Skip to main content
Springer Nature Link
Log in

Single-Trace Fragment Template Attack on a 32-Bit Implementation of Keccak

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13173))

Abstract

Template attacks model side-channel leakage information using Gaussian multivariate distributions. They have been quite successful in directly reconstructing individual bits of 8-bit parallel buses and registers from power traces. However, extending their use directly to larger word sizes, such as 32-bit buses, becomes impractical. Here we show that it is possible to use an LDA-based stochastic model to independently build templates for just byte fragments of such a word, to predict the exact values of its four member bytes, instead of only overall Hamming weights. We demonstrate this technique to reconstruct the arbitrary-length inputs of SHA3-512 and some other Keccak sponge functions implemented on a 32-bit Cortex-M4 device. The quality of these templates was high enough such that remaining errors in their predictions could be eliminated via belief propagation on a factor-graph network (SASCA). In our experiments, we already reliably recovered SHA3-512 inputs up to 719 bytes long (10 invocations of the permutation), and reconstructing even longer inputs should be just a matter of making longer recordings.

S.-C. You—Supported by the Cambridge Trust and the Ministry of Education, Taiwan.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
€32.70 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (China (P.R.))
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 53.49
Price includes VAT (China (P.R.))
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 64.99
Price excludes VAT (China (P.R.))
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    \(\hat{\beta }'[i,j,k]\), \(\hat{\mathbf {C}}[i,k]\), \(\hat{\mathbf {D}}[i,k]\), \(\hat{\alpha }[i,j,k]\) here are equivalent to I, P, T, O, respectively in [7].

  2. 2.

    Recall that Kannwischer et al.’s results [7] for their all-zero public input set, which is similar to our experiments with very short \(\text {Keccak}[c]\) input, were worse than those for their random public input set. We did not observe such variability in our setting, i.e. the success rates or the number of iterations required did not significantly vary with the input length of \(\text {Keccak}[c]\), even down to just one byte.

References

  1. Atmel Corporation: AVR XMEGA Microcontrollers. http://www.atmel.com/products/microcontrollers/avr/avr_xmega.aspx. Accessed Mar 2014

  2. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). http://doi.org/10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  3. Choudary, M.O., Kuhn, M.G.: Efficient stochastic methods: profiled attacks beyond 8 bits. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 85–103. Springer, Cham (2015). http://doi.org/10.1007/978-3-319-16763-3_6

    Chapter  Google Scholar 

  4. Choudary, M.O., Kuhn, M.G.: Efficient, portable template attacks. IEEE Trans. Inf. Forensics Secur. 13(2), 490–501 (2018). http://doi.org/10.1109/TIFS.2017.2757440

    Article  Google Scholar 

  5. CW1173: ChipWhisperer-Lite product data sheet, 13 February 2018. http://media.newae.com/datasheets/NAE-CW1173_datasheet.pdf

  6. ChipWhisperer-Lite arm edition, schematic, rev 03. http://github.com/newaetech/chipwhisperer/raw/develop/hardware/capture/chipwhisperer-lite-32bit/cw-lite-arm-main.pdf

  7. Kannwischer, M.J., Pessl, P., Primas, R.: Single-trace attacks on Keccak. IACR Trans. Crypt. Hardware Embed. Syst. 2020(3), 243–268 (2020). http://doi.org/10.13154/tches.v2020.i3.243-268

  8. Kelsey, J., Chang, S., Perlner, R.: SHA-3 derived functions: cSHAKE, KMAC. TupleHash ParallelHash (2016). http://doi.org/10.6028/NIST.SP.800-185

    Article  Google Scholar 

  9. Luo, P., Fei, Y., Fang, X., Ding, A.A., Kaeli, D.R., Leeser, M.: Side-channel analysis of MAC-Keccak hardware implementations. IACR Cryptology ePrint Archive 2015, 411 (2015). http://doi.org/10.1145/2768566.2768567

  10. MacKay, D.J.C.: Information Theory, Inference and Learning Algorithms. Cambridge University Press, Cambridge (2003)

    Google Scholar 

  11. NI PXIe-5160. http://www.ni.com/en-gb/support/model.pxie-5160.html

  12. NI PXIe-5423. http://www.ni.com/en-gb/support/model.pxie-5423.html

  13. NIST: SHA-3 standard: permutation-based hash and extendable-output functions, August 2015. http://doi.org/10.6028/NIST.FIPS.202. FIPS PUB 202

  14. O’Flynn, C., Chen, Z.D.: ChipWhisperer: an open-source platform for hardware embedded security research. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 243–260. Springer, Cham (2014). http://doi.org/10.1007/978-3-319-10175-0_17

    Chapter  Google Scholar 

  15. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005). http://doi.org/10.1007/11545262_3

    Chapter  Google Scholar 

  16. Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008). http://doi.org/10.1007/978-3-540-85053-3_26

    Chapter  Google Scholar 

  17. Taha, M., Schaumont, P.: Differential power analysis of MAC-Keccak at any key-length. In: Sakiyama, K., Terada, M. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 68–82. Springer, Heidelberg (2013). http://doi.org/10.1007/978-3-642-41383-4_5

    Chapter  Google Scholar 

  18. Taha, M., Schaumont, P.: Side-channel analysis of MAC-Keccak. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 125–130. IEEE (2013). http://doi.org/10.1109/HST.2013.6581577

  19. Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Soft analytical side-channel attacks. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 282–296. Springer, Heidelberg (2014). http://doi.org/10.1007/978-3-662-45611-8_15

    Chapter  Google Scholar 

  20. Extended Keccak code package. http://github.com/XKCP/XKCP. Accessed Apr 2019. lib/low/KeccakP-1600/Compact64/KeccakP-1600-compact64.c

  21. You, S.-C., Kuhn, M.G.: A template attack to reconstruct the input of SHA-3 on an 8-bit device. In: Bertoni, G.M., Regazzoni, F. (eds.) COSADE 2020. LNCS, vol. 12244, pp. 25–42. Springer, Cham (2021). http://doi.org/10.1007/978-3-030-68773-1_2

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, University of Cambridge, Cambridge, CB3 0FD, UK

    Shih-Chun You & Markus G. Kuhn

Authors
  1. Shih-Chun You
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Markus G. Kuhn
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Markus G. Kuhn .

Editor information

Editors and Affiliations

  1. Jean Monnet University, Saint-Etienne, France

    Vincent Grosso

  2. Infineon Technologies, Neubiberg, Germany

    Thomas Pöppelmann

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

You, SC., Kuhn, M.G. (2022). Single-Trace Fragment Template Attack on a 32-Bit Implementation of Keccak. In: Grosso, V., Pöppelmann, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2021. Lecture Notes in Computer Science(), vol 13173. Springer, Cham. http://doi.org/10.1007/978-3-030-97348-3_1

Download citation

  • DOI: http://doi.org/10.1007/978-3-030-97348-3_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-97347-6

  • Online ISBN: 978-3-030-97348-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics