Investigating Profiled Side-Channel Attacks Against the DES Key Schedule

Recent publications describe profiled side-channel attacks (SCAs) against the DES key-schedule of a “commercially available security controller”. They report a significant reduction of the average remaining entropy of cryptographic keys after the attack, with large, key-dependent variations and results as low as a few bits using only a single attack trace. Unfortunately, they leave important questions unanswered: Is the reported wide distribution of results plausible? Are the results device-specific or more general? What is the impact on the security of 3-key triple DES? In this contribution, we systematically answer those and several other questions. We also analyze two commercial security controllers reproducing reported results, while explaining details of algorithmic choices. We verified the overall reduction and large variations in single DES key security levels (49.4 bit mean and 0.9 % of keys < 40 bit) and observe a fraction of keys with exceptionally low security levels, called weak keys. A simplified simulation of device leakage shows that the distribution of security levels is predictable to some extend given a leakage model. We generalize results to other leakage models by attacking the hardware DES accelerator of a general purpose microcontroller. We conclude that weaker keys are mainly caused by switching noise, which is always present in template attacks on any key-schedule, regardless of the algorithm and implementation. Further, we describe a sound approach to estimate 3-key triple-DES security levels from empirical single DES results and find that the impact on the security of 3-key triple-DES is limited (96.1 bit mean and 0.24 % of key-triples < 80 bit).

[1]  Georg Sigl,et al.  High-Resolution EM Attacks Against Leakage-Resilient PRFs Explained - And An Improved Construction , 2018, IACR Cryptol. ePrint Arch..

[2]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[3]  Stan Salvador,et al.  FastDTW: Toward Accurate Dynamic Time Warping in Linear Time and Space , 2004 .

[4]  Chen Zhang,et al.  Ciphertext and Plaintext Leakage Reveals the Entire TDES Key , 2016, IACR Cryptol. ePrint Arch..

[5]  Chen Zhang,et al.  Comparative Study of Various Approximations to the Covariance Matrix in Template Attacks , 2016, IACR Cryptol. ePrint Arch..

[6]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[7]  Markus G. Kuhn,et al.  Efficient Template Attacks , 2013, CARDIS.

[8]  Daniel P. Martin,et al.  A Note on Key Rank , 2018, IACR Cryptol. ePrint Arch..

[9]  François-Xavier Standaert,et al.  Soft Analytical Side-Channel Attacks , 2014, ASIACRYPT.

[10]  Elisabeth Oswald,et al.  Characterisation and Estimation of the Key Rank Distribution in the Context of Side Channel Evaluations , 2016, IACR Cryptol. ePrint Arch..

[11]  François-Xavier Standaert,et al.  Security Evaluations beyond Computing Power , 2013, EUROCRYPT.

[12]  François Durvaux,et al.  From Improved Leakage Detection to the Detection of Points of Interests in Leakage Traces , 2016, EUROCRYPT.

[13]  Johann Heyszl,et al.  Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks - A Practical Security Evaluation on FPGA , 2017, IACR Cryptol. ePrint Arch..

[14]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[15]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[16]  Mathias Wagner,et al.  Improved Brute-Force Search Strategies for Single-Trace and Few-Traces Template Attacks on the DES Round Keys , 2018, IACR Cryptol. ePrint Arch..

[17]  François-Xavier Standaert,et al.  An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks , 2012, IACR Cryptol. ePrint Arch..

[18]  Yang Li,et al.  A Strict Key Enumeration Algorithm for Dependent Score Lists of Side-Channel Attacks , 2017, CARDIS.

[19]  Elisabeth Oswald,et al.  Counting Keys in Parallel After a Side Channel Attack , 2015, ASIACRYPT.

[20]  Benedikt Heinz,et al.  Strengths and Limitations of High-Resolution Electromagnetic Field Measurements for Side-Channel Analysis , 2012, CARDIS.

[21]  Paul C. van Oorschot,et al.  A Known Plaintext Attack on Two-Key Triple Encryption , 1991, EUROCRYPT.

[22]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[23]  Luca Benini,et al.  Leakage Bounds for Gaussian Side Channels , 2017, CARDIS.

[24]  Mathias Wagner,et al.  Brute-Force Search Strategies for Single-Trace and Few - Traces Template Attacks on the DES Round Keys of a Recent Smart Card , 2017, IACR Cryptol. ePrint Arch..

[25]  Elisabeth Oswald,et al.  Two Sides of the Same Coin: Counting and Enumerating Keys Post Side-Channel Attacks Revisited , 2018, IACR Cryptol. ePrint Arch..

[26]  Mathias Wagner,et al.  Single-Trace Template Attack on the DES Round Keys of a Recent Smart Card , 2017, IACR Cryptol. ePrint Arch..

[27]  Martin E. Hellman,et al.  On the security of multiple encryption , 1981, CACM.

[28]  François-Xavier Standaert,et al.  ASCA, SASCA and DPA with Enumeration: Which One Beats the Other and When? , 2015, ASIACRYPT.

[29]  Romain Poussier,et al.  Simpler and More Efficient Rank Estimation for Side-Channel Security Assessment , 2015, FSE.

[30]  Simon Regard,et al.  ["Less is more"]. , 2013, Revue medicale suisse.

[31]  Amir Moradi,et al.  Leakage Assessment Methodology - A Clear Roadmap for Side-Channel Evaluations , 2015, CHES.