ABSTRACT
In this paper, we propose an efficient method for extracting simple low-degree equations (e.g. quadratic ones) in addition to the linear ones, obtainable from the original cube attack by Dinur and Shamir at EUROCRYPT 2009. This extended cube attack can be successfully applied even to cryptosystems in which the original cube attack may fail due to the attacker's inability in finding sufficiently many independent linear equations. As an application of our extended method, we exhibit a side channel cube attack against the PRESENT block cipher using the Hamming weight leakage model. Our side channel attack improves upon the previous work of Yang, Wang and Qiao at CANS 2009 from two aspects. First, we use the Hamming weight leakage model which is a more relaxed leakage assumption, supported by many previously known practical results on side channel attacks, compared to the more challenging leakage assumption that the adversary has access to the "exact" value of the internal state bits as used by Yang et al. Thanks to applying the extended cube method, our attack has also a reduced complexity compared to that of Yang et al. Namely, for PRESENT-80 (80-bit key variant) as considered by Yang et al., our attack has a time complexity 216 and data complexity of about 213 chosen plaintexts; whereas, that of Yang et al. has time complexity of 232 and needs about 215 chosen plaintexts. Furthermore, our method directly applies to PRESENT-128 (i.e. 128-bit key variant) with time complexity of 264 and the same data complexity of 213 chosen plaintexts.
- Abdul-Latip, S. F., Reyhanitabar, M. R., Susilo, W., Seberry, J.: On the Security of NOEKEON against Side Channel Cube Attacks. In: Kwak, J., Deng, R., Won, Y. (Eds.) ISPEC 2010. LNCS, vol. 6047, pp. 45--55. Springer, Heidelberg (2010) Google ScholarDigital Library
- Akkar, M. L., Bévan, R., Dischamp, P., Moyart, D.: Power analysis, what is now possible... In: Okamoto, T. (Ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 489--502. Springer, Heidelberg (2000) Google ScholarDigital Library
- Anderson, R., Biham, B., Knudsen, L.: Serpent: A Proposal for the Advanced Encryption Standard. In First Advanced Encryption Standard (AES) Conference, (1998)Google Scholar
- Aumasson, J. P., Dinur, I., Meier, M., Shamir, A.: Cube Testers and Key Recovery Attacks On Reduced-Round MD6 and Trivium. In: Dunkelman, O. (Ed.) FSE 2009. LNCS, vol. 5665, pp. 1--22. Springer, Heidelberg (2009) Google ScholarDigital Library
- Aumasson, J. P., Dinur, I., Henzen, L., Meier, W., Shamir, A.: Efficient FPGA Implementations of High-Dimensional Cube Testers on the Stream Cipher Grain-128. IACR ePrint Archive, Report 2009/218 (2009), http://eprint.iacr.org/2009/218Google Scholar
- Bard, G. V., Courtois, N. T., Jefferson, C.: Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers. IACR ePrint Archive, Report 2007/024 (2007), http://eprint.iacr.org/2007/024Google Scholar
- Bévan, R., Knudsen, R.: Ways to Enhance Differential Power Analysis. In: Lee, P. J, Lim, C. H. (Eds.) ICISC 2002. LNCS, vol. 2587, pp. 327--342. Springer, Heidleberg (2003) Google ScholarDigital Library
- Bogdanov, A., Kizhvatov, I., Pyshkin, A.: Algebraic Methods in Side-Channel Collision Attcks and Practical Collision Detection. In: Chowdhury, D. R., Rijmen, V., Das, A. (Eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 251--265. Springer, Heidelberg (2008) Google ScholarDigital Library
- Blum, M., Luby, M., Rubinfield, R.: Self-Testing/Correcting with Application to Numerical Problems. In: STOC, pp. 73--83. ACM, New York (1990) Google ScholarDigital Library
- Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (Eds.) CHES 2007. LNCS, vol. 4727, pp. 450--466. Springer, Heidelberg (2007) Google ScholarDigital Library
- Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (Eds.) CHES 2004, LNCS, vol. 3156, pp. 16--29. Springer, Heidelberg (2004)Google Scholar
- Canniere, C. D., Preneel, B.: TRIVIUM. In: Robshaw, M. J. B., Billet, O. (Ed.) New Stream Cipher Designs -The eSTREAM Finalists. LNCS, vol. 4986, pp. 244--266. Springer, Heidelberg (2008) Google ScholarDigital Library
- Clavier, C., Coron, J. S., Dabbous, N.: Differential Power Analysis in the Presence of Hardware Countermeasures. In: Koĉ, C.K., Paar, C. (Eds.) CHES 2000. LNCS, vol. 1965, pp. 252--263. Springer, Heidelberg (2000) Google ScholarDigital Library
- Coron, J. S., Kocher, P., Naccache, D.: Statistics and Secret Leakage. In: Frankel, Y. (Ed.) FC 2000. LNCS, vol. 1962, pp. 157--173. Springer, Heidelberg (2001) Google ScholarDigital Library
- Daemen, J., Rijmen, V.: AES Proposal: Rijndael. Technical Evaluation, CD-1: Documentation (1998)Google Scholar
- Dinur, I., Shamir, A.: Cube Attacks on Tweakable Black Box Polynomials. In: Joux, A. (Ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278--299. Springer, Heidelberg (2009)Google ScholarDigital Library
- Dinur, I., Shamir, A.: Side Channel Cube Attacks on Block Ciphers. Cryptology ePrint Archive, Report 2009/127 (2009), http://eprint.iacr.org/2009/127Google Scholar
- Englund, H., Johansson, T., Turan, M. S.: A Framework for Chosen IV Statistical Analysis of Stream Ciphers. In: Srinathan, K., Rangan, C. P., Yung, M. (Eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 268--281. Springer, Heidelberg (2007) Google ScholarDigital Library
- Filiol, E.: A New Statistical Testing for Symmetric Ciphers and Hash Functions. In: Deng, R. H., Qing, S., Bao, F., Zhou, J. (Eds.) ICICS 2002. LNCS, vol. 2513, pp. 342--353. Springer, Heidelberg (2002) Google ScholarDigital Library
- Fischer, S., Khazaei, S., Meier, W.: Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers. In: Vaudenay, S. (Ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 236--245. Springer, Heidelberg (2008) Google ScholarDigital Library
- Goubin, L., Patarin, J.: DES and Differential Power Analysis - The Duplication Method. In: Koĉ, C.K., Paar, C. (Eds.) CHES 1999. LNCS, vol. 1717, pp. 158--172. Springer, Heidelberg (1999) Google ScholarDigital Library
- Hell, M., Johansson, T., Meier, M.: The Grain Family of Stream Ciphers. In: Robshaw, M., Billet, O. (Eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 179--190. Springer, Heidelberg (2008) Google ScholarDigital Library
- Khazaei, S., Meier, W.: New Directions in Cryptanalysis of Self-Synchronizing Stream Ciphers. In: Chowdhury, D. R., Rijmen, V., Das, A. (Eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 15--26. Springer, Heidelberg (2008) Google ScholarDigital Library
- Kocher, J., Jaffe, J., Jun, B.: Introduction to Differential Power Analysis and Related Attacks. (1998), http://www.cryptography.com/dpa/technical.Google Scholar
- Kocher, J., Jaffe, J., Jun, B.: Differential Power Analysis. In: Weiner, M. J. (Ed.) CRYPTO 99. LNCS, vol. 1666, pp. 388--397. Springer, Heidelberg (1999) Google ScholarDigital Library
- Mamiya, H., Miyaji, A., Morimoto, H.: Efficient Countermeasures against RPA, DPA, and SPA. In: Joye, M., Quisquater, J. J (Eds.) CHES 2004. LNCS, vol. 3156, pp. 243--319. Springer, Heidelberg (2004)Google Scholar
- Mangard, S.: Hardware Countermeasures against DPA - A Statistical Analysis of Their Effectiveness. In: Okamoto, T. (Ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 222--235. Springer, Heidelberg (2004)Google Scholar
- Mayer-Sommer, R.: Smartly Analysis the Simplicity and the Power of Simple Power Analysis on Smartcards. In: Koĉ, C.K., Paar, C. (Eds.) CHES 2000. LNCS, vol. 1965, pp. 78--92. Springer, Heidelberg (2000) Google ScholarDigital Library
- OŠNeil, S.: Algebraic Structure Defectoscopy. IACR ePrint Archive, Report 2007/378 (2007), http://eprint.iacr.org/2007/378Google Scholar
- Oswald, E.: On Side-Channel Attacks and the Application of Algorithmic Countermeasures. PhD Thesis, Faculty of Science of the University of Technology Graz (IAIK-TUG), Austria, May (2003)Google Scholar
- Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. In: Pointcheval, D. (Ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192--207. Springer, Heidelberg (2006) Google ScholarDigital Library
- Rivest, R., Agre, B., Bailey, D. V., Crutchfield, C., Dodis, Y., Fleming, K. E., Khan, A., Krishnamurthy, J., Lin, Y., Reyzin, L., Shen, E., Sukha, J., Sutherland, D., Tromer, E., Yin, Y. L.: The MD6 Hash Function - A Proposal to NIST for SHA-3. http://groups.csail.mit.edu/cis/md6/Google Scholar
- Renauld, M., Standaert, F. X.: Algebraic Side-Channel Attacks. IACR ePrint Archive, Report 2009/279 (2009), http://eprint.iacr.org/2009/279Google Scholar
- Saarinen, M.-J.O.: Chosen-IV Statistical Attacks on eStream Ciphers. In: Malek, M., Fernt'andez-Medina, E., Hernando, J. (Eds.) SECRYPT 2006, pp. 260--266. INSTICC Press (2006)Google Scholar
- Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack. IACR ePrint Archive, Report 2007/413 (2007), http://eprint.iacr.org/2007/413Google Scholar
- Lai, X.: Higher Order Derivatives and Differential Cryptanalysis. In: Communication and Cryptology, pp. 227--233. Kluwer Academic Publisher (1994)Google ScholarCross Ref
- Yang, L., Wang, M., Qiao, S.: Side Channel Cube Attack on PRESENT. In: Garay, J. A., Miyaji, A., Otsuka, A. (Eds.) CANS 2009. LNCS, vol. 5888, pp. 379--391. Springer, Heidelberg (2009) Google ScholarDigital Library
Index Terms
- Extended cubes: enhancing the cube attack by extracting low-degree non-linear equations
Recommendations
On the security of NOEKEON against side channel cube attacks
ISPEC'10: Proceedings of the 6th international conference on Information Security Practice and ExperienceIn this paper, we investigate the security of the NOEKEON block cipher against side channel cube attacks. NOEKEON was proposed by Daemen et al. for the NESSIE project. The block size and the key size are both 128 bits. The cube attack, introduced by ...
On the security of hummingbird-2 against side channel cube attacks
WEWoRC'11: Proceedings of the 4th Western European conference on Research in CryptologyHummingbird-2 is a recently proposed ultra-lightweight cryptographic algorithm targeted for resource-constrained devices like RFID tags, smart cards, and wireless sensor nodes. In this paper, we address the security of the Hummingbird-2 cipher against ...
Generic Analysis of Small Cryptographic Leaks
FDTC '10: Proceedings of the 2010 Workshop on Fault Diagnosis and Tolerance in CryptographySide channel attacks are typically divided into two phases: In the{\it collection phase} the attacker tries to measure some physical property of the implementation, and in the {\it analysis phase} he tries to derive the cryptographic key from the ...
Comments