Power Analysis Attacks on the Customizable MK-3 Authenticated Encryption Algorithm

MK-3 is an authenticated encryption scheme based on the duplex sponge construction, suitable for both hardware and software. It provides broad factory and field customization features. The same security claims are valid for the original and all recommended customizations. Extensive security analyses...

Full description

Saved in:
Bibliographic Details
Published in:2023 30th International Conference on Mixed Design of Integrated Circuits and System (MIXDES) pp. 154 - 159
Main Authors: Fabinski, Peter, Farris, Steve, Kurdziel, Michael, Lukowiak, Marcin, Radziszowski, Stanislaw
Format: Conference Proceeding
Language:English
Published: Lodz University of Technology 29.06.2023
Subjects:
Absorption
Correlation
correlation power analysis
customizable encryption
Encryption
FPGA
Resistance
Side-channel attacks
Software
sponge construction
Statistical analysis
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:MK-3 is an authenticated encryption scheme based on the duplex sponge construction, suitable for both hardware and software. It provides broad factory and field customization features. The same security claims are valid for the original and all recommended customizations. Extensive security analyses of MK-3 were performed in our previous work: differential, linear, cube, and brute force attacks, as well as statistical analysis. In this work we report on new experiments involving Correlation Power Analysis (CPA), which is considered one of the most powerful side-channel attack (SCA) techniques. Two CPA attacks on MK-3 were developed: the first directly after the key absorption, and the second after the S-boxes in the first round of IV absorption. In the first attack, under strong assumptions about an attacker's capability to collect traces, we can recover 128 of the 512 state bits in a physical test on an FPGA. The second attack builds on top of the first one, but it assumes that special registers have been embedded after the S-boxes. Even under such ideal conditions, this attack can potentially reduce the brute-forcing difficulty only by an additional 88 to 194 bits. Overall, this gives the CPA attack no advantage over brute-forcing for the original 128-bit key. The previous and current results ensure that MK-3 and its customized versions effectively conceal its plaintext input.
DOI:10.23919/MIXDES58562.2023.10203249