Abstract
At the cutting edge of todays security research and development, the SHA-3 contest evaluates a new successor of SHA-2 for secure hashing operations. One of the finalists is the SHA-3 candidate Skein. Like many other cryptographic primitives Skein utilizes arithmetic operations, for instance modular addition. In this paper we introduce a new method of performing a DPA on modular addition of arbitrary length. We will give an overview over side channel analysis of modular addition, followed by problems occurring when dealing with large operand sizes of 32 bits and more. To overcome these problems, we suggest a new method, called the Butterfly-Attack to exploit the leakage of modular additions. Real world application is being shown by applying our new approach to Skein-MAC, enabling us to forge legitimate MACs using Skein.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ARM CortexM-3 product site, http://www.arm.com/products/processors/cortex-m/cortex-m3.php
AVR ATMega2561 product site, http://www.atmel.com/
Skein submission to the final round of the SHA-3 contest, http://csrc.nist.gov/groups/ST/hash/sha-3/Round3/documents/Skein_FinalRnd.zip
Preneel, B., Govaerts, R., Vandewalle, J.: Hash Functions Based on Block Ciphers: A Synthetic Approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994), http://www.springerlink.com/content/adq9luqrkkxmgk03/fulltext.pdf
Benoît, O., Peyrin, T.: Side-channel analysis of six SHA-3 candidates. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 140–157. Springer, Heidelberg (2010), http://www.springerlink.com/content/822377q22h78420u/fulltext.pdf
Bevan, R., Knudsen, E.: Ways to Enhance Differential Power Analysis. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 327–342. Springer, Heidelberg (2003)
Krawczyk, H., Bellare, M., Canetti, R.: Rfc 2104 - hmac: Keyed-hashing for message authentication. Tech. rep., IEEE (1997), http://tools.ietf.org/html/rfc2104
Lemke, K., Schramm, K., Paar, C.: DPA on n-Bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6, and the HMAC-Construction. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 205–219. Springer, Heidelberg (2004)
Ferguson, N., Lucks, S., Schneier, B., et al.: The skein hash function family. Submission to NIST, Round 3 (2010), http://www.skein-hash.info
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (2007)
Zohner, M., Kasper, M., Stöttinger, M.: Side channel analysis of the sha-3 finalists. In: Design, Automation & Test in Europe, DATE (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zohner, M., Kasper, M., Stöttinger, M. (2012). Butterfly-Attack on Skein’s Modular Addition. In: Schindler, W., Huss, S.A. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2012. Lecture Notes in Computer Science, vol 7275. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29912-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-29912-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29911-7
Online ISBN: 978-3-642-29912-4
eBook Packages: Computer ScienceComputer Science (R0)