SCARE and power attack on AES-like block ciphers with secret S-box

doi:10.1007/s11704-020-0319-z

Frontiers of Computer Science

2022, Vol. 16

Issue (4): 164814 https://doi.org/10.1007/s11704-020-0319-z

本期目录

SCARE and power attack on AES-like block ciphers with secret S-box

Xin LIU^1,², An WANG^1,², Liehuang ZHU¹, Yaoling DING^1,²(

), Zeyuan LYU¹, Zongyue WANG³

¹. School of Computer Science & Technology, Beijing Institute of Technology, Beijing 100081, China
². State Key Laboratory of Cryptology, P.O. Box 5159 Beijing 100878, China
³. Open Security Research, Shenzhen 518063, China

全文: PDF(5157 KB) HTML

Abstract：

Despite Kerckhoff's principle, there are secret ciphers with unknown components for diplomatic or military usages. The side-channel analysis of reverse engineering (SCARE) is developed for analyzing secret ciphers. Considering the side-channel leakage, SCARE attacks enable the recovery of some secret parts of a cryptosystem, e.g., the substitution box table. However, based on idealized leakage assumption, most of these attacks have a few limitations on prior knowledge or implementations. In this paper, we focus on AES-like block ciphers with a secret S-box and demonstrate an attack which recovers both the secret key and the secret S-box. On the one hand, the key is recovered under profiled circumstance by leakage analysis and collision attack. On the other hand, the SCARE attack is based on mathematical analysis. It relies on Hamming weight of MixColumns intermediate results in the first round, which can restore the secret S-box. Experiments are performed on real power traces from a software implementation of AES-like block cipher. Moreover, we evaluate the soundness and efficiency of our method by simulations and compare with previous approaches. Our method has more advantages in intermediate results location and the required number of traces. For simulated traces with gaussian noise, our method requires 100000 traces to fully restore the secret S-box, while the previous method requires nearly 300000 traces to restore S-box.

Key words： cryptography SCARE side-channel analysis AES secret S-box

收稿日期: 2020-07-05 出版日期: 2021-11-15

Corresponding Author(s): Yaoling DING

引用本文:

. [J]. Frontiers of Computer Science, 2022, 16(4): 164814.
Xin LIU, An WANG, Liehuang ZHU, Yaoling DING, Zeyuan LYU, Zongyue WANG. SCARE and power attack on AES-like block ciphers with secret S-box. Front. Comput. Sci., 2022, 16(4): 164814.

链接本文:

https://academic.hep.com.cn/fcs/CN/10.1007/s11704-020-0319-z
https://academic.hep.com.cn/fcs/CN/Y2022/V16/I4/164814

Fig.1

Fig.2

Fig.3

Fig.4

Fig.5

Fig.6

Fig.7

Fig.8

$T$	( $x 0$ , $x 5$ , $x 10$ , $x 15$ ) (Hex)
$T 0$	(00, 01, 02, 03)
$T 1$	(01, 02, 03, 04)
$?$	$?$
$T 254$	(FE, FF, 00, 01)
$T 255$	(FF, 00, 01, 02)

Tab.1

Fig.9

Fig.10

Fig.11

Fig.12

Fig.13

$t$ (Hex)	$τ [t]$ (Hex)
00	0D, 0F, 10, 17, 1B, 1D, 27, 2E, 33, 36, 39, 3A, 47, 4E, 5C, 63, 66
01	1F, 3E, 7C
02	5F, 6F, 77, 7B, 7D
03	5F, 6F, 77, 7B, 7D
$?$	$?$
FF	0B, 0D, 13, 16, 19, 1A, 26, 2C, 31, 32, 34, 43, 46, 4C, 58, 61, 62, 63, 64, 68

Tab.2

Fig.14

$t$ (Hex)	$τ [t] ′$ (Hex)	No.
00	(63, 1F, 5F, 7B), (63, 7C, 77, 7B), $?$	53
$?$	$?$	$?$
09	(01, 67, 2B, FE), (01, 67, 2D, FB), $?$	21
0A	(67, 2B, FE, D7)	1
0B	(2B, FE, D7, AB), (2B, FE, B7, 9E), $?$	7
$?$	$?$	$?$
FF	(61, 5C, 7C, 7B),(62, 47, 7C, 7B), $?$	38

Tab.3

Fig.15

Fig.16

Fig.17

Fig.18

Fig.19

Index	Stage 1	Stage 2	Stage 3
Time complexity	$O (2 m × 2 n)$	$O (2 m × 2 4 n)$	$O (2 m × 2 n)$

Tab.4

Tab.5

Fig.20

1	Kocher P, Jaffe J, Jun B. Differential power analysis. In: Proceedings of Annual International Cryptology Conference. 1999, 388−397
2	Kocher P C. Timing attacks on implementations of timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Proceedings of Annual International Cryptology Conference. 1996, 104−113
3	Brier E, Clavier C, Oliver F. Correlation power analysis with a leakage model. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. 2004, 16−29
4	Chari S, Rao J R, Rohatgi P. Template attacks. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. 2002, 13−28
5	Schramm K, Wollinger T, Paar C. A new class of collision attacks and its application to DES. In: Proceedings of International Workshop on Fast Software Encryption. 2003, 206−222
6	Gierlichs B, Batina L, Tuyls P, Preneel B. Mutual information analysis. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. 2008, 426−442
7	Garcia F D, de Koning Gans G, Muijrers R, van Rossum P, Verdult R, Schreur R W, Jacobs B. Dismantling MIFARE classic. In: Proceedings of 13th European Symposium on Research in Computer Security. 2008, 97−114
8	M Holler , M Odstrcil , M Guizar-Sicairos , M Lebugle , E Müller , S Finizio , G Tinti , C David , J Zusman , W Unglaub , O Bunk , J Raabe , A F J Levi , G Aeppli . Three-dimensional imaging of integrated circuits with macro- to nanoscale zoom. Nature Electronics, 2019, 2( 10): 464– 470
9	Tiessen T, Knudsen L R, Kölbl S, Lauridsen M M. Security of the AES with a secret S-box. In: Proceedings of International Workshop on Fast Software Encryption. 2015, 175−189
10	Clavier C, Isorez Q, Wurcker A. Complete SCARE of AES-like block ciphers by chosen plaintext collision power analysis. In: Proceedings of International Conference on Cryptology in India. 2013, 116−135
11	Clavier C, Wurcker A. Reverse engineering of a secret AES-like cipher by ineffective fault analysis. In: Proceedings of 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography. 2013, 119−128
12	Sun B, Liu M, Guo J, Qu L, Rijmen V. New insights on AES-like SPN ciphers. In: Proceedings of Annual International Cryptology Conference. 2016, 605−624
13	L Grassi , C Rechberger , S Rønjom . Subspace trail cryptanalysis and its applications to AES. IACR Transactions on Symmetric Cryptology, 2017, 2016( 2): 192– 225
14	Rivain M, Roche T. SCARE of secret ciphers with SPN structures. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. 2013, 526−544
15	M Tang , Z L Qiu , H B Peng , X B Hu , M Yi , H G Zhang . Toward reverse engineering on secret s-boxes in block ciphers. Science China: Information Sciences, 2014, 57( 3): 1– 18
16	Gao S, Chen H, Wu W, Fan L, Feng J, Ma X. Linear regression attack with F-test: A New SCARE Technique for Secret Block Ciphers. In: Proceedings of International Conference on Cryptology and Network Security. 2016, 3−18
17	J Breier , D Jap , X Hou , S Bhasin . On side channel vulnerabilities of bit permutations in cryptographic algorithms. IEEE Transactions on Information Forensics and Security, 2019, 15 : 1072– 1085
18	Caforio A, Banik S. A study of persistent fault analysis. In: Proceedings of International Conference on Security, Privacy, and Applied Cryptography Engineering. 2019, 13−33
19	Clavier C. An improved SCARE cryptanalysis against a secret A3/A8 GSM algorithm. In: Proceedings of International Conference on Information Systems Security. 2007, 143−155
20	Novak R. Side-channel attack on substitution blocks. In: Proceedings of International Conference on Applied Cryptography and Network Security. 2003, 307−318
21	Moradi A, Mischke O, Eisenbarth T. Correlation-enhanced power analysis collision attack. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. 2010, 125−139
22	Joan D, Vincent R. The design of Rijndael: AES-the advanced encryption standard. 1st ed. Berlin: Springer-Verlag, 2002

[1]

Highlights

Download

Viewed

Full text

Abstract

Cited

Shared

Discussed