On side channel vulnerabilities of bit permutations in cryptographic algorithms

Lightweight block ciphers rely on simple operations to allow compact implementation. Thanks to its efficiency, bit permutation has emerged as an optimal choice for state-wise diffusion. It can be implemented by simple wiring in hardware or shifts in software. However, efficiency and security often g...

Full description

Saved in:
Bibliographic Details
Main Authors: Breier, Jakub, Jap, Dirmanto, Hou, Xiaolu, Bhasin, Shivam
Other Authors: School of Computer Science and Engineering
Format: Article
Language:English
Published: 2020
Subjects:
Online Access:https://hdl.handle.net/10356/137805
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:Lightweight block ciphers rely on simple operations to allow compact implementation. Thanks to its efficiency, bit permutation has emerged as an optimal choice for state-wise diffusion. It can be implemented by simple wiring in hardware or shifts in software. However, efficiency and security often go against each other. In this paper, we show how bit permutations introduce a side-channel vulnerability that can be exploited to extract the secret key from the cipher. Such vulnerabilities are specific to bit permutations and do not occur in other state-wise diffusion alternatives. We propose side-channel assisted differential-plaintext attack (SCADPA) which targets this vulnerability in the bit permutation operation. SCADPA is first experimentally demonstrated on PRESENT-80 on an 8-bit microcontroller, with the best case key recovery in 17 encryptions. In Addition, we adjust SCADPA to state-of-the-art bit sliced implementation from CHES'17 with experimental evaluation on a 32-bit microcontroller. The attack is then extended to latest bit-permutation-based cipher GIFT, allowing full key recovery in 36 encryptions. Application for reverse engineering of secret S-boxes in PRESENT-like proprietary ciphers is also shown.