SCADPA: Side-channel assisted differential-plaintext attack on bit permutation based ciphers
Bit permutations are a common choice for diffusion function in lightweight block ciphers, owing to their low implementation footprint. In this paper, we present a novel Side-Channel Assisted Differential-Plaintext Attack (SCADPA), exploiting specific vulnerabilities of bit permutations. SCADPA is a...
Saved in:
Main Authors: | , , |
---|---|
Other Authors: | |
Format: | Conference or Workshop Item |
Language: | English |
Published: |
2018
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/88793 http://hdl.handle.net/10220/44744 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-88793 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-887932020-09-26T22:16:14Z SCADPA: Side-channel assisted differential-plaintext attack on bit permutation based ciphers Breier, Jakub Jap, Dirmanto Bhasin, Shivam 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE) Temasek Laboratories Bit Permutations Ciphers Bit permutations are a common choice for diffusion function in lightweight block ciphers, owing to their low implementation footprint. In this paper, we present a novel Side-Channel Assisted Differential-Plaintext Attack (SCADPA), exploiting specific vulnerabilities of bit permutations. SCADPA is a chosen-plaintext attack, knowledge of the ciphertext is not required. Unlike statistical methods, commonly used for distinguisher in standard power analysis, the proposed method is more differential in nature. The attack shows that diffusion layer can play a significant role in distinguishing the internal cipher state. We demonstrate how to practically exploit such vulnerability to extract the secret key. Results on microcontroller-based PRESENT-80 cipher lead to full key retrieval using as low as 17 encryptions. It is possible to automate the attack by using a thresholding method detailed in the paper. Several case studies are presented, using various attacker models and targeting different encryption modes (such as CTR and CBC). We provide a discussion on how to avoid such attack from the design point of view. Published version 2018-05-03T08:27:20Z 2019-12-06T17:10:59Z 2018-05-03T08:27:20Z 2019-12-06T17:10:59Z 2018-04-01 2018 Conference Paper Breier, J., Jap, D., & Bhasin, S. (2018). SCADPA: Side-channel assisted differential-plaintext attack on bit permutation based ciphers. 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE), 1129-1134. https://hdl.handle.net/10356/88793 http://hdl.handle.net/10220/44744 10.23919/DATE.2018.8342180 206798 en © 2018 European Design and Automation Association (EDAA). This paper was published in 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE) and is made available as an electronic reprint (preprint) with permission of EDAA. The published version is available at: [http://dx.doi.org/10.23919/DATE.2018.8342180]. One print or electronic copy may be made for personal use only. Systematic or multiple reproduction, distribution to multiple locations via electronic or other means, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper is prohibited and is subject to penalties under law. 6 p. application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
country |
Singapore |
collection |
DR-NTU |
language |
English |
topic |
Bit Permutations Ciphers |
spellingShingle |
Bit Permutations Ciphers Breier, Jakub Jap, Dirmanto Bhasin, Shivam SCADPA: Side-channel assisted differential-plaintext attack on bit permutation based ciphers |
description |
Bit permutations are a common choice for diffusion function in lightweight block ciphers, owing to their low implementation footprint. In this paper, we present a novel Side-Channel Assisted Differential-Plaintext Attack (SCADPA), exploiting specific vulnerabilities of bit permutations. SCADPA is a chosen-plaintext attack, knowledge of the ciphertext is not required. Unlike statistical methods, commonly used for distinguisher in standard power analysis, the proposed method is more differential in nature. The attack shows that diffusion layer can play a significant role in distinguishing the internal cipher state. We demonstrate how to practically exploit such vulnerability to extract the secret key. Results on microcontroller-based PRESENT-80 cipher lead to full key retrieval using as low as 17 encryptions. It is possible to automate the attack by using a thresholding method detailed in the paper. Several case studies are presented, using various attacker models and targeting different encryption modes (such as CTR and CBC). We provide a discussion on how to avoid such attack from the design point of view. |
author2 |
2018 Design, Automation & Test in Europe Conference & Exhibition (DATE) |
author_facet |
2018 Design, Automation & Test in Europe Conference & Exhibition (DATE) Breier, Jakub Jap, Dirmanto Bhasin, Shivam |
format |
Conference or Workshop Item |
author |
Breier, Jakub Jap, Dirmanto Bhasin, Shivam |
author_sort |
Breier, Jakub |
title |
SCADPA: Side-channel assisted differential-plaintext attack on bit permutation based ciphers |
title_short |
SCADPA: Side-channel assisted differential-plaintext attack on bit permutation based ciphers |
title_full |
SCADPA: Side-channel assisted differential-plaintext attack on bit permutation based ciphers |
title_fullStr |
SCADPA: Side-channel assisted differential-plaintext attack on bit permutation based ciphers |
title_full_unstemmed |
SCADPA: Side-channel assisted differential-plaintext attack on bit permutation based ciphers |
title_sort |
scadpa: side-channel assisted differential-plaintext attack on bit permutation based ciphers |
publishDate |
2018 |
url |
https://hdl.handle.net/10356/88793 http://hdl.handle.net/10220/44744 |
_version_ |
1681059680348012544 |