Correlation Power Analysis of Lightweight Block Ciphers

Size: px

Start display at page:

Download "Correlation Power Analysis of Lightweight Block Ciphers"

Lewis Burke
5 years ago
Views:

Großschädl SnT, University of Luxembourg ESC 2017

1 Correlation Power Analysis of Lightweight Block Ciphers From Theory to Practice Alex Biryukov Daniel Dinu Johann Großschädl SnT, University of Luxembourg ESC 2017 (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

2 Outline 1 Motivation 2 Theory Selection Function Correlation Power Analysis (CPA) 3 Practice Evaluation Framework Quantifying the Leakage Results 4 Conclusion (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

3 Motivation Theory many theoretical metrics for the SCA resistance of S-boxes: Nonlinearity (NL) Transparency Order (TO) Improved Transparency Order (ITO) DPA Signal-to-Noise Ratio (SNR)... SCA resistance is often associated with low nonlinearity (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

4 Motivation Theory many theoretical metrics for the SCA resistance of S-boxes: Nonlinearity (NL) Transparency Order (TO) Improved Transparency Order (ITO) DPA Signal-to-Noise Ratio (SNR)... SCA resistance is often associated with low nonlinearity Practice how good are these theoretical metrics to quantify the SCA leakage? which are the best targets for SCA attacks? (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

5 Selection Function x known part of the input of the round function k unknown part of the round key Definition (Selection Function) In the context of side-channel attacks, a selection function gives the intermediate result, also referred to as sensitive value φ k, which is used by the attacker to recover the secret key. ϕ : F n 2 F m 2 φ k = ϕ(x, k) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

6 Correlation Power Analysis (CPA) φ k = ϕ(x, k) sensitive value used by the attacker to recover the secret key x known part of the input of the round function k unknown part of the round key Definition (Correlation Power Analysis (CPA)) Given a set of power traces and the corresponding sets of intermediate values φ 1, φ 2,...φ 2 k, Correlation Power Analysis (CPA) aims at recovering the secret subkey k using a correlation factor between the measured power samples and the power model of the computed sensitive values. (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

7 Evaluation Framework Measurement Setup target board: 8-bit AVR ATmega2561 oscilloscope: LeCroy waverunner 104MXi noise reduction: Farday cage, regulated power supply, fiber-optic communication (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

8 Evaluation Framework Measurement Setup target board: 8-bit AVR ATmega2561 oscilloscope: LeCroy waverunner 104MXi noise reduction: Farday cage, regulated power supply, fiber-optic communication Metrics Success Rate (SR) Guessing Entropy (GE) average over 100 experiments up to 2000 traces per experiment (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

9 Quantifying the Leakage Which assembly instruction leaks more? register-only instructions: and, add memory access instructions: lpm, ld, st (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

10 Quantifying the Leakage Which assembly instruction leaks more? register-only instructions: and, add memory access instructions: lpm, ld, st Which selection function leaks more? logical operations: AND ( ), OR ( ), XOR ( ) modular addition: ADD ( ), ADC ( ) S-boxes: AES, LBlock, Piccolo, PRINCE L-boxes: Fantomas (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

11 Correlation Coefficient Difference (δ) Definition (Correlation Coefficient Difference) The difference between the correlation coefficient of the correct key k, i.e. c k, and the correlation coefficient of the most likely key guess k, i.e. c k, with k k. Leaks less δ = c k c k 0 Leaks more (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

12 Correlation Coefficient Difference (δ) Definition (Correlation Coefficient Difference) The difference between the correlation coefficient of the correct key k, i.e. c k, and the correlation coefficient of the most likely key guess k, i.e. c k, with k k. Leaks less δ < 0 δ = c k c k 0 Leaks more several guesses c k c k δ (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

13 Correlation Coefficient Difference (δ) Definition (Correlation Coefficient Difference) The difference between the correlation coefficient of the correct key k, i.e. c k, and the correlation coefficient of the most likely key guess k, i.e. c k, with k k. Leaks less δ < 0 δ = c k c k 0 δ > 0 Leaks more several guesses 1 guess c k c k δ c k c k δ (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

14 Understanding the Device s Leakage Cor. Coef. Diff. (δ) and add -0.6 lpm ld st x00 0x01 0x03 0x07 0x0F 0x1F 0x3F 0x7F 0xFF Correct Key register-only instructions: and, add memory instructions: lpm, ld, st (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

15 Comparison of Different Selection Functions target st instruction 4 groups of selection functions: logical operations: AND ( ), OR ( ), XOR ( ) modular addition: ADD ( ), ADC ( ) S-boxes: AES, LBlock, Piccolo, PRINCE L-boxes: Fantomas (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

16 1. Logical Operations Cor. Coef. Diff. (δ) ϕ 1 ϕ 2 ϕ x00 0x01 0x03 0x07 0x0F 0x1F 0x3F 0x7F 0xFF Correct Key ϕ 1 (x, k) = x k ϕ 2 (x, k) = x k ϕ 3 (x, k) = x k (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

17 2. Modular Addition 0.2 ϕ 4 ϕ 5 Cor. Coef. Diff. (δ) x00 0x01 0x03 0x07 0x0F 0x1F 0x3F 0x7F 0xFF Correct Key ϕ 4 (x, k) = x k ϕ 5 (x, k, c) = x k c (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

18 3. S-boxes 0.7 Cor. Coef. Diff. (δ) ϕ 6 ϕ 7 ϕ 8 ϕ 9 ϕ 10 ϕ 11 ϕ x00 0x01 0x03 0x07 0x0F 0x1F 0x3F 0x7F 0xFF Correct Key 8-bit: ϕ 6 = S AES (x k) 4-bit: ϕ 7 = S LBlock (x k), ϕ 9 = S Piccolo (x k), ϕ 11 = S PRINCE (x k) 8-bit: ϕ 8 = S LBlock (x k), ϕ 10 = S Piccolo (x k), ϕ 12 = S PRINCE (x k) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

19 4. L-boxes Cor. Coef. Diff. (δ) ϕ 13 ϕ 14 ϕ 15 ϕ x00 0x01 0x03 0x07 0x0F 0x1F 0x3F 0x7F 0xFF Correct Key ϕ 13 = LSB(L 1 1,Fantomas (x k)), ϕ 14 = MSB(L 1 1,Fantomas (x k)), ϕ 15 = LSB(L 1 2,Fantomas (x k)), ϕ 16 = MSB(L 1 2,Fantomas (x k)) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

20 Comparison of Different Selection Functions Selection function n m NL δ ϕ 1 (x, k) = x k ϕ 2 (x, k) = x k ϕ 3 (x, k) = x k ϕ 4 (x, k) = x k ϕ 6 (x k) = S AES (x k) ϕ 7 (x k) = S LBlock (x k) ϕ 8 (x k) = S LBlock (x k) ϕ 15 (x k) = LSB(L 1 2,Fantomas (x k)) sometimes nonlinearity (NL) fails to quantify resilience to CPA: (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

21 Comparison of Different Selection Functions Selection function n m NL δ ϕ 1 (x, k) = x k ϕ 2 (x, k) = x k ϕ 3 (x, k) = x k ϕ 4 (x, k) = x k ϕ 6 (x k) = S AES (x k) ϕ 7 (x k) = S LBlock (x k) ϕ 8 (x k) = S LBlock (x k) ϕ 15 (x k) = LSB(L 1 2,Fantomas (x k)) sometimes nonlinearity (NL) fails to quantify resilience to CPA: biwtwise operations (AND, OR) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

22 Comparison of Different Selection Functions Selection function n m NL δ ϕ 1 (x, k) = x k ϕ 2 (x, k) = x k ϕ 3 (x, k) = x k ϕ 4 (x, k) = x k ϕ 6 (x k) = S AES (x k) ϕ 7 (x k) = S LBlock (x k) ϕ 8 (x k) = S LBlock (x k) ϕ 15 (x k) = LSB(L 1 2,Fantomas (x k)) sometimes nonlinearity (NL) fails to quantify resilience to CPA: biwtwise operations (AND, OR) 4-bit vs. 8-bit S-layer (e.g. LBlock) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

23 Comparison of Different Selection Functions Selection function n m NL δ ϕ 1 (x, k) = x k ϕ 2 (x, k) = x k ϕ 3 (x, k) = x k ϕ 4 (x, k) = x k ϕ 6 (x k) = S AES (x k) ϕ 7 (x k) = S LBlock (x k) ϕ 8 (x k) = S LBlock (x k) ϕ 15 (x k) = LSB(L 1 2,Fantomas (x k)) sometimes nonlinearity (NL) fails to quantify resilience to CPA: biwtwise operations (AND, OR) 4-bit vs. 8-bit S-layer (e.g. LBlock) L-layer (e.g. Fantomas) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

24 Analysed Ciphers Selection criteria: good software performance in the Triathlon competition 1 variety of design constructions Cipher Block Size Key Size Attacked Structure (bits) (bits) Operation AES SPN S-box lookup Fantomas SPN L-box lookup LBlock Feistel S-box lookup Piccolo Feistel S-box lookup PRINCE SPN S-box lookup RC Feistel modular addition Simon Feistel bitwise AND Speck Feistel modular subtraction 1 (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

25 Properties of S-boxes Cipher S-box NL TO ITO SNR δ SE δ AES S LBlock S Piccolo S PRINCE S (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

26 Properties of S-boxes Cipher S-box NL TO ITO SNR δ SE δ AES S LBlock S Piccolo S PRINCE S NL could not differentiate between LBlock, Piccolo and PRINCE (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

27 Properties of S-boxes Cipher S-box NL TO ITO SNR δ SE δ AES S LBlock S Piccolo S PRINCE S NL could not differentiate between LBlock, Piccolo and PRINCE TO, ITO could not differentiate between LBlock and Piccolo (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

28 Properties of S-boxes Cipher S-box NL TO ITO SNR δ SE δ AES S LBlock S Piccolo S PRINCE S NL could not differentiate between LBlock, Piccolo and PRINCE TO, ITO could not differentiate between LBlock and Piccolo SNR differentiates between LBlock, Piccolo and PRINCE (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

29 Properties of S-boxes Cipher S-box NL TO ITO SNR δ SE δ AES S LBlock S Piccolo S PRINCE S NL could not differentiate between LBlock, Piccolo and PRINCE TO, ITO could not differentiate between LBlock and Piccolo SNR differentiates between LBlock, Piccolo and PRINCE δ no clear differentiation between LBlock and Piccolo (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

30 Measurement Setup High-cost (> $5, 000) custom measurement board LeCroy waverunner 104MXi noise reduction (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

Digilent Analog Discovery noise reduction no noise reduction

31 Measurement Setups High-cost (> $5, 000) Low-cost (< $300) custom measurement board Arduino Uno LeCroy waverunner 104MXi Digilent Analog Discovery noise reduction no noise reduction (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

32 Results Cipher High-cost Setup Low-cost Setup # Traces GE # Traces GE (SR 80%) (2000 Traces) (SR 80%) (2000 Traces) AES Fantomas LBlock Piccolo PRINCE RC Simon Speck recover 32 bits of the round key K = 0x (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

33 Results Recap two main classes of lightweight ciphers with respect to their implementations resistance against CPA First Class ciphers that use lookup tables full key recovery (GE = 0) 8-bit S-box: AES 4-bit S-box: LBlock, Piccolo, PRINCE L-box: Fantomas Second Class ARX designs partial key recovery (GE 0) RC5, Simon, Speck (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

34 Conclusion practical approach to evaluate SCA leakage (theory practice) nonlinearity should not be used to estimate SCA resilience avoid lookup tables and memory instructions (ldm, ld, st) implementation tricks to increase SCA resilience ARX designs show a certain level of intrinsic resilience against CPA (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

35 Conclusion practical approach to evaluate SCA leakage (theory practice) nonlinearity should not be used to estimate SCA resilience avoid lookup tables and memory instructions (ldm, ld, st) implementation tricks to increase SCA resilience ARX designs show a certain level of intrinsic resilience against CPA Thank you! (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21

36 Results Random Key Cipher High-cost Setup Low-cost Setup # Traces GE # Traces GE (SR 80%) (2000 Traces) (SR 80%) (2000 Traces) AES Fantomas LBlock Piccolo PRINCE RC Simon Speck recover 32 bits of the round key K = 0xd749715b (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 0

Power Analysis Based Side Channel Attack

CO411/2::Individual Project I & II Report arxiv:1801.00932v1 [cs.cr] 3 Jan 2018 Power Analysis Based Side Channel Attack Hasindu Gamaarachchi Harsha Ganegoda http://www.ce.pdn.ac.lk Department of Computer