Improved side channel attack on the block cipher NOEKEON

NOEKEON is a block cipher having key-size 128 and block size 128,proposed by Daemen, J et al.Shekh Faisal Abdul-Latip et al. give a side channel attack(under the single bit leakage model) on the cipher at ISPEC 2010.Their analysis shows that one can recover the 128-bit key of the cipher, by considering a one-bit information leakage from the internal state after the second round, with time complexity of O(268) evaluations of the cipher, and data complexity of about 210 chosen plaintexts.Our side channel attack improves upon the previous work of Shekh Faisal Abdul-Latip et al. from two aspects. First, we use the Hamming weight leakage model(Suppose the Hamming weight of the lower 64 bits and the higher 64 bits of the output of the first round can be obtained without error) which is a more relaxed leakage assumption, supported by many previously known practical results on side channel attacks, compared to the more challenging leakage assumption that the adversary has access to the ”exact” value of the internal state bits as used by Shekh Faisal Abdul-Latip et al. Second, our attack has also a reduced complexity compared to that of Shekh Faisal Abdul-Latip et al. Namely, our attack of recovering the 128-bit key of NOEKEON has a time complexity 20.1 seconds on a PC with 2.6 GHZ CPU and 8G RAM and data complexity of 99 known plaintexts; whereas, that of Shekh Faisal Abdul-Latip et al. has time complexity of O(268) and needs about 210 chosen plaintexts.

[1]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.

[2]  Tao Wang,et al.  Improved Side Channel Cube Attacks on PRESENT , 2011, IACR Cryptol. ePrint Arch..

[3]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[4]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[5]  Hideki Imai,et al.  Comparison Between XL and Gröbner Basis Algorithms , 2004, ASIACRYPT.

[6]  Andrey Bogdanov,et al.  Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection , 2008, INDOCRYPT.

[7]  Meiqin Wang,et al.  Side Channel Cube Attack on PRESENT , 2009, CANS.

[8]  Tao Wang,et al.  Fault-propagation Pattern Based DFA on SPN Structure Block Ciphers using Bitwise Permutation, with Application to PRESENT and PRINTcipher , 2011, IACR Cryptol. ePrint Arch..

[9]  Paul Dischamp,et al.  Power Analysis, What Is Now Possible , 2000, ASIACRYPT.

[10]  Rita Mayer-Sommer,et al.  Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards , 2000, CHES.

[11]  Jean-Sébastien Coron,et al.  Statistics and secret leakage , 2000, TECS.

[12]  Adi Shamir,et al.  Side Channel Cube Attacks on Block Ciphers , 2009, IACR Cryptol. ePrint Arch..

[13]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[14]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks , 2009, Inscrypt.

[15]  Ingrid Schaumüller-Bichl,et al.  Cryptonalysis of the Data Encryption Standard by the Method of Formal Coding , 1982, EUROCRYPT.

[16]  Ingrid Schaumüller-Bichl,et al.  Zur Analyse des Data encryption standard und Synthese verwandter Chiffriersysteme , 1982 .

[17]  Erik Knudsen,et al.  Ways to Enhance Differential Power Analysis , 2002, ICISC.

[18]  Jennifer Seberry,et al.  On the Security of NOEKEON against Side Channel Cube Attacks , 2010, ISPEC.

[19]  Gregory V. Bard,et al.  Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers , 2007, IACR Cryptol. ePrint Arch..

[20]  Jennifer Seberry,et al.  Extended cubes: enhancing the cube attack by extracting low-degree non-linear equations , 2011, ASIACCS '11.