Xinjie Zhao

MDASCA: an enhanced algebraic side-channel attack for error tolerance and new leakage model exploitation

Algebraic side-channel attack (ASCA) is a powerful cryptanalysis technique different from conventional side-channel attacks. This paper studies ASCA from three aspects: enhancement, analysis and application. To enhance ASCA, we propose a generic method, called Multiple Deductions-based ASCA (MDASCA), to cope the multiple deductions caused by inaccurate measurements or interferences. For the first time, we show that ASCA can exploit cache leakage models. We analyze the attacks and estimate the minimal amount of leakages required for a successful ASCA on AES under different leakage models. In addition, we apply MDASCA to attack AES on an 8-bit microcontroller under Hamming weight leakage model, on two typical microprocessors under access driven cache leakage model, and on a 32-bit ARM microprocessor under trace driven cache leakage model. Many better results are achieved compared to the previous work. The results are also consistent with the theoretical analysis. Our work shows that MDASCA poses great threats with its excellence in error tolerance and new leakage model exploitation.

Improved algebraic fault analysis: a case study on piccolo and applications to other lightweight block ciphers

This paper proposes some techniques to improve algebraic fault analysis (AFA). First, we show that building the equation set for the decryption of a cipher can accelerate the solving procedure. Second, we propose a method to represent the injected faults with algebraic equations when the accurate fault location is unknown. We take Piccolo as an example to illustrate our AFA and compare it with differential fault analysis (DFA). Only one fault injection is required to break Piccolo with the improved AFA. Finally, we extend the proposed AFA to other lightweight block ciphers, such as MIBS, LED, and DES. For the first time, the full secret key of DES can be recovered with only a single fault injection.

A Framework for the Analysis and Evaluation of Algebraic Fault Attacks on Lightweight Block Ciphers

Algebraic fault analysis (AFA), which combines algebraic cryptanalysis with fault attacks, has represented serious threats to the security of lightweight block ciphers. Inspired by an earlier framework for the analysis of side-channel attacks presented at EUROCRYPT 2009, a new generic framework is proposed to analyze and evaluate algebraic fault attacks on lightweight block ciphers. We interpret AFA at three levels: 1) the target; 2) the adversary; and 3) the evaluator. We describe the capability of an adversary in four parts: 1) the fault injector; 2) the fault model describer; 3) the cipher describer; and 4) the machine solver. A formal fault model is provided to cover most of current fault attacks. Different strategies of building optimal equation set are also provided to accelerate the solving process. At the evaluator level, we consider the approximate information metric and the actual security metric. These metrics can be used to guide adversaries, cipher designers, and industrial engineers. To verify the feasibility of the proposed framework, we make a comprehensive study of AFA on an ultra-lightweight block cipher called LBlock. Three scenarios are exploited, which include injecting a fault to encryption, to key scheduling, or modifying the round number or counter. Our best results show that a single fault injection is enough to recover the master key of LBlock within the affordable complexity in each scenario. To verify the generic feature of the proposed framework, we apply AFA to three other block ciphers, i.e., Data Encryption Standard, PRESENT, and Twofish. The results demonstrate that our framework can be used for different ciphers with different structures.

Improving and Evaluating Differential Fault Analysis on LED with Algebraic Techniques

This paper proposes a fault analysis technique on LED by combining algebraic cryptanalysis and differential fault analysis (DFA). The technique is called algebraic differential fault analysis (ADFA). In ADFA on LED, we use DFA to deduce the possible fault differences of the correct and faulty S-Box input in the last round, and convert them into algebraic equations. We then combine the equation set of LED with the injected fault and use the CryptoMiniSat solver to recover the secret key. Our experiments show that, on a common PC, ADFA can succeed on LED under the nibble-based fault model within three minutes and with only one fault injection, which is more efficient than previous DFA work. To evaluate DFA on LED, we first propose an improved evaluation algorithm of DFA, then provide a modified ADFA approach to compute the solutions for the secret key. The results are more accurate than previous work. We also successfully extend ADFA on LED to other fault models using a single fault injection, where traditional DFAs are difficult to launch.

Exploiting the Incomplete Diffusion Feature: A Specialized Analytical Side-Channel Attack Against the AES and Its Application to Microcontroller Implementations

Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Gröbner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

Algebraic Fault Analysis on GOST for Key Recovery and Reverse Engineering

GOST is a well-known block cipher as the official encryption standard for the Russian Federation. A special feature of GOST is that its eight S-boxes can be secret. However, most of the researches on GOST assume that the design of these S-boxes is known. In this paper, the security of GOST against side-channel attacks is examined with algebraic fault analysis (AFA), which combines the algebraic cryptanalysis with the fault attack. Three AFAs on GOST, which have different attack goals in different scenarios, are investigated. The results show that 8 fault injections are required to recover the secret key when the full design of GOST is known, which is less than 64 fault injections required in previous work. 64 fault injections are required to recover the eight unknown S-boxes assuming the key is known. 270 fault injections are required to recover the key and the eight S-boxes when both are unknown. The results prove that AFA is very effective and keeping some components in a cipher secret cannot guarantee its security against fault attacks.

Controversy Corner: Efficient Hamming weight-based side-channel cube attacks on PRESENT

The side-channel cube attack (SCCA) is a powerful cryptanalysis technique that combines the side-channel and cube attack. This paper proposes several advanced techniques to improve the Hamming weight-based SCCA (HW-SCCA) on the block cipher PRESENT. The new techniques utilize non-linear equations and an iterative scheme to extract more information from leakage. The new attacks need only 2^8^.^9^5 chosen plaintexts to recover 72 key bits of PRESENT-80 and 2^9^.^7^8 chosen plaintexts to recover 121 key bits of PRESENT-128. To the best of our knowledge, these are the most efficient SCCAs on PRESENT-80/128. To show the feasibility of the proposed techniques, real attacks have been conducted on PRESENT on an 8-bit microcontroller, which are the first SCCAs on PRESENT on a real device. The proposed HW-SCCA can successfully break PRESENT implementations even if they have some countermeasures such as random delay and masking.

Fault-Propagate Pattern Based DFA on PRESENT and PRINTcipher

This article proposes an enhanced differential fault analysis (DFA) method named as fault-propagation pattern-based DFA (FPP-DFA). The main idea of FPP-DFA is using the FPP of the ciphertext difference to predict the fault location and the fault-propagation path. It shows that FPP-DFA is very effective on SPN structure block ciphers using bitwise permutation, which is applied to two block ciphers. The first is PRESENT with the substitution-permutation sequence. With the fault model of injecting one nibble fault into the r-2nd round, on average 8 and 16 faults can reduce the key search space of PRESENT-80/128 to 214.7 and 221.1, respectively. The second is PRINTcipher with the permutation-substitution sequence. For the first time, it shows that although the permutation of PRINTcipher is secret key dependent, FPP-DFA still works well on it. With the fault model of injecting one nibble fault into the r-2nd round, 12 and 24 effective faults can reduce the key search space of PRINTcipher-48/96 to 213.7 and 222.8, respectively.

Analysis on the parameter selection method for FLUSH+RELOAD based cache timing attack on RSA

FLUSH+RELOAD attack is recently proposed as a new type of Cache timing attacks. There are three essential factors in this attack, which are monitored instructions, threshold and waiting interval. However, existing literature seldom exploit how and why they could affect the system. This paper aims to study the impacts of these three parameters, and the method of how to choose optimal values. The complete rules for choosing the monitored instructions based on necessary and sufficient condition are proposed. How to select the optimal threshold based on Bayesian binary signal detection principal is also proposed. Meanwhile, the time sequence model of monitoring is constructed and the calculation of the optimal waiting interval is specified. Extensive experiments are conducted on RSA implemented with binary square-and-multiply algorithm. The results show that the average success rate of full RSA key recovery is 89.67%.

Optimal model search for hardware-trojan-based bit-level fault attacks on block ciphers

Dear editor, Fault analysis is a very powerful technique used to break cryptographic implementations. In particular, bit-level fault attacks (BLFAs), where one or a few isolated bits are flipped to inject faults, are among the most efficient of the lot. Because it requires both precise fault injection and sophisticated key extraction, a BLFA is very difficult to conduct in practice. However, if the underlying cryptographic hardware is maliciously modified, a BLFA can be easily achieved. This recent security threat is popularly known as a hardware Trojan horse (HTH) [1]. An HTH is a byproduct of the very popular and economically necessary outsourcing trend in the semiconductor industry. A well-designed HTH can precisely inject any type of bit-level fault. The corresponding attack is called a hardware-Trojan-based bit-level fault attack (HTH-BLFA). In [2], an HTH was designed to flip a nibble or byte of cryptographic states. However, the fault model in [2] is simply adopted from those well studied in differential fault analysis (DFA) [3] on block ciphers. A desired fault model has a significant influence on the overall attack. Identifying the optimal fault model is crucial to the cryptanalysis efficiency of BLFAs for further investigation. In this letter, we first depict the optimal fault model in a BLFA. Then we propose three metrics that could effectively enhance the optimal model search. Four steps are elaborated for a practical HTH-BLFA. Finally, we use PRESENT-80 [4] implemented on SASEBO-GII to prove our technique. The HTH is triggered only once to inject one nibble fault and the 80-bit key space can be reduced to 2 on average. Optimal fault model for an HTH-BLFA. In a block cipher B, P , C, C, m, n, and r denote the plaintext, correct ciphertext, faulty ciphertext, block size, S-box size, and the total number of rounds, respectively. For simplicity, we assume only one type of S-box is used throughout the whole cipher. Let λ denote the number of S-box lookups in one round. Then, λ = m/n. Xi,j is a one-bit intermediate state where i is the index of the round (1 6 i 6 r) and j = {d1, . . . , dk} is a set of indexes for k bit flips in the state (1 6 d1, . . . , dk 6 m). Then, the fault model can be described as F = Xi,j = {Xi,d1 , . . . , Xi,dk} by assuming all bit flips are to the same round i. Given a specific value of k, the optimal model is denoted as Fo = XIo,Jo , where Io is the round index and Jo is the bit index for Fo. The search process is to find a specific assignment {Io, Jo} among all possible {i, j} with which Fo is considered as the best choice for the subsequent HTH design and the offline cryptanalysis. Evaluating whether a model is optimal can be considered from two as-