Paper 2011/165

Improved Side Channel Cube Attacks on PRESENT

XinJie Zhao, Tao Wang, and ShiZe Guo

Abstract

The paper presents several improved side channel cube attacks on PRESENT based on single bit leakage model. Compared with the previous study of Yang et al in CANS 2009 [30], based on the same model of single bit leakage in the 3rd round, we show that: if the PRESENT cipher structure is unknown, for the leakage bit 0, 32-bit key can be recovered within $2^{7.17}$ chosen plaintexts; if the cipher structure is known, for the leakage bit 4,8,12, 48-bit key can be extracted by $2^{11.92}$ chosen plaintexts, which is less than $2^{15}$ in [30]; then, we extend the single bit leakage model to the 4th round, based on the two level “divide and conquer” analysis strategy, we propose a sliding window side channel cube attack on PRESENT, for the leakage bit 0, about $2^{15.14}$ chosen plaintexts can obtain 60-bit key; in order to obtain more key bits, we propose an iterated side channel cube attack on PRESENT, about $2^{8.15}$ chosen plaintexts can obtain extra 12 equivalent key bits, so overall $2^{15.154}$ chosen plaintexts can reduce the PRESENT-80 key searching space to $2^{8}$; finally, we extend the attack to PRESENT-128, about $2^{15.156}$ chosen plaintexts can extract 85 bits key, and reduce the PRESENT-128 key searching space to $2^{43}$. Compared with the previous study of Abdul-Latip et al in ASIACCS 2011 [31] based on the Hamming weight leakage model, which can extract 64-bit key of PRESENT-80/128 by $2^{13}$ chosen plaintexts, our attacks can extract more key bits, and have certain advantages over [31].

Note: Make some corrections of PRESENT-80 attack.