Abstract
This study investigates a new side-channel leakage observed in the inner rounds of an unrolled hardware implementation of block ciphers in a chosen-input attack scenario. The side-channel leakage occurs in the first round and it can be observed in the later inner rounds because it arises from path activation bias caused by the difference between two consecutive inputs. Therefore, a new attack that exploits the leakage is possible even for unrolled implementations equipped with countermeasures (masking and/or deglitchers that separate the circuit in terms of glitch propagation) in the round involving the leakage. We validate the existence of such a unique side-channel leakage through a set of experiments with a fully unrolled PRINCE cipher hardware, implemented on a field-programmable gate array (FPGA). In addition, we verify the validity and evaluate the hardware cost of a countermeasure for the unrolled implementation, namely the Threshold Implementation (TI) countermeasure.
Highlights
L OW-LATENCY block ciphers, such as PRINCE [1], MANTIS [2], and QARMA [3], have attracted considerable interest in recent years owing to their ability to perform encryption operations with extremely low latency
We show that the new side-channel leakage originates from the leakage model of unrolled architectures, which can be explained by the same principle as that of differential cryptanalysis [25]
The existence and validity of this side-channel leakage were demonstrated through a set of experiments involving PRINCE hardwareimplemented on fieldprogrammable gate array (FPGA)
Summary
L OW-LATENCY block ciphers, such as PRINCE [1], MANTIS [2], and QARMA [3], have attracted considerable interest in recent years owing to their ability to perform encryption operations with extremely low latency. Side-channel attacks on block ciphers usually assume that the target cipher is implemented with a loop architecture that stores intermediate results (i.e., round outputs) in registers synchronously. It is critical to determine the number of rounds in which the countermeasures are to be applied because the total latency and power consumption of the protected implementation are proportional to this number in the case of unrolled architectures. This study investigates a unique side-channel leakage observable in the inner rounds of an unrolled block cipher implementation in a chosen-input attack scenario. A first-order leakage appears in the case of unrolled implementations, even if side-channel countermeasures are applied to the first few rounds.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have