Document Type: Research Article

Authors

1 Imam Hossein Comprehensive University

2 SRTTU

3 Information Technology and Communication Faculty, Imam Hossein Comprehensive University, Tehran, Iran

10.22042/isecure.2020.191916.471

Abstract

Authenticated encryption schemes are important cryptographic primitives that received extensive attention recently. They can provide both confidentiality and authenticity services, simultaneously. Correlation power analysis (CPA) can be a thread for authenticated ciphers, similar to the any physical implementation of any other cryptographic scheme. In this paper, a three-step CPA attack against COLM, one of the winners of CAESAR, is presented to indicate its vulnerability. To validate this attack, COLM is implemented on the FPGA of the SAKURA-G board. A successful CPA attack with zero value power model is mounted by measuring and collecting 1,800 power traces. In addition, a protected hardware architecture for COLM is proposed to make this design secure against first-order CPA attacks, where a domain-oriented masking (DOM) scheme with two-input/output shares is used to protect it. To verify these countermeasures, we mount first and second-order CPA attacks and a non-specified t-test on the protected COLM.
Keywords: Authenticated Cipher, COLM, CPA, DOM, Masking.

Keywords

[1] Doug Whiting, Russ Housley, and Niels Ferguson. Counter with CBC-MAC (CCM). RFC3610, 2003.

[2] Ted Krovetz and Phillip Rogaway. The OCB authenticated-encryption algorithm. internet engineering task force (IETF) RFC 7253. https://tools.ietf.org/html/rfc7253, 2014.

[3] David McGrew and John Viega. The galois/counter mode of operation (GCM). submission to NIST Modes of Operation Process, 20, 2004.

[4] Niels Ferguson. Authentication weaknesses in GCM. Comments submitted to NIST Modes of Operation Process, pages 1–19, 2005.

[5] Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, and Philipp Jovanovic. Noncedisrespecting adversaries: Practical forgery attacks on gcm in tls. Cryptology ePrint Archive, Report 2016/475, 2016. https://eprint.iacr. org/2016/475.

[6] CAESAR: Competition for authenticated encryption: Security, applicability, and robustnes. http: //competitions.cr.yp.to/caesar.html .

[7] Elena Andreeva, Andrey Bogdanov, Nilanjan Datta, Atul Luykx, Bart Mennink, Mridul Nandi, Elmar Tischhauser, and Kan Yasuda. COLM v1. CAESAR competition proposal, 2016. http://competitions.cr.yp.to/ round3/colmv1.pdf .

[8] Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In Annual International Cryptology Conference, pages 388–397. Springer, 1999.

[9] Alexandre Adomnicai, Jacques J.A. Fournier, and Laurent Masson. Masking the lightweight authenticated ciphers ACORN and Ascon in software. Cryptology ePrint Archive, Report 2018/708, 2018. https://eprint.iacr.org/ 2018/708.

[10] Niels Samwel and Joan Daemen. DPA on hardware implementations of Ascon and Keyak. In Proceedings of the Computing Frontiers Conference, pages 415–424. ACM, 2017.

[11] Hannes Gross, Erich Wenger, Christoph Dobraunig, and Christoph Ehrenhöfer. Ascon hardware implementations and side-channel evaluation. Microprocessors and Microsystems, 52:470– 479, 2017.

[12] Svetla Nikova, Vincent Rijmen, and Martin Schläffer. Secure hardware implementation of nonlinear functions in the presence of glitches. Journal of Cryptology, 24(2):292–321, 2011. [13] William Diehl, Abubakr Abdulgadir, Farnoud Farahmand, Jens-Peter Kaps, and Kris Gaj. Comparison of cost of protection against differential power analysis of selected authenticated ciphers. Cryptography, 2(3):26, 2018.

[14] Mohsen Jahanbani, Zeinolabedin Norozi, and Nasour Bagheri. DPA protected implementation of OCB and COLM authenticated ciphers. IEEE Access, 7:139815–139826, 2019.

[15] Eric Brier, Christophe Clavier, and Francis Olivier. Correlation power analysis with a leakage model. In International workshop on cryptographic hardware and embedded systems, pages 16–29. Springer, 2004.

[16] Hannes Gross, Stefan Mangard, and Thomas Korak. Domain-oriented masking: Compact masked hardware implementations with arbitrary protection order. Cryptology ePrint Archive, Report 2016/486, 2016. https://eprint.iacr. org/2016/486 .

[17] A Generic Side-Channel Distinguisher, Benedikt Gierlichs, Lejla Batina, Pim Tuyls, and Bart Preneel. Mutual information analysis. In Cryptographic Hardware and Embedded Systems–CHES 2008: 10th International Workshop, Washington, DC, USA, August 10-13, 2008, Proceedings, page 426. Springer Science & Business Media, 2008.

[18] Dakshi Agrawal, Josyula R Rao, and Pankaj Rohatgi. Multi-channel attacks. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 2–16. Springer, 2003.

[19] Stefan Mangard, Elisabeth Oswald, and Thomas Popp. Power analysis attacks: Revealing the secrets of smart cards, volume 31. Springer Science & Business Media, 2008.

[20] David Canright and Lejla Batina. A very compact “perfectly masked” S-box for AES. In International Conference on Applied Cryptography and Network Security, pages 446–459. Springer, 2008.

[21] Amir Moradi, Oliver Mischke, and Thomas Eisenbarth. Correlation-enhanced power analysis collision attack. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 125–139. Springer, 2010.

[22] Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. A more efficient AES threshold implementation. In International Conference on Cryptology in Africa, pages 267–284. Springer, 2014.

[23] Hannes Groß, Stefan Mangard, and Thomas Korak. An efficient side-channel protected AES implementation with arbitrary protection order. In Cryptographers’ Track at the RSA Conference, pages 95–112. Springer, 2017.

[24] Amir Moradi. Advances in side-channel security. PhD thesis, Habilitation thesis, Ruhr-Universität Bochum, 2016.

[25] Amir Moradi, Axel Poschmann, San Ling, Christof Paar, and Huaxiong Wang. Pushing the limits: A very compact and a threshold implementation of AES. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 69–88. Springer, 2011.

[26] Side-channel attack user reference architecture. http://satoh.cs.uec.ac.jp/SAKURA/ hardware.html .

[27] https://github.com/newaetech/ chipwhisperer .

[28] Josh Jaffe. A first-order DPA attack against AES in counter mode with unknown initial counter. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 1–13. Springer, 2007.

[29] Thomas De Cnudde, Oscar Reparaz, Begül Bilgin, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. Masking AES with d + 1 shares in hardware. In International Conference on Cryptographic Hardware and Embedded Systems, pages 194–212. Springer, 2016.

[30] Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. Tradeoffs for threshold implementations illustrated on AES. IEEE Transactions on ComputerAided Design of Integrated Circuits and Systems, 34(7):1188–1200, 2015.

[31] Felix Wegener and Amir Moradi. A first-order SCA resistant AES without fresh randomness. In International Workshop on Constructive SideChannel Analysis and Secure Design, pages 245– 262. Springer, 2018.

[32] Ashrujit Ghoshal and Thomas De Cnudde. Several masked implementations of the boyarperalta AES S-box. In International Conference on Cryptology in India, pages 384–402. Springer, 2017.

[33] Rei Ueno, Naofumi Homma, and Takafumi Aoki. Toward more efficient DPA-resistant AES hardware architecture based on threshold implementation. In International Workshop on Constructive Side-Channel Analysis and Secure Design, pages 50–64. Springer, 2017.

[34] David Canright. A very compact S-box for AES. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 441–455. Springer, 2005.

[35] GMU implementations of authenticated ciphers. george mason university. https://cryptography.gmu.edu/athena/ index.php?id=CAESAR.

[36] George Becker, J Cooper, Elke DeMulder, Gilbert Goodwill, Joshua Jaffe, G Kenworthy, T Kouzminov, A Leiserson, M Marson, Pankaj Rohatgi, et al. Test vector leakage assessment (TVLA) methodology in practice. In International Cryptographic Module Conference, volume 1001, page 13, 2013.

[37] Tobias Schneider and Amir Moradi. Leakage assessment methodology. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 495–513. Springer, 2015.