Paper 2009/354
Cache Timing Attacks on Camellia Block Cipher
ZHAO Xin-jie, WANG Tao, and ZHENG Yuan-yuan
Abstract
Camellia, as the final winner of 128-bit block cipher in NESSIE, is the most secure block cipher of the world. In 2003, Tsunoo proposed a Cache Attack using a timing of CPU cache, successfully recovered Camellia-128 key within 228 plaintexts and 35 minutes. In 2004, IKEDA YOSHITAKA made some further improvements on Tsunoo’s attacks, recovered Camellia-128 key within 221.4 plaintexts and 22 minutes. All of their attacks are belonged to timing driven Cache attacks, our research shows that, due to its frequent S-box lookup operations, Camellia is also quite vulnerable to access driven Cache timing attacks, and it is much more effective than timing driven Cache attacks. Firstly, we provide a general analysis model for symmetric ciphers using S-box based on access driven Cache timing attacks, point out that the F function of the Camellia can leak information about the result of encryption key XORed with expand-key, and the left circular rotating operation of the key schedule in Camellia has serious designing problem. Next, we present several attacks on Camellia-128/192/256 with and without FL/FL-1. Experiment results demonstrate: 500 random plaintexts are enough to recover full Camellia-128 key; 900 random plaintexts are enough to recover full Camellia-192/256 key; also, our attacks can be expanded to known ciphertext conditions by attacking the Camellia decryption procedure; besides, our attacks are quite easy to be expanded to remote scenarios, 3000 random plaintexts are enough to recover full encryption key of Camellia-128/192/256 in both local and campus networks. Finally, we discuss the reason why Camellia is weak in this type of attack, and provide some advices to cipher designers for hardening ciphers against cache timing attacks.
Note: The attack model on this paper is applicable to any symmetric cipher using S-boxes, such as AES, SMS4, Camellia, HC-128, HC-256, and can be implemented under remote environment such as local and campus network very easily!
Metadata
- Available format(s)
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- Camellia-128192256block cipheraccess drivenCache timing attackside channel attackremote attackF functionS-box lookup indexleft circular rotating operationkey scheduleknown ciphertext
- Contact author(s)
- zhaoxinjieem @ 163 com
- History
- 2009-09-14: last of 5 revisions
- 2009-07-21: received
- See all versions
- Short URL
- https://ia.cr/2009/354
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2009/354, author = {ZHAO Xin-jie and WANG Tao and ZHENG Yuan-yuan}, title = {Cache Timing Attacks on Camellia Block Cipher}, howpublished = {Cryptology {ePrint} Archive, Paper 2009/354}, year = {2009}, url = {https://eprint.iacr.org/2009/354} }