WANG Xiao-juan,GUO Shi-ze,ZHAO Xin-jie,SONG Mei,ZHANG Fan

DOI: https://doi.org/10.3969/j.issn.1000-436x.2014.03.018

2014-01-01

Abstract:The security of LED, a lightweight block cipher proposed in CHES 2011, was evaluated by the template attack (TA). Several improvements of TA from the perspective of the preprocessing optimization was proposed. Firstly, the noise offset was calculated by using the phase-only correlation factor in the frequency view of the power trace to elimi-nate the data interference in the template building phase. Secondly, a novel character extracting method was proposed based on calculating the cross-cluster offset of different clusters classified by the plaintexts to cut the different leakage points from the power traces automatically. Thirdly, a dynamic effective power points choosing strategy was proposed by utilizing the mean value and the noises of the of power traces to evaluate the differences between different templates and im-prove the utilization of side channel information. Experiment results demonstrate that the proposed techniques of data align-ment and automatically data cutting enlarge the differences of templates and reduce the number of the required power trace in both the template building and attacking phase. The proposed effective power points choosing strategy reduces the data complexity of the attack and only two power traces are required to launch the attack with the success rate of 100%.

Zhenbin Zhang,Liji Wu,Zhaoli Mu,Xiangmin Zhang

DOI: https://doi.org/10.1109/CIS.2014.66

2014-01-01

Abstract:Template attack is more powerful than SPA and CPA in some situations. In this paper, a novel template attack named DTTA is proposed to attack the wNAF algorithm of ECC. SM2 is the Chinese public key cryptosystem standard issued in 2010. Few results of side channel attack on SM2 have been found so far. We exploit the Riscure platform to analyze decryption of SM2 in a smart IC card. We also compare 3 kinds of method which used in template matching phase. Experiment results show that template matching method of multivariate normal distribution is superior to correlation method or LSM. The maximum success rate of template matching can be 88%. That means a 256-bit private key of SM2 can be recovered 225 bits by only acquiring one measurement of SM2 decryption in average. Some general countermeasures is not safe enough for DTTA. Defensive strategy should exploit the combination of multiple countermeasures to resist DTTA.

Yong-bo HU,Ye-yang ZHENG,Jun YU

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.08.035

2013-01-01

Abstract:(Abstract ) ) ) )This paper proposes a new template attack method in order to improve the efficiency of Advanced Encryption Standard(AES) template attack. This method includes a new attack algorithm and an optimized schedule. This new attack algorithm can access to the whole 128 bit key of AES by establishing Hamming weight template on each nonlinear table and 128 times of template classifications and this optimized schedule includes the preprocessing and principal component analysis of the signal. Experimental results show that this method can improve the efficiency of template attack and also decrease the memory usage and computing. (Key words )Advanced Encryption Standard(AES); side channel signal attack; template attack; Principal Component Analysis(PCA);

Qian Wang,An Wang,Gang Qu,Guoshuang Zhang

DOI: https://doi.org/10.1109/tmscs.2016.2643638

2017-01-01

IEEE Transactions on Multi-Scale Computing Systems

Abstract:Fault Sensitivity Analysis (FSA) is a side-channel attack that utilizes the sensitive delay of circuits to retrieve the key in cryptographic systems. In this paper, we propose the concept of right or wrong collision (RWC) rate and use it to build templates on two S-boxes, one is the target of the attack and the other is used as a reference. Compared to the traditional Hamming weight model which has eight different values, our template model is two-dimensional with 256 different values and has the potential to significantly reduce the number of plaintext required to reveal the key. Attack experiments show that our template attack can successfully break the masked AES algorithm with only one clock frequency. Furthermore, we propose two improved template attack methods that can reduce the complexity for building templates to 1/256 and 9/256 of the original method, respectively. The improved method with different frequencies also improves the efficiency of template matching by 86.3 percent. Finally and most importantly, our methods can be used to break masked AES where the S-boxes do not have to be implemented by parallel AND gates, a major limitation of the current Hamming weight models.

yijie ge,zheng guo,zhigang mao,junrong liu,jiachao chen

DOI: https://doi.org/10.2991/csic-15.2015.14

2015-01-01

Abstract:Security of cryptographic embedded devices has become a prevalent concern, especially since the introduction of Differential Power Analysis (DPA) by Paul Kocher et al. In the past years, many efforts have been made to improve the resistance against Side Channel Attack (SCA) of cryptographic devices. Among the countermeasures, masking is a typical and efficient strategy. However, a number of effective attacks on masked cryptographic devices have been developed in recent years, and this paper continues this line of research. On theory, a DES with a masking scheme is secure under first order SCA, but we dig out a new leakage problem which makes it possible to attack a masked DES without using higher-order power analysis. Concretely, we perform a first-order correlation power analysis based on the leakage relationship between two different arithmetic components of DES. And the reason for this leakage is analyzed and verified by us through simulation and real card attacks.

Sen Xu,Xiangjun Lu,Kaiyu Zhang,Yang Li,Lei Wang,Weijia Wang,Haihua Gu,Zheng Guo,Junrong Liu,Dawu Gu

DOI: https://doi.org/10.1007/s11432-017-9210-3

2018-01-01

Science China Information Sciences

Abstract:A template attack, the most powerful side-channel attack methods, usually first builds the leakage profiles from a controlled profiling device, and then uses these profiles to recover the secret of the target device. It is based on the fact that the profiling device shares similar leakage characteristics with the target device. In this study, we focus on the similar operations in a single device and propose a new variant of the template attack, called the similar operation template attack (SOTA). SOTA builds the models on public variables (e.g., input/output) and recovers the values of the secret variables that leak similar to the public variables. SOTA’s advantage is that it can avoid the requirement of an additional profiling device. In this study, the proposed SOTA method is applied to a straightforward RSA-CRT implementation. Because the leakage is (almost) the same in similar operations, we reduce the security of RSA-CRT to a hidden multiplier problem (HMP) over GF(q), which can be solved byte-wise using our proposed heuristic algorithm. The effectiveness of our proposed method is verified as an entire prime recovery procedure in a practical leakage scenario.

Fan Zhang,Yiran Zhang,Shengwen Shi,Shize Guo,Ziyuan Liang,Samiya Qureshi,Congyuan Xu

DOI: https://doi.org/10.1109/PADSW.2018.8644906

2018-01-01

Abstract:An optimized lightweight Hardware Trojan (HT)based fault attack is proposed, especially for those resource-constrained environments such as IoT networks. Firstly, Algebraic fault analysis (AFA)is introduced to evaluate different fault models and search for the optimal one. Next, considering the limited resource, a lightweight HT is carefully designed which only flips one bit of the circuit in IoT device. Finally, AFA is applied again to exploit the fault and recover the secret key. An illustrative attack is demonstrated on DES implemented on an FPGA platform, SASEBO-GII. This paper shows that, for single bit fault injection at different rounds or different indexes in the same round, the reduced key search space of DES varies. The proposed technique can search for the optimal fault model, guide the lightweight Hardware Trojan design and automatically recover the secret key. Only one fault is required to recover the secret key of DES, which improves the stealthiness of the designed Hardware Trojan in IoT networks. The entire attack framework can also be applied to other block ciphers such as AES and PRESENT.

Yufeng Tang,Zheng Gong,Tao Sun,Jinhai Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-030-88323-2_22

2021-01-01

Abstract:White-box block cipher (WBC) aims at protecting the secret key of a block cipher even if an adversary has full control over the implementations. At CHES 2016, Bos et al. proved that WBC are also threatened by side-channel analysis (SCA), e.g., differential fault analysis (DFA) and differential computation analysis (DCA). Therefore, advanced countermeasures have been proposed by Lee et al. for resisting DFA and DCA, such as table redundancy and improved masking methods, respectively. In this paper, we introduce a new adaptive side-channel analysis model which assumes that an adversary adaptively collects the intermediate values of a specific function and can mount the DFA/DCA attack with chosen inputs. In the adaptive SCA model, both theoretical analysis and experimental results show that Lee et al.’s proposed methods are vulnerable to DFA and DCA attacks. Moreover, a negative proposition is also demonstrated on the corresponding high-order countermeasures under our new model.

Shize Guo,Xinjie Zhao,Fan Zhang,Tao Wang,Zhijie Jerry Shi,Francois-Xavier Standaert,Chujiao Ma

DOI: https://doi.org/10.1109/tifs.2014.2315534

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Grobner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Zhe Liu,Jean-Francois Gallais

DOI: https://doi.org/10.1016/j.cose.2013.07.002

IF: 5.105

2013-01-01

Computers & Security

Abstract:Existing trace driven cache attacks (TDCAs) can only analyze the cache events in the first two rounds or the last round of AES, which limits the efficiency of the attacks. Recently, Zhao et al. proposed the multiple deductions-based algebraic side-channel attack (MDASCA) to cope with the errors in leakage measurements and to exploit new leakage models. Their preliminary results showed that MDASCA can improve TDCAs and attack the AES implemented with a compact lookup table of 256 bytes. This paper performs a comprehensive study of MDASCA-based TDCAs (MDATDCA) on most of the AES implementations that are widely used. First, the key recovery in TDCA is depicted by an abstract model regardless of the specific attack techniques. Then, the previous work of TDCAs on AES is classified into three types and its limitations are analyzed. How to utilize the cache events with MDATDCA is presented and the overhead is also calculated. To evaluate MDATDCA on AES, this paper constructs a mathematical model to estimate the maximal number of leakage rounds that can be utilized and the minimal number of cache traces required for a successful MDATDCA. Extensive experiments are conducted under different implementations, attack scenarios and key lengths of AES. The experimental results are consistent with the theoretical analysis. Many improvements are achieved. For the first time, we show that TDCAs on AES-192 and AES-256 become possible with the MDATDCA technique. Our work attests that combining TDCAs with algebraic techniques is a very efficient way to improve cache attacks.

Qian Wang,An Wang,Liji Wu,Gang Qu,Guoshuang Zhang

DOI: https://doi.org/10.1109/HST.2015.7140245

2015-01-01

Abstract:Fault Sensitivity Analysis (FSA) is an emerging fault based attack that utilizes the sensitive circuit delay information to retrieve keys. However, one of the major limitations of the existing FSA methods is that they are restricted to specific implementation of the AES S-box. In this paper, we introduce the notion of right or wrong collision rate to replace the current Hamming weight model. Based on this, we propose a novel template attack by injecting glitches simultaneously to two parallel S-boxes in AES. The proposed attack is independent of the implementation of the S-boxes. It expands the projections from 8 Hamming Weights to 256 different inputs of the S-box. Thus we eliminate the time consuming calculation process in the brute force searching for the same Hamming Weight. We implement the proposed attack and design experiments to verify these claims. Our template based FSA attack successfully breaks the AES algorithm with mask countermeasure. Furthermore, the number of plaintexts and the calculations are reduced in our method.

ZHAO Xin-jie,GUO Shi-ze,WANG Tao,ZHANG Fan

DOI: https://doi.org/10.3969/j.issn.1671-1742.2012.06.001

2012-01-01

Abstract:The security of EPCBC,a lightweight block cipher proposed in CANS 2011,against the side-channel cube attack is evaluated by combining cube cryptanalysis with side-channel attack under the 8-bit Hamming weight leakage model.Under the black-box attack scenario,the adversary firstly generates random cube and superpoly.Then the cube is used to generate chosen plaintexts.The adversary deduces one bit of the intermediate state from the side-channel attack for each chosen plaintext and computes the high order differences of these one bit values to verify the relations between the cube and superpoly.Simulation experiments are launched on two variants of EPCBC with different block lengths.The results demonstrate that the unprotected implementation of EPCBC is vulnerable to side-channel cube attacks.If the adversary can accurately deduce the Hamming weight of the intermediate states from the side-channel leakages,many cubes and superpolys can be extracted and used for key recovery.372 chosen plaintexts can recover 48-bit of the master key for EPCBC(48,96) and reduce the key search space to 248.610 chosen plaintexts can recover full 96-bit of the master key for EPCBC(96,96) directly.The techniques of this paper can provide certain references to black-box side-channel cube attacks on other block ciphers.

Wei Yang,Anmin Fu,Hailong Zhang,Chanying Huang

DOI: https://doi.org/10.1109/TrustCom50675.2020.00021

2020-01-01

Abstract:Side-channel analysis (SCA) is usually used for analyzing the side-channel resistance of a crypto device. However, it does not mean "practical secure" when a SCA attack fails since SCA only provides a success or failure conclusion. On the basis of the SCA data about scores and ranks of all candidates for each subkey, it is still possible to apply key enumeration (KE) algorithms to search the correct master key at an affordable overhead. Nevertheless, the efficiency of KE is limited by the SCA data in essence. To address the issue, we proposed two methods to exploit the SCA data and Riemann integral of the rank curves of all subkey candidates to update each correct subkey rank before carrying out KE. We applied the proposed methods for different crypto implementations running on different devices to verify their performance. Experimental studies for both mono-channel and multi-channel leakages verified that the proposed methods were effective in improving the efficiency of KE to recover the correct key. The proposed methods are designed for processing the SCA data and can be deemed as a preliminary before executing KE. The work of this paper bridges the gap between SCA and KE.

Changhai Ou,Siew-Kei Lam,Chengju Zhou,Guiyuan Jiang,Fan Zhang

DOI: https://doi.org/10.1109/tc.2020.3002795

IF: 3.183

2020-01-01

IEEE Transactions on Computers

Abstract:By introducing collision information into divide-and-conquer attacks, several existing works transform the original candidate space, which may be too large to enumerate, into a significantly smaller collision space, thus making key recovery possible. However, the inefficient collision detection algorithms and fault tolerance mechanisms make them time-consuming and their success rate low. Moreover, they may still leave very huge chain spaces that makes it difficult for key recovery. In this article, we exploit collision attack to optimize Template Attack (TA), and propose a Lightweight Collision Detection (LCD) algorithm. The proposed method exploits a jump detection mechanism to efficiently reduce the repetitive collision detections on chains with the same prefix sub-chains. We then introduce guessing theory to reorder the collision detection of the sub-keys according to their guessing lengths, and provide us with an evaluation tool. Finally, we design a highly efficient fault tolerance mechanism for our LCD to allow flexible thresholds adjustment, and further optimize sieving mechanism to efficiently extract the best chains with the largest number of collisions. Experimental results fully demonstrate LCD's superiority.

ZHAO Xin-jie,GUO Shi-ze,WANG Tao,ZHANG Fan,LIU Huiying,JI Ke-ke

DOI: https://doi.org/10.3969/j.issn.1671-1742.2012.04.001

2012-01-01

Abstract:The security of a lightweight block cipher KLEIN against the algebraic side-channel attack is evaluated by combining algebraic attack with side-channel attack under the Hamming weight leakage model.Firstly,the algebraic representation of KLEIN is given.Then,the Hamming weights of the intermediate states are deduced from analyzing the power leakages and converted into algebraic equations.Finally,the CryptoMinisat solver is applied to solve for the key.Based on three different error tolerant strategies,many physical experiments are conducted on KLEIN under an 8-bit microcontroller and the complexity of the attack is also evaluated.Experiment results show that: the unprotected software implementation of KLEIN is vulnerable to algebraic side-channel attack.Full 64-bit master key of KLEIN can be recovered by analyzing the Hamming weight leakages of the first round under know plaintext/ciphertext scenario and 2 rounds under unknown plaintext/ciphertext scenario.

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Hao Luo

DOI: https://doi.org/10.1587/transfun.e96.a.332

2012-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:This paper proposes several improved Side-channel cube attacks (SCCAs) on PRESENT-80/128 under single bit leakage model. Assuming the leakage is in the output of round 3 as in previous work, we discover new results of SCCA on PRESENT. Then an enhanced SCCA is proposed to extract key related non-linear equations. 64-bit key for both PRESENT-80 and 128 can be obtained. To mount more effective attack, we utilize the leakage in round 4 and enhance SCCA in two ways. A partitioning scheme is proposed to handle huge polynomials, and an iterative scheme is proposed to extract more key bits. With these enhanced techniques, the master key search space can be reduced to 28 for PRESENT-80 and to 229 for PRESENT-128.

Xiaoxin Cui,Rui Li,Wei Wei,Juan Gu,Xiaole Cui

DOI: https://doi.org/10.1109/ASICON.2013.6812024

2013-01-01

Abstract:Differential Power Analysis (DPA) reveals the secret key from the cryptographic device by side channel power leakage. Masking and Random Delay Insertion (RDI) are two countermeasures against DPA attack. But masking or RDI alone does not prevent DPA attack, they only enhance the difficulty of the attack. This paper proposes a novel countermeasure which associating masking with RDI. Furthermore, multi-masking instead of transformed masking is proposed in order to defend DPA attack based on hamming distance model. The combined countermeasure is implemented and verified on Data Encryption Standard (DES) algorithm. The results show that the combined countermeasure defends DPA attack with 105 power traces, and increases 40% ability against DPA with only 28% performance penalty.

Yi Chen,Zhenzhen Bao,Hongbo Yu

DOI: https://doi.org/10.1007/978-981-99-8727-6_8

2023-01-01

Abstract:The differential-linear attack is one of the most effective attacks against ARX ciphers. However, two technical problems are preventing it from being more effective and having more applications: (1) there is no efficient method to search for good differential-linear approximations. Existing methods either have many constraints or are currently inefficient. (2) partitioning technique has great potential to reduce the time complexity of the key-recovery attack, but there is no general tool to construct partitions for ARX ciphers. In this work, we step forward in solving the two problems. First, we propose a novel idea for generating new good differential-linear approximations from known ones, based on which new searching algorithms are designed. Second, we propose a general tool named partition tree, for constructing partitions for ARX ciphers. Based on these new techniques, we present better attacks for two ISO/IEC standards, i.e., LEA and Speck. For LEA, we present the first 17-round distinguisher which is 1 round longer than the previous best distinguisher. Furthermore, we present the first key recovery attacks on 17-round LEA-128, 18-round LEA-192, and 18-round LEA-256, which attack 3, 4, and 3 rounds more than the previous best attacks. For Speck, we find better differential-linear distinguishers for Speck48 and Speck64. The first differential-linear distinguishers for Speck96 and Speck128 are also presented.

yongbo hu,yeyang zheng,jun yu

DOI: https://doi.org/10.1007/978-3-642-35211-9_31

2012-01-01

Abstract:The author uses a new effective schedule of template attack method to attack 128 bit AES[7] successfully. This new method which includes only one type of template and several times of classification can access to the whole 128 bits key of AES theoretically. Moreover, the author also comes up with some improvements in order to use less memory and computing to make the attack more efficient.

Rui Li,Xiaoxin Cui,Wei Wei,Di Wu,Kai Liao,Nan Liao,KaiSheng Ma,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/EDSSC.2013.6628153

2013-01-01

Abstract:Differential Power Analysis (DPA) reveals the secret key from the cryptographic device by side channel power leakage. Masking and Random Delay Insertion (RDI) are two effective countermeasures against DPA attack. This paper propose a novel countermeasure which associating masking with RDI, further, Multi-Masking instead of Transformed Masking is proposed in order to defend DPA attack based on hamming distance model. The combined countermeasure is implemented on Data Encryption Standard (DES). The results show that combined countermeasure defends DPA attack with 105 power traces, and increases 40% ability against DPA.