PDF(5157 KB)
SCARE and power attack on AES-like block ciphers with secret S-box
Xin LIU, An WANG, Liehuang ZHU, Yaoling DING, Zeyuan LYU, Zongyue WANG
PDF(5157 KB)
PDF(5157 KB)
SCARE and power attack on AES-like block ciphers with secret S-box
Despite Kerckhoff's principle, there are secret ciphers with unknown components for diplomatic or military usages. The side-channel analysis of reverse engineering (SCARE) is developed for analyzing secret ciphers. Considering the side-channel leakage, SCARE attacks enable the recovery of some secret parts of a cryptosystem, e.g., the substitution box table. However, based on idealized leakage assumption, most of these attacks have a few limitations on prior knowledge or implementations. In this paper, we focus on AES-like block ciphers with a secret S-box and demonstrate an attack which recovers both the secret key and the secret S-box. On the one hand, the key is recovered under profiled circumstance by leakage analysis and collision attack. On the other hand, the SCARE attack is based on mathematical analysis. It relies on Hamming weight of MixColumns intermediate results in the first round, which can restore the secret S-box. Experiments are performed on real power traces from a software implementation of AES-like block cipher. Moreover, we evaluate the soundness and efficiency of our method by simulations and compare with previous approaches. Our method has more advantages in intermediate results location and the required number of traces. For simulated traces with gaussian noise, our method requires 100000 traces to fully restore the secret S-box, while the previous method requires nearly 300000 traces to restore S-box.
cryptography / SCARE / side-channel analysis / AES / secret S-box
| [1] |
Kocher P, Jaffe J, Jun B. Differential power analysis. In: Proceedings of Annual International Cryptology Conference. 1999, 388−397
|
| [2] |
Kocher P C. Timing attacks on implementations of timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Proceedings of Annual International Cryptology Conference. 1996, 104−113
|
| [3] |
Brier E, Clavier C, Oliver F. Correlation power analysis with a leakage model. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. 2004, 16−29
|
| [4] |
Chari S, Rao J R, Rohatgi P. Template attacks. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. 2002, 13−28
|
| [5] |
Schramm K, Wollinger T, Paar C. A new class of collision attacks and its application to DES. In: Proceedings of International Workshop on Fast Software Encryption. 2003, 206−222
|
| [6] |
Gierlichs B, Batina L, Tuyls P, Preneel B. Mutual information analysis. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. 2008, 426−442
|
| [7] |
Garcia F D, de Koning Gans G, Muijrers R, van Rossum P, Verdult R, Schreur R W, Jacobs B. Dismantling MIFARE classic. In: Proceedings of 13th European Symposium on Research in Computer Security. 2008, 97−114
|
| [8] |
Holler M , Odstrcil M , Guizar-Sicairos M , Lebugle M , Müller E , Finizio S , Tinti G , David C , Zusman J , Unglaub W , Bunk O , Raabe J , Levi A F J , Aeppli G . Three-dimensional imaging of integrated circuits with macro- to nanoscale zoom. Nature Electronics, 2019, 2( 10): 464– 470
|
| [9] |
Tiessen T, Knudsen L R, Kölbl S, Lauridsen M M. Security of the AES with a secret S-box. In: Proceedings of International Workshop on Fast Software Encryption. 2015, 175−189
|
| [10] |
Clavier C, Isorez Q, Wurcker A. Complete SCARE of AES-like block ciphers by chosen plaintext collision power analysis. In: Proceedings of International Conference on Cryptology in India. 2013, 116−135
|
| [11] |
Clavier C, Wurcker A. Reverse engineering of a secret AES-like cipher by ineffective fault analysis. In: Proceedings of 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography. 2013, 119−128
|
| [12] |
Sun B, Liu M, Guo J, Qu L, Rijmen V. New insights on AES-like SPN ciphers. In: Proceedings of Annual International Cryptology Conference. 2016, 605−624
|
| [13] |
Grassi L , Rechberger C , Rønjom S . Subspace trail cryptanalysis and its applications to AES. IACR Transactions on Symmetric Cryptology, 2017, 2016( 2): 192– 225
|
| [14] |
Rivain M, Roche T. SCARE of secret ciphers with SPN structures. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. 2013, 526−544
|
| [15] |
Tang M , Qiu Z L , Peng H B , Hu X B , Yi M , Zhang H G . Toward reverse engineering on secret s-boxes in block ciphers. Science China: Information Sciences, 2014, 57( 3): 1– 18
|
| [16] |
Gao S, Chen H, Wu W, Fan L, Feng J, Ma X. Linear regression attack with F-test: A New SCARE Technique for Secret Block Ciphers. In: Proceedings of International Conference on Cryptology and Network Security. 2016, 3−18
|
| [17] |
Breier J , Jap D , Hou X , Bhasin S . On side channel vulnerabilities of bit permutations in cryptographic algorithms. IEEE Transactions on Information Forensics and Security, 2019, 15
|
| [18] |
Caforio A, Banik S. A study of persistent fault analysis. In: Proceedings of International Conference on Security, Privacy, and Applied Cryptography Engineering. 2019, 13−33
|
| [19] |
Clavier C. An improved SCARE cryptanalysis against a secret A3/A8 GSM algorithm. In: Proceedings of International Conference on Information Systems Security. 2007, 143−155
|
| [20] |
Novak R. Side-channel attack on substitution blocks. In: Proceedings of International Conference on Applied Cryptography and Network Security. 2003, 307−318
|
| [21] |
Moradi A, Mischke O, Eisenbarth T. Correlation-enhanced power analysis collision attack. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. 2010, 125−139
|
| [22] |
Joan D, Vincent R. The design of Rijndael: AES-the advanced encryption standard. 1st ed. Berlin: Springer-Verlag, 2002
|
/
| 〈 |
|
〉 |
AI Summary
