SITM: See-In-The-Middle Side-Channel Assisted Middle Round Differential Cryptanalysis on SPN Block Ciphers

Shivam Bhasin,Jakub Breier,Xiaolu Hou,Siang Meng Sim,Dirmanto Jap,Romain Poussier

doi:10.46586/tches.v2020.i1.95-122

Abstract

Side-channel analysis constitutes a powerful attack vector against cryptographic implementations. Techniques such as power and electromagnetic side-channel analysis have been extensively studied to provide an efficient way to recover the secret key used in cryptographic algorithms. To protect against such attacks, countermeasure designers have developed protection methods, such as masking and hiding, to make the attacks harder. However, due to significant overheads, these protections are sometimes deployed only at the beginning and the end of encryption, which are the main targets for side-channel attacks.In this paper, we present a methodology for side-channel assisted differential cryptanalysis attack to target middle rounds of block cipher implementations. Such method presents a powerful attack vector against designs that normally only protect the beginning and end rounds of ciphers. We generalize the attack to SPN based ciphers and calculate the effort the attacker needs to recover the secret key. We provide experimental results on 8-bit and 32-bit microcontrollers. We provide case studies on state-of-the-art symmetric block ciphers, such as AES, SKINNY, and PRESENT. Furthermore, we show how to attack shuffling-protected implementations.

Highlights

Over the past two decades, side-channel analysis (SCA) has become one of the most studied physical attack methods against cryptographic implementations
We demonstrate with practical experiments that SITM can attack middle rounds protected with shuffling countermeasure, even at low Signal to Noise Ratio (SNR)
We have presented SITM, a new attack methodology for side-channel attacks, motivated by recently proposed Side-Channel Assisted Differential Plaintext Attack (SCADPA), in combination with differential cryptanalysis method

Summary

Introduction

Over the past two decades, side-channel analysis (SCA) has become one of the most studied physical attack methods against cryptographic implementations. The power of side-channel was combined with differential cryptanalysis to break bit-permutation based block ciphers like PRESENT and GIFT. This method is called “SCADPA” (Side-Channel Assisted Differential Plaintext Attack [BJB18, BJHB19]). In [BJB18, BJHB19], SCADPA exploited the simplistic nature of bit permutation in PRESENT and GIFT to recover the Sbox differentials in the first round of the cipher. As stated by the authors, SCADPA is limited to bit permutation ciphers and Licensed under Creative Commons License CC-BY 4.0.

Objectives

Methods

Findings

Discussion

Conclusion