A Finer-Grain Analysis of the Leakage (Non) Resilience of OCB

OCB3 is one of the winners of the CAESAR competition and is among the most popular authenticated encryption schemes. In this paper, we put forward a fine-grain study of its security against side-channel attacks. We start from trivial key recoveries in settings where the mode can be attacked with standard Differential Power Analysis (DPA) against some block cipher calls in its execution (namely, initialization, processing of associated data or last incomplete block and decryption). These attacks imply that at least these parts must be strongly protected thanks to countermeasures like masking. We next show that if these block cipher calls of the mode are protected, practical attacks on the remaining block cipher calls remain possible. A first option is to mount a DPA with unknown inputs. A more efficient option is to mount a DPA that exploits horizontal relations between consecutive input whitening values. It allows trading a significantly reduced data complexity for a higher key guessing complexity and turns out to be the best attack vector in practical experiments performed against an implementation of OCB3 in an ARM Cortex-M0. Eventually, we consider an implementation where all the block cipher calls are protected. We first show that exploiting the leakage of the whitening values requires mounting a Simple Power Analysis (SPA) against linear operations. We then show that despite being more challenging than when applied to non-linear operations, such an SPA remains feasible against 8-bit implementations, leaving its generalization to larger implementations as an interesting open problem. We last describe how recovering the whitening values can lead to strong attacks against the confidentiality and integrity of OCB3. Thanks to this comprehensive analysis, we draw concrete requirements for side-channel resistant implementations of OCB3.

Download Full-text

ISAP – Towards Side-Channel Secure Authenticated Encryption

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2017.i1.80-105 ◽

2017 ◽

pp. 80-105 ◽

Cited By ~ 7

Author(s):

Christoph Dobraunig ◽

Maria Eichlseder ◽

Stefan Mangard ◽

Florian Mendel ◽

Thomas Unterluggauer

Keyword(s):

Power Analysis ◽

Side Channel ◽

Authenticated Encryption ◽

Session Key ◽

Bulk Storage ◽

Side Channel Analysis ◽

Encryption Schemes ◽

Secret Keys ◽

Shared Secret ◽

Channel Analysis

Side-channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. One approach to counteract such attacks are cryptographic schemes based on fresh re-keying. In settings of pre-shared secret keys, such schemes render DPA attacks infeasible by deriving session keys and by ensuring that the attacker cannot collect side-channel leakage on the session key during cryptographic operations with different inputs. While these schemes can be applied to secure standard communication settings, current re-keying approaches are unable to provide protection in settings where the same input needs to be processed multiple times. In this work, we therefore adapt the re-keying approach and present a symmetric authenticated encryption scheme that is secure against DPA attacks and that does not have such a usage restriction. This means that our scheme fully complies with the requirements given in the CAESAR call and hence, can be used like other noncebased authenticated encryption schemes without loss of side-channel protection. Its resistance against side-channel analysis is highly relevant for several applications in practice, like bulk storage settings in general and the protection of FPGA bitfiles and firmware images in particular.

Download Full-text

General classification of the authenticated encryption schemes for the CAESAR competition

Computer Science Review ◽

10.1016/j.cosrev.2016.07.002 ◽

2016 ◽

Vol 22 ◽

pp. 13-26 ◽

Cited By ~ 5

Author(s):

Farzaneh Abed ◽

Christian Forler ◽

Stefan Lucks

Keyword(s):

Authenticated Encryption ◽

General Classification ◽

Encryption Schemes ◽

Caesar Competition

Download Full-text

The Area-Latency Symbiosis: Towards Improved Serial Encryption Circuits

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i1.239-278 ◽

2020 ◽

pp. 239-278

Author(s):

Fatih Balli ◽

Andrea Caforio ◽

Subhadeep Banik

Keyword(s):

Block Cipher ◽

Block Ciphers ◽

Significant Loss ◽

Authenticated Encryption ◽

End User ◽

Maximum Throughput ◽

Mode Of Operation ◽

Encryption Schemes ◽

Bit Serial

The bit-sliding paper of Jean et al. (CHES 2017) showed that the smallest-size circuit for SPN based block ciphers such as AES, SKINNY and PRESENT can be achieved via bit-serial implementations. Their technique decreases the bit size of the datapath and naturally leads to a significant loss in latency (as well as the maximum throughput). Their designs complete a single round of the encryption in 168 (resp. 68) clock cycles for 128 (resp. 64) bit blocks. A follow-up work by Banik et al. (FSE 2020) introduced the swap-and-rotate technique that both eliminates this loss in latency and achieves even smaller footprints.In this paper, we extend these results on bit-serial implementations all the way to four authenticated encryption schemes from NIST LWC. Our first focus is to decrease latency and improve throughput with the use of the swap-and-rotate technique. Our block cipher implementations have the most efficient round operations in the sense that a round function of an n-bit block cipher is computed in exactly n clock cycles. This leads to implementations that are similar in size to the state of the art, but have much lower latency (savings up to 20 percent). We then extend our technique to 4- and 8-bit implementations. Although these results are promising, block ciphers themselves are not end-user primitives, as they need to be used in conjunction with a mode of operation. Hence, in the second part of the paper, we use our serial block ciphers to bootstrap four active NIST authenticated encryption candidates: SUNDAE-GIFT, Romulus, SAEAES and SKINNY-AEAD. In the wake of this effort, we provide the smallest block-cipher-based authenticated encryption circuits known in the literature so far.

Download Full-text

Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked Implementation

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2020.is1.31-59 ◽

2020 ◽

pp. 31-59

Author(s):

Dahmun Goudarzi ◽

Jérémy Jean ◽

Stefan Kölbl ◽

Thomas Peyrin ◽

Matthieu Rivain ◽

...

Keyword(s):

Block Cipher ◽

High Order ◽

Side Channel ◽

Design Rationale ◽

Authenticated Encryption ◽

Lightweight Cryptography ◽

Standardization Process ◽

Very High ◽

Better Than ◽

Provably Secure

This paper introduces Pyjamask, a new block cipher family and authenticated encryption proposal submitted to the NIST lightweight cryptography standardization process. Pyjamask targets side-channel resistance as one of its main goal. More precisely, it strongly minimizes the number of nonlinear gates used in its internal primitive in order to allow efficient masked implementations, especially for high-order masking in software. Compared to other block ciphers, our proposal has thus among the smallest number of binary AND computations per input bit at the time of writing. Even though Pyjamask minimizes such an important criterion, it remains rather lightweight and efficient, thanks to a general bitslice construction that enables to computation of all nonlinear gates in parallel. For authenticated encryption, we adopt the provably secure AEAD mode OCB which has been extensively studied and has the benefit to offer full parallelization. Of course, other block cipher-based modes can be considered as well if other performance profiles are to be targeted.The paper first gives the specification of the Pyjamask block cipher and the associated AEAD proposal. We also provide a detailed design rationale for the block cipher which is guided by our aim of software efficiency in the presence of high-order masking. The security of the design is analyzed against most commonly known cryptanalysis techniques. We finally describe efficient (masked) implementations in software and provide implementation results with aggressive performances for masking of very high orders (up to 128). We also provide a rough estimation of the hardware performances which remain much better than those of an AES round-based implementation.

Download Full-text

The State of the Authenticated Encryption

Tatra Mountains Mathematical Publications ◽

10.1515/tmmp-2016-0038 ◽

2016 ◽

Vol 67 (1) ◽

pp. 167-190

Author(s):

Damian Vizár

Keyword(s):

The State ◽

Authenticated Encryption ◽

Research Activity ◽

Cryptographic Primitive ◽

Encryption Schemes ◽

Caesar Competition ◽

Symmetric Key

Abstract Ensuring confidentiality and integrity of communication remains among the most important goals of cryptography. The notion of authenticated encryption marries these two security goals in a single symmetric-key, cryptographic primitive. A lot of effort has been invested in authenticated encryption during the fifteen years of its existence. The recent Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) has boosted the research activity in this area even more. As a result, the area of authenticated encryption boasts numerous results, both theoretically and practically oriented, and perhaps even greater number of constructions of authenticated encryption schemes. We explore the current landscape of results on authenticated encryption. We review the CEASAR competition and its candidates, the most popular construction principles, and various design goals for authenticated encryption, many of which appeared during the CAESAR competition. We also take a closer look at the candidate Offset Merkle-Damgård (OMD).

Download Full-text

Charge Based Power Side-Channel Attack Methodology for an Adiabatic Cipher

Electronics ◽

10.3390/electronics10121438 ◽

2021 ◽

Vol 10 (12) ◽

pp. 1438

Author(s):

Krithika Dhananjay ◽

Emre Salman

Keyword(s):

Power Analysis ◽

Block Cipher ◽

Side Channel ◽

Secret Key ◽

Side Channel Attack ◽

Ultra Low Power ◽

Target Signal ◽

Adiabatic Circuit ◽

A Charge ◽

The Internet Of Things

SIMON is a block cipher developed to provide flexible security options for lightweight hardware applications such as the Internet-of-things (IoT). Safeguarding such resource-constrained hardware from side-channel attacks poses a significant challenge. Adiabatic circuit operation has recently received attention for such applications due to ultra-low power consumption. In this work, a charge-based methodology is developed to mount a correlation power analysis (CPA) based side-channel attack to an adiabatic SIMON core. The charge-based method significantly reduces the attack complexity by reducing the required number of power samples by two orders of magnitude. The CPA results demonstrate that the required measurements-to-disclosure (MTD) to retrieve the secret key of an adiabatic SIMON core is 4× higher compared to a conventional static CMOS based implementation. The effect of increase in the target signal load capacitance on the MTD is also investigated. It is observed that the MTD can be reduced by half if the load driven by the target signal is increased by 2× for an adiabatic SIMON, and by 5× for a static CMOS based SIMON. This sensitivity to target signal capacitance of the adiabatic SIMON can pose a serious concern by facilitating a more efficient CPA attack.

Download Full-text

LM-DAE: Low-Memory Deterministic Authenticated Encryption for 128-bit Security

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2020.i4.1-38 ◽

2020 ◽

pp. 1-38

Author(s):

Yusuke Naito ◽

Yu Sasaki ◽

Takeshi Sugawara

Keyword(s):

Block Cipher ◽

State Of The Art ◽

Block Size ◽

Query Complexity ◽

Side Channel ◽

Authenticated Encryption ◽

Implementation Cost ◽

Tweakable Block Cipher ◽

Deterministic Authenticated Encryption ◽

State Size

This paper proposes a new lightweight deterministic authenticated encryption (DAE) scheme providing 128-bit security. Lightweight DAE schemes are practically important because resource-restricted devices sometimes cannot afford to manage a nonce properly. For this purpose, we first design a new mode LM-DAE that has a minimal state size and uses a tweakable block cipher (TBC). The design can be implemented with low memory and is advantageous in threshold implementations (TI) as a side-channel attack countermeasure. LM-DAE further reduces the implementation cost by eliminating the inverse tweak schedule needed in the previous TBC-based DAE modes. LM-DAE is proven to be indistinguishable from an ideal DAE up to the O(2n) query complexity for the block size n. To achieve 128-bit security, an underlying TBC must handle a 128-bit block, 128-bit key, and 128+4-bit tweak, where the 4-bit tweak comes from the domain separation. To satisfy this requirement, we extend SKINNY-128-256 with an additional 4-bit tweak, by applying the elastic-tweak proposed by Chakraborti et al. We evaluate the hardware performances of the proposed scheme with and without TI. Our LM-DAE implementation achieves 3,717 gates, roughly 15% fewer than state-of-the-art nonce-based schemes, thanks to removing the inverse tweak schedule.

Download Full-text

Side Channel Leakages Against Financial IC Card of the Republic of Korea

Applied Sciences ◽

10.3390/app8112258 ◽

2018 ◽

Vol 8 (11) ◽

pp. 2258 ◽

Cited By ~ 1

Author(s):

Yoo-Seung Won ◽

Jonghyeok Lee ◽

Dong-Guk Han

Keyword(s):

Power Analysis ◽

Block Cipher ◽

Algebraic Logic ◽

National Level ◽

Payment System ◽

Republic Of Korea ◽

Side Channel ◽

Ic Card ◽

The Republic ◽

Ic Cards

Integrated circuit (IC) chip cards are commonly used in payment system applications since they can provide security and convenience simultaneously. More precisely, Europay, MasterCard, and VISA (EMV) are widely known to be well equipped with security frameworks that can defend against malicious attacks. On the other hand, there are other payment system applications at the national level. In the case of the Republic of Korea, standards for financial IC card specifications are established by the Korea Financial Telecommunications and Clearings Institute. Furthermore, security features defending against timing analysis, power analysis, electromagnetic analysis, and TEMPEST are required. This paper identifies side channel leakages in the financial IC cards of the Republic of Korea, although there may be side channel countermeasures. Side channel leakages in the financial IC cards of the Republic of Korea are identified for the first time since the side channel countermeasures were included in the standards. The countermeasure that is applied to the IC card from a black box perspective is estimated to measure security features against power analysis. Then, in order to investigate whether an underlying countermeasure is applied, first-order and second-order power analyses are performed on the main target, e.g., a S-box of the block cipher SEED that is employed in the financial system. Furthermore, the latest proposal in ICISC 2017 is examined to apply block cipher SEED to the financial IC card protocol. As a result, it is possible to identify some side channel leakages while expanding the lemma of the paper accepted in ICISC 2017. Algebraic logic is also constructed to recover the master key from some round keys. Finally, it is found that only 20,000 traces are required to find the master key.

Download Full-text

Improved Meet-in-the-Middle Attacks on Reduced-Round Kiasu-BC and Joltik-BC

The Computer Journal ◽

10.1093/comjnl/bxz059 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1761-1776 ◽

Cited By ~ 1

Author(s):

Ya Liu ◽

Yifan Shi ◽

Dawu Gu ◽

Zhiqiang Zeng ◽

Fengyu Zhao ◽

...

Keyword(s):

Block Cipher ◽

Block Ciphers ◽

Authenticated Encryption ◽

Caesar Competition ◽

Encryption Algorithms ◽

Lightweight Block Cipher

Abstract Kiasu-BC and Joltik-BC are internal tweakable block ciphers of authenticated encryption algorithms Kiasu and Joltik submitted to the CAESAR competition. Kiasu-BC is a 128-bit block cipher, of which tweak and key sizes are 64 and 128 bits, respectively. Joltik-BC-128 is a 64-bit lightweight block cipher supporting 128 bits tweakey. Its designers recommended the key and tweak sizes are both 64 bits. In this paper, we propose improved meet-in-the-middle attacks on 8-round Kiasu-BC, 9-round and 10-round Joltik-BC-128 by exploiting properties of their structures and using precomputation tables and the differential enumeration. For Kiasu-BC, we build a 5-round distinguisher to attack 8-round Kiasu-BC with $2^{109}$ plaintext–tweaks, $2^{112.8}$ encrytions and $2^{92.91}$ blocks. Compared with previously best known cryptanalytic results on 8-round Kiasu-BC under chosen plaintext attacks, the data and time complexities are reduced by $2^{7}$ and $2^{3.2}$ times, respectively. For the recommended version of Joltik-BC-128, we construct a 6-round distinguisher to attack 9-round Joltik-BC-128 with $2^{53}$ plaintext–tweaks, $2^{56.6}$ encryptions and $2^{52.91}$ blocks, respectively. Compared with previously best known results, the data and time complexities are reduced by $2^7$ and $2^{5.1}$ times, respectively. In addition, we present a 6.5-round distinguisher to attack 10-round Joltik-BC-128 with $2^{53}$ plaintext–tweaks, $2^{101.4}$ encryptions and $2^{76.91}$ blocks.

Download Full-text

A Security Analysis of Deoxys and its Internal Tweakable Block Ciphers

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2017.i3.73-107 ◽

2017 ◽

pp. 73-107 ◽

Cited By ~ 4

Author(s):

Carlos Cid ◽

Tao Huang ◽

Thomas Peyrin ◽

Yu Sasaki ◽

Ling Song

Keyword(s):

Linear Programming ◽

Mixed Integer Linear Programming ◽

Block Cipher ◽

Security Analysis ◽

Block Ciphers ◽

Mixed Integer ◽

Authenticated Encryption ◽

Search Tool ◽

Caesar Competition ◽

Milp Model

In this article, we provide the first independent security analysis of Deoxys, a third-round authenticated encryption candidate of the CAESAR competition, and its internal tweakable block ciphers Deoxys-BC-256 and Deoxys-BC-384. We show that the related-tweakey differential bounds provided by the designers can be greatly improved thanks to a Mixed Integer Linear Programming (MILP) based search tool. In particular, we develop a new method to incorporate linear incompatibility in the MILP model. We use this tool to generate valid differential paths for reduced-round versions of Deoxys-BC-256 and Deoxys-BC-384, later combining them into broader boomerang or rectangle attacks. Here, we also develop a new MILP model which optimises the two paths by taking into account the effect of the ladder switch technique. Interestingly, with the tweak in Deoxys-BC providing extra input as opposed to a classical block cipher, we can even consider beyond full-codebook attacks. As these primitives are based on the TWEAKEY framework, we further study how the security of the cipher is impacted when playing with the tweak/key sizes. All in all, we are able to attack 10 rounds of Deoxys-BC-256 (out of 14) and 13 rounds of Deoxys-BC-384 (out of 16). The extra rounds specified in Deoxys-BC to balance the tweak input (when compared to AES) seem to provide about the same security margin as AES-128. Finally we analyse why the authenticated encryption modes of Deoxys mostly prevent our attacks on Deoxys-BC to apply to the authenticated encryption primitive.

Download Full-text