ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Key-dependent side-channel cube attack on CRAFT

  • Pang, Kok-An (INSFORNET, Centre for Advanced Computing Technology (C-ACT), Fakulti Teknologi Maklumat dan Komunikasi, Universiti Teknikal Malaysia Melaka) ;
  • Abdul-Latip, Shekh Faisal (INSFORNET, Centre for Advanced Computing Technology (C-ACT), Fakulti Teknologi Maklumat dan Komunikasi, Universiti Teknikal Malaysia Melaka)
  • Received : 2019.11.26
  • Accepted : 2020.10.05
  • Published : 2021.04.15
Download PDF
⟨ Previous Next ⟩

Abstract

CRAFT is a tweakable block cipher introduced in 2019 that aims to provide strong protection against differential fault analysis. In this paper, we show that CRAFT is vulnerable to side-channel cube attacks. We apply side-channel cube attacks to CRAFT with the Hamming weight leakage assumption. We found that the first half of the secret key can be recovered from the Hamming weight leakage after the first round. Next, using the recovered key bits, we continue our attack to recover the second half of the secret key. We show that the set of equations that are solvable varies depending on the value of the key bits. Our result shows that 99.90% of the key space can be fully recovered within a practical time.

Keywords

References

  1. E. Biham and A. Shamir, Differential cryptanalysis of des-like cryptosystems, J. Cryptol. 4 (1991), no. 1. 3-72.
  2. M. Matsui, Linear cryptanalysis method for des cipher, in Advances in Cryptology-EUROCRYPT '93, vol. 765, Springer, Heidelberg, Berlin, 1993, pp. 386-397.
  3. Z. Liu et al., New insights on linear cryptanalysis, Sci. China Inform. Sci. 63 (2020), no. 1, 112104. https://doi.org/10.1007/s11432-018-9758-4
  4. A. Florez-Gutierrez and M. Naya-Plasencia, Improving key-recovery in linear attacks: Application to 28-round present, in Advances in Cryptology-EUROCRYPT 2020, vol. 12105, Springer, Cham, Switzerland, 2020, pp. 221-249.
  5. M. Huang and L. Wang, Automatic search for the linear (hull) characteristics of arx ciphers: Applied to speck, sparx, chaskey, and cham-64, Secur. Commun. Netw. 2020 (2020), 1-14.
  6. Y. Igarashi, S. Nakazawa, and T. Kaneko, Differential cryptanalysis of block cipher halka, Int. J. Inform. Electron. Eng. 10 (2020), no. 2, 40-43. https://doi.org/10.18178/ijiee.2020.10.2.718
  7. H. Zhao et al., Milpbased differential cryptanalysis on round-reduced midori64, IEEE Access 8 (2020), 95888-95896. https://doi.org/10.1109/access.2020.2995795
  8. D. Brumley and D. Boneh, Remote timing attacks are practical, Comput. Netw. 48 (2005), no. 5, 701-716. https://doi.org/10.1016/j.comnet.2005.01.010
  9. P. Kocher, J. Jaffe, and B. Jun, Differential power analysis, in Advances in Cryptology-CRYPTO '99, vol. 1666, Springer, Heidelberg, Berlin, 1999, pp. 388-397.
  10. P. Kocher et al., Introduction to differential power analysis, J. Cryptograph. Eng. 1 (2011), no. 1, 5-27. https://doi.org/10.1007/s13389-011-0006-y
  11. E. De Mulder et al., Differential electromagnetic attack on an FPGA implementation of elliptic curve cryptosystems, in Proc. World Autom. Congress (Budapest, Hungary), July 2006, pp. 1-6.
  12. O. Dunkelman et al., Single tweakey cryptanalysis of reduced-round skinny-64, in Cyber Security Cryptography and Machine Learning, vol. 12161, Springer, Cham, Switzerland, 2020, pp. 1-17.
  13. A. Bogdanov, D. Khovratovich, and C. Rechberger, Biclique cryptanalysis of the full AES, in Proc. Int. Conf. Theory Applicat. Cryptol. Inf. Secur. (Seoul, Rep. of Korea), Dec. 2011, pp. 344-371.
  14. K. B. Jithendra and T. K. Shahana, New biclique cryptanalysis on fullround present-80 block cipher, SN Comput. Sci. 1 (2020), no. 2, 1-7. https://doi.org/10.1007/s42979-019-0007-y
  15. B. Zhu, X. Dong, and Y. Hongbo, Milp-based differential attack on round-reduced GIFT, in Proc. Cryptogr. Track RSA Conf. (San Francisco, CA, USA,), Mar. 2019, pp. 372-390.
  16. R. Rohit, R. AlTawy, and G. Gong, Milp-based cube attack on the reduced-round WG-5 lightweight stream cipher, in Proc. IMA Int. Conf. Cryptogr. Coding (Oxford, UK), Dec. 2017, pp. 333-351.
  17. Y. Xiao, J. Xin, and Y. Shen, CNN based electromagnetic side channel attacks on SoC, MS&E 782 (2020), no. 3, e032055.
  18. F. Durvaux and M. Durvaux, SCA-pitaya: A practical and affordable side-channel attack setup for power leakage-based evaluations, Digital Threats Res. Pract. 1 (2020), no. 1, 1-16. https://doi.org/10.1145/3371393
  19. S. Saha et al., Fault template attacks on block ciphers exploiting fault propagation, in Proc. Annu. Int. Conf. Theory Applicat. Cryptogr. Tech. (Zagreb, Croatia), May 2020, pp. 612-643.
  20. M. Hell and O. Westman, Electromagnetic side-channel attack on AES using low-end equipment, ECTI Transac. Comput. Inform. Technol. 14 (2020), no. 2, 139-148.
  21. J. Zhang et al., Power analysis attack on a lightweight block cipher GIFT, in Proc. Int. Conf. Comput. Eng. Netw. (Changsha, China), Oct. 2019, pp. 565-574.
  22. M. A. Orumiehchiha et al., A differential fault attack on the WG family of stream ciphers, J. Cryptograph. Eng. 10 (2020), no. 2, 189-195. https://doi.org/10.1007/s13389-020-00222-x
  23. S. Bhasin et al., SITM: See-in-the-middle sidechannel assisted middle round differential cryptanalysis on SPN block ciphers, IACR Transac. Cryptograph. Hardw. Embedded Syst. 2020 (2020) no. 1, 95-122.
  24. C. Beierle et al., CRAFT: Lightweight tweakable block cipher with efficient protection against DFA attacks, IACR Transac. Symmetr. Cryptol. 2019 (2019), no. 1, 5-45. https://doi.org/10.46586/tosc.v2019.i1.5-45
  25. G. Piret, T. Roche, and C. Carlet, PICARO-A block cipher allowing efficient higher-order side-channel resistance, in Proc. Int. Conf. Appl. Cryptogr. Netw. Security (Singapore), June 2012, pp. 311-328.
  26. B. Gerard et al., Block ciphers that are easier to mask: How far can we go?, in Proc. Int. Workshop Cryptogr. Hardw. Embed. Syst. (Santa Barbara, CA, USA), Aug. 2013, pp. 383-399.
  27. B. Bilgin et al., FIDES: Lightweight authenticated cipher with side-channel resistance for constrained hardware, in Proc. Int. Workshop Cryptographic Hardw. Embedded Syst. (Santa Barbara, CA, USA), Aug. 2013, pp. 142-158.
  28. A. Bogdanov and V. Rijmen, Linear hulls with correlation zero and linear cryptanalysis of block ciphers, Des. Codes Crypt. 70 (2014), no. 3, 369-383. https://doi.org/10.1007/s10623-012-9697-z
  29. M. Hellman, A cryptanalytic time-memory trade-off, IEEE Trans. Inf. Theory 26 (1980), no. 4, 401-406. https://doi.org/10.1109/TIT.1980.1056220
  30. L. Jiqiang et al., New impossible differential attacks on AES, in Proc. Int. Conf. Cryptol. (Kharagpur, India), Dec. 2008, pp. 279-293.
  31. M. Liskov et al., Tweakable block ciphers, in Proc. Annu. Int. Cryptol. Conf. (Santa Barbara, CA, USA), Aug. 2002, pp. 31-46.
  32. J. Daemen and V. Rijmen, The Design of Rijndael: The Advanced Encryption Standard (AES), 2nd ed. Springer, Heidelberg, Berlin, 2020.
  33. I. Dinur and A. Shamir, Cube attacks on tweakable black box polynomials, in Proc. Annu. Int. Conf. Theory Applicat. Cryptographic Techniques (Cologne, Germany), Apr. 2009, pp. 278-299.
  34. I. Dinur and A. Shamir, Side channel cube attacks on block ciphers, IACR Cryptol. ePrint Archive 2009 (2009), 1-15.
  35. S. F. Abdul-Latip et al., Extended cubes: Enhancing the cube attack by extracting low-degree non-linear equations, in Proc. ACM Symp. Inf., Comput. Commun. Security (Hong Kong), Mar. 2011, pp. 296-305.
  36. G. V. Bard et al., Algebraic, AIDA/cube and side channel analysis of KATAN family of block ciphers, in Proc. Int. Conf. Cryptol. (Hyderabad, India), Dec. 2010, pp. 176-196.
  37. A. G. Buja, S. FaisalAbdul-Latip, and R, Ahmad, A security analysis of iot encryption: Side-channel cube attack on simeck32/64, arXiv preprint arXiv:1808.03557, 2018, pp. 79-90.
  38. X. Fan and G. Gong, On the security of hummingbird-2 against side channel cube attacks, in Proc. Western Eur. Workshop Res. Cryptol. (Weimar, Germany), July. 2011, pp. 18-29.
  39. L. Yang, M. Wang, and S. Qiao, Side channel cube attack on present, in Cryptology and Network Security, vol. 5888, Springer, Heidelberg, Berlin, 2009, pp. 379-391.
  40. X. Zhao et al., Efficient hamming weight-based sidechannel cube attacks on present, J. Syst. Softw. 86 (2013), no. 3, 728-743. https://doi.org/10.1016/j.jss.2012.11.007
  41. E. Aghaee et al., A practical iterative side channel cube attack on aes-128/256, J. Comput. Technol. Appl. 5 (2019), no. 3, 31-45.
  42. P. Saravanan and B. M. Mehtre, A novel approach to detect hardware malware using hamming weight model and one class support vector machine, in VLSI Design and Test, vol. 892, Springer, Singapore, 2019, pp. 159-172.
  43. E. de Cherisey et al., Best information is most successful, IACR Transac. Cryptogr. Hardw. Embed. Syst. 2019 (2019) no. 2, 49-79. https://doi.org/10.46586/tches.v2019.i2.49-79
  44. Z. Li et al., Cube cryptanalysis of LBlock with noisy leakage, in Proc. Int. Conf. Inf. Security Cryptol. (Seoul, Rep. of Korea), Nov. 2012, pp. 141-155.
  45. S. M. Del Pozo et al., Side-channel attacks from static power: When should we care?, in Proc. Design, Autom. Test Eur. Conf. Exhibition (Grenoble, France), Apr. 2015, pp. 145-150.