Affiliation:
1. Beijing Satellite Navigation Center Beijing China
2. Information Engineering University Zhengzhou China
Abstract
AbstractAlgebraic Side‐Channel Attacks (ASCAs), first proposed by Renauld and Standaert in 2009, are a potent cryptanalysis method against block ciphers. In this paper, the authors initially utilize ASCAs to analyze the security of the Trivium stream cipher, given its concise algebraic structure. Considering its efficiency in both hardware and software implementations, the authors deploy ASCAs to target Trivium implemented both in application specific integrated circuit (ASIC) under the Hamming Distance Leakage Model (HDLM) (noted as CASE 1) and in microcontrollers of various buses (i.e. some common 8‐bit, 16‐bit, and 32‐bit architectures, noted as CASE 2, CASE 3, and CASE 4, respectively) under the Hamming Weight Leakage Model (HWLM). Here, the authors’ attacks are conducted on power‐simulated targets and not on real devices. For a single power consumption trace without measurement errors, this paper presents experimental results using MiniSat 2.0. Unfortunately, the authors were unable to break the ASIC implementation of Trivium under HDLM (CASE 1) with a time complexity of 2109 s or so, which is worse than the exhaustive key attack. For CASEs 2 to 4, the authors can find the complete 288‐bit state of Trivium within a reasonable timeframe. Specially, the success rate can reach 100% with an average solving time of less than 1 s when only measuring the leakages of the first eight consecutive rounds for CASE 2. Furthermore, the authors can still successfully recover the internal state even when obtaining leakages of the first 41 rounds with a random loss rate. In fact, it can tolerate a 74% random loss rate for the first 223 rounds. With regard to the potential errors in the measurements, the authors mitigate them using Tolerant ASCA (TASCA). Similarly, CASE 1 cannot be compromised even in error‐free situations, while the authors can still successfully recover the internal state of CASEs 2 to 4 from a single power trace, even with a high error rate, including 100% incorrect measurements. Surprisingly, for CASEs 2 to 4, the authors can recover the internal state with a 100% success rate, regardless of the error rate. As a result, the security of Trivium will not be enhanced when transitioning from a smaller 8‐bit platform to a larger 32‐bit platform. In the end, the authors will consider some more abstract attack models. The results can provide us with additional insights into the security of Trivium from a different perspective.
Publisher
Institution of Engineering and Technology (IET)
Reference32 articles.
1. Kocher P. Jaffe J. Jun B.:Differential power analysis. In:Wiener M.J.(ed.)Crypto 1999 LNCS vol.1666 pp.398–412.Springer Heidelberg(1999)
2. Renauld M. Standaert F.‐X.:Algebraic side‐channel attacks. In:Bao F. Yung M. Lin D. Jing J.(eds.)Inscrypt 2009. LNCS vol.6151 pp.393–410.Springer Heidelberg(2010)
3. Buchmann J. Pyshkin A. Weinmann R.‐P.:Block ciphers sensitive to Gröbner basis attacks. In:Pointcheval D.(ed.)CT‐RSA 2006 LNCS vol.3860 pp.313–331.Springer Heidelberg(2006)
4. Bard G.V. Courtois N.T. Jefferson C.:Efficient methods for conversion and solution of sparse systems of low‐degree multivariate polynomials over GF(2) via SAT‐solvers. Cryptology ePrint Archive Report 2007/024. (2007)