research-article

Extended cubes: enhancing the cube attack by extracting low-degree non-linear equations

Authors:
Shekh Faisal Abdul-Latip

University of Wollongong, Australia

University of Wollongong, Australia
View Profile

,
Mohammad Reza Reyhanitabar

University of Wollongong, Australia

University of Wollongong, Australia
View Profile

,
Willy Susilo

University of Wollongong, Australia

University of Wollongong, Australia
View Profile

,
Jennifer Seberry

University of Wollongong, Australia

University of Wollongong, Australia
View Profile

ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications SecurityMarch 2011Pages 296–305https://doi.org/10.1145/1966913.1966952

Published:22 March 2011Publication History

ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

Pages 296–305

ABSTRACT

In this paper, we propose an efficient method for extracting simple low-degree equations (e.g. quadratic ones) in addition to the linear ones, obtainable from the original cube attack by Dinur and Shamir at EUROCRYPT 2009. This extended cube attack can be successfully applied even to cryptosystems in which the original cube attack may fail due to the attacker's inability in finding sufficiently many independent linear equations. As an application of our extended method, we exhibit a side channel cube attack against the PRESENT block cipher using the Hamming weight leakage model. Our side channel attack improves upon the previous work of Yang, Wang and Qiao at CANS 2009 from two aspects. First, we use the Hamming weight leakage model which is a more relaxed leakage assumption, supported by many previously known practical results on side channel attacks, compared to the more challenging leakage assumption that the adversary has access to the "exact" value of the internal state bits as used by Yang et al. Thanks to applying the extended cube method, our attack has also a reduced complexity compared to that of Yang et al. Namely, for PRESENT-80 (80-bit key variant) as considered by Yang et al., our attack has a time complexity 2¹⁶ and data complexity of about 2¹³ chosen plaintexts; whereas, that of Yang et al. has time complexity of 2³² and needs about 2¹⁵ chosen plaintexts. Furthermore, our method directly applies to PRESENT-128 (i.e. 128-bit key variant) with time complexity of 2⁶⁴ and the same data complexity of 2¹³ chosen plaintexts.

References

Abdul-Latip, S. F., Reyhanitabar, M. R., Susilo, W., Seberry, J.: On the Security of NOEKEON against Side Channel Cube Attacks. In: Kwak, J., Deng, R., Won, Y. (Eds.) ISPEC 2010. LNCS, vol. 6047, pp. 45--55. Springer, Heidelberg (2010) Google ScholarDigital Library
Akkar, M. L., B&#233;van, R., Dischamp, P., Moyart, D.: Power analysis, what is now possible... In: Okamoto, T. (Ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 489--502. Springer, Heidelberg (2000) Google ScholarDigital Library
Anderson, R., Biham, B., Knudsen, L.: Serpent: A Proposal for the Advanced Encryption Standard. In First Advanced Encryption Standard (AES) Conference, (1998)Google Scholar
Aumasson, J. P., Dinur, I., Meier, M., Shamir, A.: Cube Testers and Key Recovery Attacks On Reduced-Round MD6 and Trivium. In: Dunkelman, O. (Ed.) FSE 2009. LNCS, vol. 5665, pp. 1--22. Springer, Heidelberg (2009) Google ScholarDigital Library
Aumasson, J. P., Dinur, I., Henzen, L., Meier, W., Shamir, A.: Efficient FPGA Implementations of High-Dimensional Cube Testers on the Stream Cipher Grain-128. IACR ePrint Archive, Report 2009/218 (2009), http://eprint.iacr.org/2009/218Google Scholar
Bard, G. V., Courtois, N. T., Jefferson, C.: Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers. IACR ePrint Archive, Report 2007/024 (2007), http://eprint.iacr.org/2007/024Google Scholar
B&#233;van, R., Knudsen, R.: Ways to Enhance Differential Power Analysis. In: Lee, P. J, Lim, C. H. (Eds.) ICISC 2002. LNCS, vol. 2587, pp. 327--342. Springer, Heidleberg (2003) Google ScholarDigital Library
Bogdanov, A., Kizhvatov, I., Pyshkin, A.: Algebraic Methods in Side-Channel Collision Attcks and Practical Collision Detection. In: Chowdhury, D. R., Rijmen, V., Das, A. (Eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 251--265. Springer, Heidelberg (2008) Google ScholarDigital Library
Blum, M., Luby, M., Rubinfield, R.: Self-Testing/Correcting with Application to Numerical Problems. In: STOC, pp. 73--83. ACM, New York (1990) Google ScholarDigital Library
Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (Eds.) CHES 2007. LNCS, vol. 4727, pp. 450--466. Springer, Heidelberg (2007) Google ScholarDigital Library
Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (Eds.) CHES 2004, LNCS, vol. 3156, pp. 16--29. Springer, Heidelberg (2004)Google Scholar
Canniere, C. D., Preneel, B.: TRIVIUM. In: Robshaw, M. J. B., Billet, O. (Ed.) New Stream Cipher Designs -The eSTREAM Finalists. LNCS, vol. 4986, pp. 244--266. Springer, Heidelberg (2008) Google ScholarDigital Library
Clavier, C., Coron, J. S., Dabbous, N.: Differential Power Analysis in the Presence of Hardware Countermeasures. In: Ko&ccirc;, C.K., Paar, C. (Eds.) CHES 2000. LNCS, vol. 1965, pp. 252--263. Springer, Heidelberg (2000) Google ScholarDigital Library
Coron, J. S., Kocher, P., Naccache, D.: Statistics and Secret Leakage. In: Frankel, Y. (Ed.) FC 2000. LNCS, vol. 1962, pp. 157--173. Springer, Heidelberg (2001) Google ScholarDigital Library
Daemen, J., Rijmen, V.: AES Proposal: Rijndael. Technical Evaluation, CD-1: Documentation (1998)Google Scholar
Dinur, I., Shamir, A.: Cube Attacks on Tweakable Black Box Polynomials. In: Joux, A. (Ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278--299. Springer, Heidelberg (2009)Google ScholarDigital Library
Dinur, I., Shamir, A.: Side Channel Cube Attacks on Block Ciphers. Cryptology ePrint Archive, Report 2009/127 (2009), http://eprint.iacr.org/2009/127Google Scholar
Englund, H., Johansson, T., Turan, M. S.: A Framework for Chosen IV Statistical Analysis of Stream Ciphers. In: Srinathan, K., Rangan, C. P., Yung, M. (Eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 268--281. Springer, Heidelberg (2007) Google ScholarDigital Library
Filiol, E.: A New Statistical Testing for Symmetric Ciphers and Hash Functions. In: Deng, R. H., Qing, S., Bao, F., Zhou, J. (Eds.) ICICS 2002. LNCS, vol. 2513, pp. 342--353. Springer, Heidelberg (2002) Google ScholarDigital Library
Fischer, S., Khazaei, S., Meier, W.: Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers. In: Vaudenay, S. (Ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 236--245. Springer, Heidelberg (2008) Google ScholarDigital Library
Goubin, L., Patarin, J.: DES and Differential Power Analysis - The Duplication Method. In: Ko&ccirc;, C.K., Paar, C. (Eds.) CHES 1999. LNCS, vol. 1717, pp. 158--172. Springer, Heidelberg (1999) Google ScholarDigital Library
Hell, M., Johansson, T., Meier, M.: The Grain Family of Stream Ciphers. In: Robshaw, M., Billet, O. (Eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 179--190. Springer, Heidelberg (2008) Google ScholarDigital Library
Khazaei, S., Meier, W.: New Directions in Cryptanalysis of Self-Synchronizing Stream Ciphers. In: Chowdhury, D. R., Rijmen, V., Das, A. (Eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 15--26. Springer, Heidelberg (2008) Google ScholarDigital Library
Kocher, J., Jaffe, J., Jun, B.: Introduction to Differential Power Analysis and Related Attacks. (1998), http://www.cryptography.com/dpa/technical.Google Scholar
Kocher, J., Jaffe, J., Jun, B.: Differential Power Analysis. In: Weiner, M. J. (Ed.) CRYPTO 99. LNCS, vol. 1666, pp. 388--397. Springer, Heidelberg (1999) Google ScholarDigital Library
Mamiya, H., Miyaji, A., Morimoto, H.: Efficient Countermeasures against RPA, DPA, and SPA. In: Joye, M., Quisquater, J. J (Eds.) CHES 2004. LNCS, vol. 3156, pp. 243--319. Springer, Heidelberg (2004)Google Scholar
Mangard, S.: Hardware Countermeasures against DPA - A Statistical Analysis of Their Effectiveness. In: Okamoto, T. (Ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 222--235. Springer, Heidelberg (2004)Google Scholar
Mayer-Sommer, R.: Smartly Analysis the Simplicity and the Power of Simple Power Analysis on Smartcards. In: Ko&ccirc;, C.K., Paar, C. (Eds.) CHES 2000. LNCS, vol. 1965, pp. 78--92. Springer, Heidelberg (2000) Google ScholarDigital Library
O&#352;Neil, S.: Algebraic Structure Defectoscopy. IACR ePrint Archive, Report 2007/378 (2007), http://eprint.iacr.org/2007/378Google Scholar
Oswald, E.: On Side-Channel Attacks and the Application of Algorithmic Countermeasures. PhD Thesis, Faculty of Science of the University of Technology Graz (IAIK-TUG), Austria, May (2003)Google Scholar
Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. In: Pointcheval, D. (Ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192--207. Springer, Heidelberg (2006) Google ScholarDigital Library
Rivest, R., Agre, B., Bailey, D. V., Crutchfield, C., Dodis, Y., Fleming, K. E., Khan, A., Krishnamurthy, J., Lin, Y., Reyzin, L., Shen, E., Sukha, J., Sutherland, D., Tromer, E., Yin, Y. L.: The MD6 Hash Function - A Proposal to NIST for SHA-3. http://groups.csail.mit.edu/cis/md6/Google Scholar
Renauld, M., Standaert, F. X.: Algebraic Side-Channel Attacks. IACR ePrint Archive, Report 2009/279 (2009), http://eprint.iacr.org/2009/279Google Scholar
Saarinen, M.-J.O.: Chosen-IV Statistical Attacks on eStream Ciphers. In: Malek, M., Fernt'andez-Medina, E., Hernando, J. (Eds.) SECRYPT 2006, pp. 260--266. INSTICC Press (2006)Google Scholar
Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack. IACR ePrint Archive, Report 2007/413 (2007), http://eprint.iacr.org/2007/413Google Scholar
Lai, X.: Higher Order Derivatives and Differential Cryptanalysis. In: Communication and Cryptology, pp. 227--233. Kluwer Academic Publisher (1994)Google ScholarCross Ref
Yang, L., Wang, M., Qiao, S.: Side Channel Cube Attack on PRESENT. In: Garay, J. A., Miyaji, A., Otsuka, A. (Eds.) CANS 2009. LNCS, vol. 5888, pp. 379--391. Springer, Heidelberg (2009) Google ScholarDigital Library

Index Terms

Extended cubes: enhancing the cube attack by extracting low-degree non-linear equations
1. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

On the security of NOEKEON against side channel cube attacks
ISPEC'10: Proceedings of the 6th international conference on Information Security Practice and Experience

In this paper, we investigate the security of the NOEKEON block cipher against side channel cube attacks. NOEKEON was proposed by Daemen et al. for the NESSIE project. The block size and the key size are both 128 bits. The cube attack, introduced by ...
Read More
On the security of hummingbird-2 against side channel cube attacks
WEWoRC'11: Proceedings of the 4th Western European conference on Research in Cryptology

Hummingbird-2 is a recently proposed ultra-lightweight cryptographic algorithm targeted for resource-constrained devices like RFID tags, smart cards, and wireless sensor nodes. In this paper, we address the security of the Hummingbird-2 cipher against ...
Read More
Generic Analysis of Small Cryptographic Leaks
FDTC '10: Proceedings of the 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography

Side channel attacks are typically divided into two phases: In the{\it collection phase} the attacker tries to measure some physical property of the implementation, and in the {\it analysis phase} he tries to derive the cryptographic key from the ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
March 2011
527 pages
ISBN:9781450305648
DOI:10.1145/1966913
General Chairs:
Bruce Cheung
The University of Hong Kong, China
,
Lucas Chi Kwong Hui
The University of Hong Kong, China
,
Program Chairs:
Ravi Sandhu
University of Texas, San Antonio
,
Duncan S. Wong
City University of Hong Kong, China
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 March 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
PRESENT
algebraic cryptanalysis
cube attacks
extended cube
side channel attacks
Qualifiers
- research-article
Conference

Acceptance Rates
ASIACCS '11 Paper Acceptance Rate35of217submissions,16%Overall Acceptance Rate418of2,322submissions,18%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 8
  Total Citations
  View Citations
- 274
  Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Extended cubes: enhancing the cube attack by extracting low-degree non-linear equations

ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

On the security of NOEKEON against side channel cube attacks

On the security of hummingbird-2 against side channel cube attacks

Generic Analysis of Small Cryptographic Leaks