Power Analysis Attacks on the Customizable MK-3 Authenticated Encryption Algorithm

MK-3 is an authenticated encryption scheme based on the duplex sponge construction, suitable for both hardware and software. It provides broad factory and field customization features. The same security claims are valid for the original and all recommended customizations. Extensive security analyses...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2023 30th International Conference on Mixed Design of Integrated Circuits and System (MIXDES) s. 154 - 159
Hlavní autoři: Fabinski, Peter, Farris, Steve, Kurdziel, Michael, Lukowiak, Marcin, Radziszowski, Stanislaw
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: Lodz University of Technology 29.06.2023
Témata:
Absorption
Correlation
correlation power analysis
customizable encryption
Encryption
FPGA
Resistance
Side-channel attacks
Software
sponge construction
Statistical analysis
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:MK-3 is an authenticated encryption scheme based on the duplex sponge construction, suitable for both hardware and software. It provides broad factory and field customization features. The same security claims are valid for the original and all recommended customizations. Extensive security analyses of MK-3 were performed in our previous work: differential, linear, cube, and brute force attacks, as well as statistical analysis. In this work we report on new experiments involving Correlation Power Analysis (CPA), which is considered one of the most powerful side-channel attack (SCA) techniques. Two CPA attacks on MK-3 were developed: the first directly after the key absorption, and the second after the S-boxes in the first round of IV absorption. In the first attack, under strong assumptions about an attacker's capability to collect traces, we can recover 128 of the 512 state bits in a physical test on an FPGA. The second attack builds on top of the first one, but it assumes that special registers have been embedded after the S-boxes. Even under such ideal conditions, this attack can potentially reduce the brute-forcing difficulty only by an additional 88 to 194 bits. Overall, this gives the CPA attack no advantage over brute-forcing for the original 128-bit key. The previous and current results ensure that MK-3 and its customized versions effectively conceal its plaintext input.
DOI:10.23919/MIXDES58562.2023.10203249