Jiangshan Long,Changhai Ou,Zhu Wang,Shihui Zheng,Fei Yan,Fan Zhang,Siew-Kei Lam

2022-01-01

Abstract:The performance of Side-Channel Attacks (SCAs) decays rapidly when considering more sub-keys, making the full-key recovery a very challenging problem. Limited to independent collision information utilization, collision attacks establish the relationship among sub-keys but do not significantly slow down this trend. To solve it, we first exploit the samples from the previously attacked S-boxes to assist attacks on the targeted S-box under an assumption that similar leakage occurs in program loop or code reuse scenarios. The later considered S-boxes are easier to be recovered since more samples participate in this assist attack, which results in the “snowball” effect. We name this scheme as Snowball, which significantly slows down the attenuation rate of attack performance. We further introduce confusion coefficient into the collision attack to construct collision confusion coefficient, and deduce its relationship with correlation coefficient. Based on this relationship, we give two optimizations on our Snowball exploiting the “values” information and “rankings” information of collision correlation coefficients named Least Deviation from Pearson correlation coefficient (PLD) and Least Deviation from confusion coefficient (CLD). Experiments show that the above optimizations significantly improve the performance of our Snowball.

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Hao Luo

DOI: https://doi.org/10.1587/transfun.e96.a.332

2012-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:This paper proposes several improved Side-channel cube attacks (SCCAs) on PRESENT-80/128 under single bit leakage model. Assuming the leakage is in the output of round 3 as in previous work, we discover new results of SCCA on PRESENT. Then an enhanced SCCA is proposed to extract key related non-linear equations. 64-bit key for both PRESENT-80 and 128 can be obtained. To mount more effective attack, we utilize the leakage in round 4 and enhance SCCA in two ways. A partitioning scheme is proposed to handle huge polynomials, and an iterative scheme is proposed to extract more key bits. With these enhanced techniques, the master key search space can be reduced to 28 for PRESENT-80 and to 229 for PRESENT-128.

Shize Guo,Xinjie Zhao,Fan Zhang,Tao Wang,Zhijie Jerry Shi,Francois-Xavier Standaert,Chujiao Ma

DOI: https://doi.org/10.1109/tifs.2014.2315534

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Grobner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

ZHAO Xin-jie,GUO Shi-ze,WANG Tao,ZHANG Fan,LIU Huiying,JI Ke-ke

DOI: https://doi.org/10.3969/j.issn.1671-1742.2012.04.001

2012-01-01

Abstract:The security of a lightweight block cipher KLEIN against the algebraic side-channel attack is evaluated by combining algebraic attack with side-channel attack under the Hamming weight leakage model.Firstly,the algebraic representation of KLEIN is given.Then,the Hamming weights of the intermediate states are deduced from analyzing the power leakages and converted into algebraic equations.Finally,the CryptoMinisat solver is applied to solve for the key.Based on three different error tolerant strategies,many physical experiments are conducted on KLEIN under an 8-bit microcontroller and the complexity of the attack is also evaluated.Experiment results show that: the unprotected software implementation of KLEIN is vulnerable to algebraic side-channel attack.Full 64-bit master key of KLEIN can be recovered by analyzing the Hamming weight leakages of the first round under know plaintext/ciphertext scenario and 2 rounds under unknown plaintext/ciphertext scenario.

Anni Jia,Wei Yang,Gongxuan Zhang

DOI: https://doi.org/10.1109/bigdatase50710.2020.00025

2020-01-01

Abstract:Side channel attacks (SCA) are powerful tools to recover the secret keys of cryptographic devices by employing physical leakages of the devices. In practice, numerous countermeasures (e.g.random process interrupts) and unintentional factors (e.g.imprecise triggering) are able to significantly degrade the performance of side channel attacks (SCA) by producing misaligning leakage measurements. The main solution to over-coming influences of misalignment is to align these traces before mounting an attack. According to this view, this paper proposes a novel leakage alignment method based on the longest common subsequence (LCS) algorithm. Initially, the misaligned traces are preprocessed by non-uniform quantification to remove part of the noise and retain the key-dependent information. Subsequently, the quantified traces are converted into symbols for sequence comparison. Finally, the aligned traces are obtained by inserting and deleting operations. Experiments for different cryptographic implementations with different levels of noise are carried out on several different devices. The experimental results show that the proposed method is effective for countering leakage misalignment and robust under high noise. Especially, it is still effective for multi-channel leakage alignment.

Wei Yang,Yuchen Cao,Yongbin Zhou,Hailong Zhang,Qian Zhang

DOI: https://doi.org/10.1109/lsp.2016.2521441

2016-01-01

IEEE Signal Processing Letters

Abstract:Side Channel Attack (SCA) recovers secret information from an embedded device with implementation of cryptographic algorithm by exploiting its physical leakages. For most SCA methods to achieve good performance, the measured leakages are often desired to be well aligned. However, due to some specific reasons such as inaccurate measurements or carefully designed countermeasures, misalignment of leakages frequently occurs in practice. Misalignment significantly reduces the efficiency of SCA methods, or even makes them fail. To address this issue, two alignment approaches are proposed: a local alignment based on shotgun distance and a global alignment based on weighted edit distance. Compared with previous methods, the proposed methods are capable of keeping the secret dependant leakages, while not introducing any redundant information. In addition, the proposed methods could also reduce the negative effects of noise, which is another factor seriously decreasing the efficiency of SCA methods. Interestingly, it is pretty easy to set appropriate parameters for these two methods. Practical experiments show that the proposed methods outperform previous methods in three different circumstances and different noise levels.

Yufeng Tang,Zheng Gong,Tao Sun,Jinhai Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-030-88323-2_22

2021-01-01

Abstract:White-box block cipher (WBC) aims at protecting the secret key of a block cipher even if an adversary has full control over the implementations. At CHES 2016, Bos et al. proved that WBC are also threatened by side-channel analysis (SCA), e.g., differential fault analysis (DFA) and differential computation analysis (DCA). Therefore, advanced countermeasures have been proposed by Lee et al. for resisting DFA and DCA, such as table redundancy and improved masking methods, respectively. In this paper, we introduce a new adaptive side-channel analysis model which assumes that an adversary adaptively collects the intermediate values of a specific function and can mount the DFA/DCA attack with chosen inputs. In the adaptive SCA model, both theoretical analysis and experimental results show that Lee et al.’s proposed methods are vulnerable to DFA and DCA attacks. Moreover, a negative proposition is also demonstrated on the corresponding high-order countermeasures under our new model.

Shaofei Sun,Shijun Ding,An Wang,Yaoling Ding,Congming Wei,Liehuang Zhu,Yongjuan Wang

DOI: https://doi.org/10.1016/j.ins.2024.120226

IF: 8.1

2024-02-01

Information Sciences

Abstract:Traditional nonprofiling side-channel analysis frequently adopts divide-and-conquer strategy to recover the secret key of a cryptographic algorithm . Only a single key byte is used, whereas the remaining bytes are considered extraneous noise. If the cryptographic algorithm is implemented in hardware with parallel processing, the strategy will lead to the inefficient use of information. The combination of intelligent algorithms and side-channel analysis offers a different idea for nonprofiling methods for parallel hardware implementations. It transforms the problem of key recovery into key optimization. In this paper, we adopt this idea and propose an efficient heuristic framework to assist correlation power analysis. The multipoint hill-climbing algorithm will be used to find the optimal key candidates with higher scores, and the correct key will be found in the optimal key candidates by key enumeration. Multiple bytes of the secret key are used to take full advantage of the helpful information. Besides, two search strategies are introduced to overcome the efficiency problem, and two key enumeration strategies are introduced to solve the key recovery problem when the traces are insufficient. Experimental results on the public DPA Contest V1 dataset show that the heuristic framework performs better than other classical methods, verifying its effectiveness.

computer science, information systems

Wei Yang,Anni Jia

DOI: https://doi.org/10.1155/2021/6614702

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Side-channel analysis (SCA) is usually used for security evaluation to test the side-channel vulnerability of a cryptographic device. However, in practice, an analyser may need to cope with enormous amounts of side-channel measurement data to extract valuable information for SCA. Under the circumstances, side-channel leakage detection can be used to identify leakage points which contain secret information and therefore improve the efficiency of security assessment. This investigation proposes a new black-box leakage detection approach on the basis of the one-way analysis of variance (ANOVA). In accordance with the relevance between leakage points and inputs of a cryptographic algorithm, the proposed method divides side-channel samples into multiple classes and tests the difference among these classes by taking advantage of the one-way ANOVA. Afterwards, leakage points and nonleakage points can be distinguished by determining whether the null hypothesis is accepted. Further, we extend our proposed method to multichannel leakage detection. In particular, a new SCA attack with a F-statistic-based distinguisher is capable of developing if the input of the leakage detection approach is replaced by a sensitive intermediate variable. Practical experiments show the effectiveness of the proposed methods.

Yue Qin,Chi Cheng,Xiaohan Zhang,Yanbin Pan,Lei Hu,Jintai Ding

DOI: https://doi.org/10.1007/978-3-030-92068-5_4

2021-01-01

Abstract:Research on key mismatch attacks against lattice-based KEMs is an important part of the cryptographic assessment of the ongoing NIST standardization of post-quantum cryptography. There have been a number of these attacks to date. However, a unified method to evaluate these KEMs’ resilience under key mismatch attacks is still missing. Since the key index of efficiency is the number of queries needed to successfully mount such an attack, in this paper, we propose and develop a systematic approach to find lower bounds on the minimum average number of queries needed for such attacks. Our basic idea is to transform the problem of finding the lower bound of queries into finding an optimal binary recovery tree (BRT), where the computations of the lower bounds become essentially the computations of a certain Shannon entropy. The optimal BRT approach also enables us to understand why, for some lattice-based NIST candidate KEMs, there is a big gap between the theoretical bounds and bounds observed in practical attacks, in terms of the number of queries needed. This further leads us to propose a generic improvement method for these existing attacks, which are confirmed by our experiments. Moreover, our proposed method could be directly used to improve the side-channel attacks against CCA-secure NIST candidate KEMs.

Liu Junrong,Guo Zheng,Gu Dawu,Yu,Lu Haining,Gu Haihua,Bao Sigang

DOI: https://doi.org/10.1109/cc.2015.7122468

2015-01-01

China Communications

Abstract:In this paper,we propose a hybrid power model that includes the power consumption of not only the registers but also part of the combinational logic.By doing knownkey analysis with this hybrid model,power side-channel leakage caused by correct keys can be detected.In experiment,PRINTcipher and DES algorithms were chosen as analysis targets and combinational logic s-box unit was selected to build power template.The analysis results showed the signal-to-noise ratio（SNR） power consumption increase of more than 20%after considering s-box’s power consumption so that the information of keys can be obtained with just half number of power traces.In addition,the side channel-leakage detection capability of our method also shows better effectiveness that can identify the correct keys.

Shuai Han,Shengli Liu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-030-92075-3_17

2021-01-01

Abstract:For Key Encapsulation Mechanism (KEM) deployed in a multi-user setting, an adversary may corrupt some users to learn their secret keys, and obtain some encapsulated keys due to careless key managements of users. To resist such attacks, we formalize Enhanced security against Chosen Plaintext/Ciphertext Attack (ECPA/ECCA), which ask the pseudorandomness of unrevealed encapsulated keys under uncorrupted users. This enhanced security for KEM serves well for the security of a class of Authenticated Key Exchange protocols built from KEM. In this paper, we study the achievability of tight ECPA and ECCA security for KEM in the multi-user setting, and present an impossibility result and an optimal security loss factor that can be obtained. The existing meta-reduction technique due to Bader et al. (EUROCRYPT 2016) rules out some KEMs, but many well-known KEMs, e.g., Cramer-Shoup KEM (SIAM J. Comput. 2003), Kurosawa-Desmedt KEM (CRYPTO 2004), run out. To solve this problem, we develop a new technique tool named rank of KEM and a new secret key partitioning strategy for meta-reduction. With this new tool and new strategy, we prove that KEM schemes with polynomially-bounded ranks have no tight ECPA and ECCA security from non-interactive complexity assumptions, and the security loss is at least linear in the number n of users. This impossibility result covers lots of well-known KEMs, including the CramerShoup KEM, Kurosawa-Desmedt KEM and many others. Moreover, we show that the linear security loss is optimal by presenting concrete KEMs with security loss T(n). This is justified by a non-trivial security reduction with linear loss factor from ECPA/ECCA security to the traditional multi-challenge CPA/CCA security.

Wei Yang,Hailong Zhang,Yansong Gao,Anmin Fu,Songjie Wei

DOI: https://doi.org/10.1109/iccd50377.2020.00098

2020-01-01

Abstract:Side-channel analysis (SCA) becomes a serious realistic threat to crypto devices, it is thus imperative to evaluate the resistance of a device to SCA. Side-channel leakage detection aiming to identify the leakage points potentially revealing secrets in side channel signals, is considered as a preliminary step before further security assessment. This work proposes a novel black-box leakage detection approach, which views the side channel as a constant parameter communication channel when it outputs leakage points. The approach distinguishes leakage points by utilizing the kurtosis-based consistency check for channel parameter estimators. To examine the efficiency of this approach, false negative and false positive rates were first quantitatively analyzed by comprehensive experiments. Considering the fact that side-channel leakage can be from multiple channels in practice, we further investigated the applicability of the proposed approach to multi-channel leakage detection. Interestingly, equipped with the proposed detection approach, we correspondingly devised a novel side-channel attack exploiting a kurtosis-based distinguisher. Overall, extensive experiments have validated the efficiencies of our proposed leakage detection method and the novel SCA attack.

Fan Zhang,Bolin Yang,Xiaofei Dong,Sylvain Guilley,Zhe Liu,Wei He,Fangguo Zhang,Kui Ren

DOI: https://doi.org/10.1109/tc.2020.3020407

IF: 3.183

2020-11-01

IEEE Transactions on Computers

Abstract:The implementations of post-quantum cryptographic algorithms have been newly explored, whereas, the protection against side-channel attacks shall be considered upfront, since it can have a non-negligible impact on security and performance. In this article, the security of supersingular isogeny key encapsulation (SIKE), a second-round candidate of NIST's on-going post-quantum standardization process, is thoroughly evaluated under side-channel analysis. First, the vulnerabilities of reference and optimized implementations of SIKE are thoroughly analyzed in terms of both horizontal and vertical side-channel leakage. After the optimized SIKE, which is based on Three-point Montgomery Differential Ladder algorithm, is proved to be constant-time and there is no horizontal leakage, a vertical vulnerability is analyzed based on the source code at the algorithmic level, and a theoretical differential power analysis (DPA) attack is proposed. In order to exploit this vulnerability, the differential electromagnetic attack (DEMA) is put into practice to extract the private key of SIKE based on a 32-bit ARM platform. To the best of our knowledge, this is the first practical side-channel attack at SIKE implemented on real ARM-based devices. Our experiments show that the DEMA needs only hundreds of electromagnetic traces to carry out the attack. More importantly, an efficient window-based countermeasure is proposed to eliminate the vertical leakage and prevent side-channel attacks with only a little overhead. The security of our countermeasure is carefully evaluated against most of well-known power analysis attacks. Through careful evaluation and comparison with other countermeasures, this method can lead to higher security at a very small cost in terms of time and memory.

engineering, electrical & electronic,computer science, hardware & architecture

Zhong Zeng,Dawu Gu,Junrong Liu,Zheng Guo

DOI: https://doi.org/10.1109/CIS.2014.80

2014-01-01

Abstract:Side-channel attack (SCA) is a very efficient cryptanalysis technology to attack cryptographic devices. It takes advantage of physical information leakages to recover the cryptographic key. In order to strengthen the power to extract the cryptographic key-relevant information, this article introduces the Support Vector Machine technologies. Taking a software implementation of masked AES-256 on an Atmel ATMega-163 smart card, we applied an improved profiled side-channel attack to recover the cryptographic key. The current best result of our attack is able to recover the first 128 bits key using only one power trace.

ZHANG Jun

DOI: https://doi.org/10.3778/j.issn.1673-9418.2002047

2021-01-01

Abstract:Power side-channel attacks, have become a serious threat to embedded computing devices in cyber-physical systems because of the ability of deducing secret data using statistical analysis. A common strategy for designing countermeasures against power-analysis-based side-channel attacks uses random masking techniques to remove the statistical dependency between secret data and side-channel information. Although existing techniques can verify whether a piece of cryptographic software code is perfectly masked, they are limited in accuracy and scalability. In order to eliminate such limitations, a refinement-based method for verifying masking countermeasures is proposed. This method is more accurate than prior type-inference based approaches and more scalable than prior model-counting based approaches using satisfiability (SAT) or satisfiability modulo theories (SMT) solvers. Indeed, this method uses a set of semantic type-inference rules to reason about distribution type. These rules are kept abstract initially to allow fast deduction, and then specified when the abstract version is not able to resolve the verification problem. This method is implemented in a software tool called SCVerify and is evaluated on cryptographic benchmarks including advanced encryption standard (AES) and message authentication code Keccak (MAC-Keccak). The experimental results show that the method significantly outperforms state-of-the-art techniques in terms of accuracy and scalability.

Jizhong Zhao,Wei Xi,Jinsong Han,Shaojie Tang,Xiangyang Li,Yunhao Liu,Yihong Gong,Zehua Zhou

DOI: https://doi.org/10.48550/arxiv.1208.0688

2012-01-01

Abstract:Generating keys and keeping them secret is critical in secure communications. Due to the "open-air" nature, key distribution is more susceptible to attacks in wireless communications. An ingenious solution is to generate common secret keys by two communicating parties separately without the need of key exchange or distribution, and regenerate them on needs. Recently, it is promising to extract keys by measuring the random variation in wireless channels, e.g., RSS. In this paper, we propose an efficient Secret Key Extraction protocol without Chasing down Errors, SKECE. It establishes common cryptographic keys for two communicating parties in wireless networks via the realtime measurement of Channel State Information (CSI). It outperforms RSS-based approaches for key generation in terms of multiple subcarriers measurement, perfect symmetry in channel, rapid decorrelation with distance, and high sensitivity towards environments. In the SKECE design, we also propose effective mechanisms such as the adaptive key stream generation, leakage resilient consistence validation, and weighted key recombination, to fully exploit the excellent properties of CSI. We implement SKECE on off-the-shelf 802.11n devices and evaluate its performance via extensive experiments. The results demonstrate that SKECE achieves a more than 3x throughput gain in the key generation from one subcarrier in static scenarios, and due to its high efficiency, a 50 on the communication overhead compared to the state-of-the-art RSS based approaches.

Qi Chen,Dongyan Zhao,Liang Liu,Xuesong Yan,Yidong Yuan,Xige Zhang,Hongmei Wu,Zhe Wang

DOI: https://doi.org/10.1016/j.csi.2021.103569

IF: 3.721

2022-01-01

Computer Standards & Interfaces

Abstract:Side-channel attacks (SCAs) have become a significant threat nowadays to cryptographic devices, especially central processing units (CPUs). Based on the implementation of AES-128, the side-channel information leakage analysis is carried out in a 32-bit CPU microarchitecture in this work. Correlation power analysis (CPA) results show that it is obvious to reveal the secret key by using only 30 power traces based on the net-list simulation. Three flexibly configurable hardware-based countermeasures are proposed to prevent information leakage in the arithmetic and logic unit (ALU), register file (RF) and load/store unit (LSU), respectively, which are the most sensitive components according to our analysis. The proposed countermeasures have different protection effects on the CPU since the required trace number to reveal the secret key has increased from 30 to 100 similar to 120,000. Moreover, the anti-attack capability of the CPU is improved by 4000 times using the three countermeasures simultaneously. The proposed countermeasures can be freely combined while considering the CPU security and implementation overhead. In practice, the anti-attack capability of the CPU can be further improved when the proposed countermeasures are implemented in real-world measurements, because additional noise will be introduced during the measurements.

Tao Zhang,Xiao-Yu Zheng,Ming-Yu Fan,Jian-Bo Yao

2009-01-01

Abstract:Side-channel analysis (SCA) is a powerful physical cryptanalysis. However, traditional SCA security evaluation is time-consuming, error prone and expensive. In order to improve the efficiency of security evaluation, a design-time SCA analysis method is proposed. Firstly, a general SCA leakage model is presented, and the analysis flow of design-time SCA is described. Secondly, a flexible simulation and analysis environment is built to evaluate the security of different SCA leakages. Finally, an illustrative experiment, which performs a design-time SCA evaluation on the crypto-chip with AES-128 core, is given. Compared with traditional SCA analysis method, our approach can detect SCA vulnerability and evaluate the quality of SCA countermeasures at design time, and thus it reduces time-to-market greatly.

Yi Chen,Zhenzhen Bao,Hongbo Yu

DOI: https://doi.org/10.1007/978-981-99-8727-6_8

2023-01-01

Abstract:The differential-linear attack is one of the most effective attacks against ARX ciphers. However, two technical problems are preventing it from being more effective and having more applications: (1) there is no efficient method to search for good differential-linear approximations. Existing methods either have many constraints or are currently inefficient. (2) partitioning technique has great potential to reduce the time complexity of the key-recovery attack, but there is no general tool to construct partitions for ARX ciphers. In this work, we step forward in solving the two problems. First, we propose a novel idea for generating new good differential-linear approximations from known ones, based on which new searching algorithms are designed. Second, we propose a general tool named partition tree, for constructing partitions for ARX ciphers. Based on these new techniques, we present better attacks for two ISO/IEC standards, i.e., LEA and Speck. For LEA, we present the first 17-round distinguisher which is 1 round longer than the previous best distinguisher. Furthermore, we present the first key recovery attacks on 17-round LEA-128, 18-round LEA-192, and 18-round LEA-256, which attack 3, 4, and 3 rounds more than the previous best attacks. For Speck, we find better differential-linear distinguishers for Speck48 and Speck64. The first differential-linear distinguishers for Speck96 and Speck128 are also presented.