Lightweight Ciphers and Their Side-Channel Resilience

Side-channel attacks represent a powerful category of attacks against cryptographic devices. Still, side-channel analysis for lightweight ciphers is much less investigated than for instance for AES. Although intuition may lead to the conclusion that lightweight ciphers are weaker in terms of side-channel resistance, that remains to be confirmed and quantified. In this paper, we consider various side-channel analysis metrics which should provide an insight on the resistance of lightweight ciphers against side-channel attacks. In particular, for the non-profiled scenario we use the theoretical confusion coefficient and empirical optimal distinguisher. Our study considers side-channel attacks on the first, the last, or both rounds simultaneously. Furthermore, we conduct a profiled side-channel analysis using various machine learning attacks to recover 4-bit and 8-bit intermediate states of the cipher. Our results show that the difference between AES and lightweight ciphers is smaller than one would expect, and even find scenarios in which lightweight ciphers may be more resistant. Interestingly, we observe that the studied 4-bit S-boxes have a different side-channel resilience, while the difference in the 8-bit ones is only theoretically present.

[1]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[2]  Eric R. Ziegel,et al.  The Elements of Statistical Learning , 2003, Technometrics.

[3]  Sylvain Guilley,et al.  Bivariate attacks and confusion coefficients , 2017, IACR Cryptol. ePrint Arch..

[4]  Sylvain Guilley,et al.  Side-Channel Analysis of Lightweight Ciphers: Does Lightweight Equal Easy? , 2016, RFIDSec.

[5]  Joos Vandewalle,et al.  Machine learning in side-channel analysis: a first study , 2011, Journal of Cryptographic Engineering.

[6]  Thomas M. Cover,et al.  Elements of information theory (2. ed.) , 2006 .

[7]  Kyoji Shibutani,et al.  Midori: A Block Cipher for Low Energy , 2015, ASIACRYPT.

[8]  Christof Paar,et al.  Block Ciphers - Focus on the Linear Layer (feat. PRIDE) , 2014, CRYPTO.

[9]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[10]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[11]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[12]  Sylvain Guilley,et al.  Good is Not Good Enough: Deriving Optimal Distinguishers from Communication Theory , 2014, IACR Cryptol. ePrint Arch..

[13]  A. Adam Ding,et al.  A Statistical Model for DPA with Novel Algorithmic Confusion Analysis , 2012, CHES.

[14]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[15]  François-Xavier Standaert,et al.  Improving the security and efficiency of block ciphers based on LS-designs , 2016, Designs, Codes and Cryptography.

[16]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks , 2009, Inscrypt.

[17]  Sylvain Guilley,et al.  A Key to Success - Success Exponents for Side-Channel Distinguishers , 2015, IACR Cryptol. ePrint Arch..

[18]  Adrian Thillard,et al.  Success through Confidence: Evaluating the Effectiveness of a Side-Channel Attack , 2013, CHES.

[19]  Ian H. Witten,et al.  Generating Accurate Rule Sets Without Global Optimization , 1998, ICML.

[20]  Alberto Maria Segre,et al.  Programs for Machine Learning , 1994 .

[21]  Olivier Markowitch,et al.  A machine learning approach against a masked AES , 2014, Journal of Cryptographic Engineering.

[22]  Dongdai Lin,et al.  RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms , 2015, Science China Information Sciences.

[23]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[24]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[25]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[26]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[27]  Nir Friedman,et al.  Bayesian Network Classifiers , 1997, Machine Learning.

[28]  Kyoji Shibutani,et al.  Midori: A Block Cipher for Low Energy (Extended Version) , 2015, IACR Cryptol. ePrint Arch..

[29]  Samy Bengio,et al.  Links between perceptrons, MLPs and SVMs , 2004, ICML.

[30]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[31]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[32]  François-Xavier Standaert,et al.  LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations , 2014, FSE.

[33]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.