) corresponds to the remaining search complexity of global attacks, once all key bytes are assumed to be ranked first, despite the correlated algorithmic noise (theoretical best case).

  3. 3.

    The equations show the calculation of the transformation matrix for one S-box. We omitted an additional identifier for the S-box number for the sake of clarity.

  4. 4.

    We used OFB mode, but other modes would work as well.

References

  1. Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006). doi:10.1007/11894063_1

    Chapter  Google Scholar 

  2. Belaïd, S., De Santis, F., Heyszl, J., Mangard, S., Medwed, M., Schmidt, J.M., Standaert, F.X., Tillich, S.: Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis. J. Cryptograph. Eng. 4(3), 157–171 (2014)

    Google Scholar 

  3. Belaïd, S., Grosso, V., Standaert, F.X.: Masking and leakage-resilient primitives: one, the other(s) or both? Crypt. Commun. 7(1), 163–184 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  4. Bruneau, N., Guilley, S., Heuser, A., Marion, D., Rioul, O.: Less is more. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 22–41. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48324-4_2

    Chapter  Google Scholar 

  5. Canright, D.: A very compact S-box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005). doi:10.1007/11545262_32

    Chapter  Google Scholar 

  6. Choudary, O., Kuhn, M.G.: Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 253–270. Springer, Cham (2014). doi:10.1007/978-3-319-08302-5_17

    Google Scholar 

  7. Choudary, O., Kuhn, M.G.: Template attacks on different devices. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 179–198. Springer, Cham (2014). doi:10.1007/978-3-319-10175-0_13

    Google Scholar 

  8. Fisher, R.A.: The use of multiple measurements in taxonomic problems. Ann. Eugenics 7(7), 179–188 (1936)

    Article  Google Scholar 

  9. Gammel, B., Fischer, W., Mangard, S.: Generating a session key for authentication and secure data transfer. US Patent 2014016955, 7 November 2013

    Google Scholar 

  10. Glowacz, C., Grosso, V., Poussier, R., Schüth, J., Standaert, F.-X.: Simpler and more efficient rank estimation for side-channel security assessment. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 117–129. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48116-5_6

    Chapter  Google Scholar 

  11. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM (JACM) 33(4), 792–807 (1986)

    Article  MathSciNet  MATH  Google Scholar 

  12. Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 231–244. Springer, Heidelberg (2012). doi:10.1007/978-3-642-27954-6_15

    Chapter  Google Scholar 

  13. Kirschbaum, M.: Power analysis resistant logic styles - design, implementation, and evaluation. Ph.D. thesis (2011)

    Google Scholar 

  14. Kocher, P.C.: Leak-resistant cryptographic indexed key update, US Patent 6,539,092, 25 March 2003

    Google Scholar 

  15. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks. Springer, New York (2008)

    Google Scholar 

  16. Medwed, M., Standaert, F.-X., Großschädl, J., Regazzoni, F.: Fresh re-keying: security against side-channel and fault attacks for low-cost devices. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 279–296. Springer, Heidelberg (2010). doi:10.1007/978-3-642-12678-9_17

    Chapter  Google Scholar 

  17. Medwed, M., Standaert, F.-X., Joux, A.: Towards super-exponential side-channel security with efficient leakage-resilient PRFs. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 193–212. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33027-8_12

    Chapter  Google Scholar 

  18. Medwed, M., Standaert, F.-X., Nikov, V., Feldhofer, M.: Unknown-input attacks in the parallel setting: improving the security of the CHES 2012 leakage-resilient PRF. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 602–623. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53887-6_22

    Chapter  Google Scholar 

  19. Petit, C., Standaert, F.X., Pereira, O., Malkin, T.G., Yung, M.: A block cipher based pseudo random number generator secure against side-channel key recovery. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 56–65. ACM (2008)

    Google Scholar 

  20. Pietrzak, K.: A leakage-resilient mode of operation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 462–482. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01001-9_27

    Chapter  Google Scholar 

  21. Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85053-3_26

    Chapter  Google Scholar 

  22. Standaert, F.-X., Pereira, O., Yu, Y.: Leakage-resilient symmetric cryptography under empirically verifiable assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 335–352. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40041-4_19

    Chapter  Google Scholar 

  23. Standaert, F.X., Pereira, O., Yu, Y., Quisquater, J.J., Yung, M., Oswald, E.: Leakage resilient cryptography in practice. In: Sadeghi, A.R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security. Information Security and Cryptography, pp. 99–134. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14452-3_5

    Chapter  Google Scholar 

  24. Taha, M.M.I., Schaumont, P.: Key updating for leakage resiliency with application to AES modes of operation. IEEE Trans. Inf. Forensics Secur. 10(3), 519–528 (2015)

    Article  Google Scholar 

Download references

Acknowledgements

The work presented in this contribution was supported by the German Federal Ministry of Education and Research in the project ALESSIO through grant number 16KIS0629.

Author information

Authors and Affiliations

  1. Fraunhofer Research Institution AISEC, Munich, Germany

    Florian Unterstein, Johann Heyszl & Robert Specht

  2. Technische Universität München, Munich, Germany

    Fabrizio De Santis

Authors
  1. Florian Unterstein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johann Heyszl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fabrizio De Santis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Robert Specht
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Florian Unterstein .

Editor information

Editors and Affiliations

  1. Secure-IC S.A.S. and TELECOM-ParisTech, Paris, France

    Sylvain Guilley

Appendices

A Floorplanning

Fig. 6.
figure 6

Layout of one S-box in the Xilinx IDE.

Full size image
Fig. 7.
figure 7

Position of 16 S-boxes on the floorplan of the Xilinx Spartan 6 FPGA. The entire AES is placed within the black box.

Full size image

B SNR Heat Maps for All S-Boxes

Fig. 8.
figure 8

SNR heat maps of unconstrained placement.

Full size image
Fig. 9.
figure 9

SNR heat maps of dense hard-macro placement.

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Unterstein, F., Heyszl, J., De Santis, F., Specht, R. (2017). Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks. In: Guilley, S. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2017. Lecture Notes in Computer Science(), vol 10348. Springer, Cham. https://doi.org/10.1007/978-3-319-64647-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64647-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64646-6

  • Online ISBN: 978-3-319-64647-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation