Paper 2017/1166

SCADPA: Side-Channel Assisted Differential-Plaintext Attack on Bit Permutation Based Ciphers

Jakub Breier, Dirmanto Jap, and Shivam Bhasin

Abstract

Bit permutations are a common choice for diffusion function in lightweight block ciphers, owing to their low implementation footprint. In this paper, we present a novel Side-Channel Assisted Differential-Plaintext Attack (SCADPA), exploiting specific vulnerabilities of bit permutations. SCADPA is a chosen-plaintext attack, knowledge of the ciphertext is not required. Unlike statistical methods, commonly used for distinguisher in standard power analysis, the proposed method is more differential in nature. The attack shows that diffusion layer can play a significant role in distinguishing the internal cipher state. We demonstrate how to practically exploit such vulnerability to extract the secret key. Results on microcontroller-based PRESENT-80 cipher lead to full key retrieval using as low as 17 encryptions. It is possible to automate the attack by using a thresholding method detailed in the paper. Several case studies are presented, using various attacker models and targeting different encryption modes (such as CTR and CBC). We provide a discussion on how to avoid such attack from the design point of view.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. Accepted to DATE 2018
Keywords
side-channel analysisdifferential plaintext attack
Contact author(s)
jbreier @ ntu edu sg
History
2017-12-01: revised
2017-11-30: received
See all versions
Short URL
https://ia.cr/2017/1166
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/1166,
      author = {Jakub Breier and Dirmanto Jap and Shivam Bhasin},
      title = {{SCADPA}: Side-Channel Assisted Differential-Plaintext Attack on Bit Permutation Based Ciphers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/1166},
      year = {2017},
      url = {https://eprint.iacr.org/2017/1166}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.