On side channel vulnerabilities of bit permutations in cryptographic algorithms
Lightweight block ciphers rely on simple operations to allow compact implementation. Thanks to its efficiency, bit permutation has emerged as an optimal choice for state-wise diffusion. It can be implemented by simple wiring in hardware or shifts in software. However, efficiency and security often g...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/137805 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-137805 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1378052020-04-20T02:07:46Z On side channel vulnerabilities of bit permutations in cryptographic algorithms Breier, Jakub Jap, Dirmanto Hou, Xiaolu Bhasin, Shivam School of Computer Science and Engineering Physical Analysis and Cryptographic Engineering Laboratory Temasek Laboratories Engineering::Computer science and engineering::Data::Data encryption Block Ciphers Side-channel Attacks Lightweight block ciphers rely on simple operations to allow compact implementation. Thanks to its efficiency, bit permutation has emerged as an optimal choice for state-wise diffusion. It can be implemented by simple wiring in hardware or shifts in software. However, efficiency and security often go against each other. In this paper, we show how bit permutations introduce a side-channel vulnerability that can be exploited to extract the secret key from the cipher. Such vulnerabilities are specific to bit permutations and do not occur in other state-wise diffusion alternatives. We propose side-channel assisted differential-plaintext attack (SCADPA) which targets this vulnerability in the bit permutation operation. SCADPA is first experimentally demonstrated on PRESENT-80 on an 8-bit microcontroller, with the best case key recovery in 17 encryptions. In Addition, we adjust SCADPA to state-of-the-art bit sliced implementation from CHES'17 with experimental evaluation on a 32-bit microcontroller. The attack is then extended to latest bit-permutation-based cipher GIFT, allowing full key recovery in 36 encryptions. Application for reverse engineering of secret S-boxes in PRESENT-like proprietary ciphers is also shown. NRF (Natl Research Foundation, S’pore) Accepted version 2020-04-15T03:38:35Z 2020-04-15T03:38:35Z 2019 Journal Article Breier, J., Jap, D., Hou, X., & Bhasin, S. (2019). On side channel vulnerabilities of bit permutations in cryptographic algorithms. IEEE Transactions on Information Forensics and Security, 15, 1072-1085. doi:10.1109/TIFS.2019.2932230 1556-6013 https://hdl.handle.net/10356/137805 10.1109/TIFS.2019.2932230 2-s2.0-85070373295 15 1072 1085 en IEEE Transactions on Information Forensics and Security © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/TIFS.2019.2932230 application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| country |
Singapore |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Data::Data encryption Block Ciphers Side-channel Attacks |
| spellingShingle |
Engineering::Computer science and engineering::Data::Data encryption Block Ciphers Side-channel Attacks Breier, Jakub Jap, Dirmanto Hou, Xiaolu Bhasin, Shivam On side channel vulnerabilities of bit permutations in cryptographic algorithms |
| description |
Lightweight block ciphers rely on simple operations to allow compact implementation. Thanks to its efficiency, bit permutation has emerged as an optimal choice for state-wise diffusion. It can be implemented by simple wiring in hardware or shifts in software. However, efficiency and security often go against each other. In this paper, we show how bit permutations introduce a side-channel vulnerability that can be exploited to extract the secret key from the cipher. Such vulnerabilities are specific to bit permutations and do not occur in other state-wise diffusion alternatives. We propose side-channel assisted differential-plaintext attack (SCADPA) which targets this vulnerability in the bit permutation operation. SCADPA is first experimentally demonstrated on PRESENT-80 on an 8-bit microcontroller, with the best case key recovery in 17 encryptions. In Addition, we adjust SCADPA to state-of-the-art bit sliced implementation from CHES'17 with experimental evaluation on a 32-bit microcontroller. The attack is then extended to latest bit-permutation-based cipher GIFT, allowing full key recovery in 36 encryptions. Application for reverse engineering of secret S-boxes in PRESENT-like proprietary ciphers is also shown. |
| author2 |
School of Computer Science and Engineering |
| author_facet |
School of Computer Science and Engineering Breier, Jakub Jap, Dirmanto Hou, Xiaolu Bhasin, Shivam |
| format |
Article |
| author |
Breier, Jakub Jap, Dirmanto Hou, Xiaolu Bhasin, Shivam |
| author_sort |
Breier, Jakub |
| title |
On side channel vulnerabilities of bit permutations in cryptographic algorithms |
| title_short |
On side channel vulnerabilities of bit permutations in cryptographic algorithms |
| title_full |
On side channel vulnerabilities of bit permutations in cryptographic algorithms |
| title_fullStr |
On side channel vulnerabilities of bit permutations in cryptographic algorithms |
| title_full_unstemmed |
On side channel vulnerabilities of bit permutations in cryptographic algorithms |
| title_sort |
on side channel vulnerabilities of bit permutations in cryptographic algorithms |
| publishDate |
2020 |
| url |
https://hdl.handle.net/10356/137805 |
| _version_ |
1681058613115748352 |