1 Imam Hossein Comprehensive University


3 Information Technology and Communication Faculty, Imam Hossein Comprehensive University, Tehran, Iran



Authenticated encryption schemes are important cryptographic primitives that received extensive attention recently. They can provide both confidentiality and authenticity services, simultaneously. Correlation power analysis (CPA) can be a thread for authenticated ciphers, similar to the any physical implementation of any other cryptographic scheme. In this paper, a three-step CPA attack against COLM, one of the winners of CAESAR, is presented to indicate its vulnerability. To validate this attack, COLM is implemented on the FPGA of the SAKURA-G board. A successful CPA attack with zero value power model is mounted by measuring and collecting 1,800 power traces. In addition, a protected hardware architecture for COLM is proposed to make this design secure against first-order CPA attacks, where a domain-oriented masking (DOM) scheme with two-input/output shares is used to protect it. To verify these countermeasures, we mount first and second-order CPA attacks and a non-specified t-test on the protected COLM.
Keywords: Authenticated Cipher, COLM, CPA, DOM, Masking.


[1] Doug Whiting, Russ Housley, and Niels Ferguson. Counter with CBC-MAC (CCM). RFC3610, 2003.

[2] Ted Krovetz and Phillip Rogaway. The OCB authenticated-encryption algorithm. internet engineering task force (IETF) RFC 7253., 2014.

[3] David McGrew and John Viega. The galois/counter mode of operation (GCM). submission to NIST Modes of Operation Process, 20, 2004.

[4] Niels Ferguson. Authentication weaknesses in GCM. Comments submitted to NIST Modes of Operation Process, pages 1–19, 2005.

[5] Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, and Philipp Jovanovic. Noncedisrespecting adversaries: Practical forgery attacks on gcm in tls. Cryptology ePrint Archive, Report 2016/475, 2016. https://eprint.iacr. org/2016/475.

[6] CAESAR: Competition for authenticated encryption: Security, applicability, and robustnes. http: // .

[7] Elena Andreeva, Andrey Bogdanov, Nilanjan Datta, Atul Luykx, Bart Mennink, Mridul Nandi, Elmar Tischhauser, and Kan Yasuda. COLM v1. CAESAR competition proposal, 2016. round3/colmv1.pdf .

[8] Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In Annual International Cryptology Conference, pages 388–397. Springer, 1999.

[9] Alexandre Adomnicai, Jacques J.A. Fournier, and Laurent Masson. Masking the lightweight authenticated ciphers ACORN and Ascon in software. Cryptology ePrint Archive, Report 2018/708, 2018. 2018/708.

[10] Niels Samwel and Joan Daemen. DPA on hardware implementations of Ascon and Keyak. In Proceedings of the Computing Frontiers Conference, pages 415–424. ACM, 2017.

[11] Hannes Gross, Erich Wenger, Christoph Dobraunig, and Christoph Ehrenhöfer. Ascon hardware implementations and side-channel evaluation. Microprocessors and Microsystems, 52:470– 479, 2017.

[12] Svetla Nikova, Vincent Rijmen, and Martin Schläffer. Secure hardware implementation of nonlinear functions in the presence of glitches. Journal of Cryptology, 24(2):292–321, 2011. [13] William Diehl, Abubakr Abdulgadir, Farnoud Farahmand, Jens-Peter Kaps, and Kris Gaj. Comparison of cost of protection against differential power analysis of selected authenticated ciphers. Cryptography, 2(3):26, 2018.

[14] Mohsen Jahanbani, Zeinolabedin Norozi, and Nasour Bagheri. DPA protected implementation of OCB and COLM authenticated ciphers. IEEE Access, 7:139815–139826, 2019.

[15] Eric Brier, Christophe Clavier, and Francis Olivier. Correlation power analysis with a leakage model. In International workshop on cryptographic hardware and embedded systems, pages 16–29. Springer, 2004.

[16] Hannes Gross, Stefan Mangard, and Thomas Korak. Domain-oriented masking: Compact masked hardware implementations with arbitrary protection order. Cryptology ePrint Archive, Report 2016/486, 2016. https://eprint.iacr. org/2016/486 .

[17] A Generic Side-Channel Distinguisher, Benedikt Gierlichs, Lejla Batina, Pim Tuyls, and Bart Preneel. Mutual information analysis. In Cryptographic Hardware and Embedded Systems–CHES 2008: 10th International Workshop, Washington, DC, USA, August 10-13, 2008, Proceedings, page 426. Springer Science & Business Media, 2008.

[18] Dakshi Agrawal, Josyula R Rao, and Pankaj Rohatgi. Multi-channel attacks. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 2–16. Springer, 2003.

[19] Stefan Mangard, Elisabeth Oswald, and Thomas Popp. Power analysis attacks: Revealing the secrets of smart cards, volume 31. Springer Science & Business Media, 2008.

[20] David Canright and Lejla Batina. A very compact “perfectly masked” S-box for AES. In International Conference on Applied Cryptography and Network Security, pages 446–459. Springer, 2008.

[21] Amir Moradi, Oliver Mischke, and Thomas Eisenbarth. Correlation-enhanced power analysis collision attack. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 125–139. Springer, 2010.

[22] Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. A more efficient AES threshold implementation. In International Conference on Cryptology in Africa, pages 267–284. Springer, 2014.

[23] Hannes Groß, Stefan Mangard, and Thomas Korak. An efficient side-channel protected AES implementation with arbitrary protection order. In Cryptographers’ Track at the RSA Conference, pages 95–112. Springer, 2017.

[24] Amir Moradi. Advances in side-channel security. PhD thesis, Habilitation thesis, Ruhr-Universität Bochum, 2016.

[25] Amir Moradi, Axel Poschmann, San Ling, Christof Paar, and Huaxiong Wang. Pushing the limits: A very compact and a threshold implementation of AES. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 69–88. Springer, 2011.

[26] Side-channel attack user reference architecture. hardware.html .

[27] chipwhisperer .

[28] Josh Jaffe. A first-order DPA attack against AES in counter mode with unknown initial counter. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 1–13. Springer, 2007.

[29] Thomas De Cnudde, Oscar Reparaz, Begül Bilgin, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. Masking AES with d + 1 shares in hardware. In International Conference on Cryptographic Hardware and Embedded Systems, pages 194–212. Springer, 2016.

[30] Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. Tradeoffs for threshold implementations illustrated on AES. IEEE Transactions on ComputerAided Design of Integrated Circuits and Systems, 34(7):1188–1200, 2015.

[31] Felix Wegener and Amir Moradi. A first-order SCA resistant AES without fresh randomness. In International Workshop on Constructive SideChannel Analysis and Secure Design, pages 245– 262. Springer, 2018.

[32] Ashrujit Ghoshal and Thomas De Cnudde. Several masked implementations of the boyarperalta AES S-box. In International Conference on Cryptology in India, pages 384–402. Springer, 2017.

[33] Rei Ueno, Naofumi Homma, and Takafumi Aoki. Toward more efficient DPA-resistant AES hardware architecture based on threshold implementation. In International Workshop on Constructive Side-Channel Analysis and Secure Design, pages 50–64. Springer, 2017.

[34] David Canright. A very compact S-box for AES. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 441–455. Springer, 2005.

[35] GMU implementations of authenticated ciphers. george mason university. index.php?id=CAESAR.

[36] George Becker, J Cooper, Elke DeMulder, Gilbert Goodwill, Joshua Jaffe, G Kenworthy, T Kouzminov, A Leiserson, M Marson, Pankaj Rohatgi, et al. Test vector leakage assessment (TVLA) methodology in practice. In International Cryptographic Module Conference, volume 1001, page 13, 2013.

[37] Tobias Schneider and Amir Moradi. Leakage assessment methodology. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 495–513. Springer, 2015.