Paper 2016/1143

Ciphertext and Plaintext Leakage Reveals the Entire TDES Key

Yongbo Hu, Chen Zhang, Yeyang Zheng, and Mathias Wagner

Abstract

SCA(Side-channel analysis) is a well-known method to recover the sensitive data stored in security products. Meanwhile numerous countermeasures for hardware implementation of cryptographic algorithms are proposed to protect the internal data against this attack fortunately. However, some designs are not aware that the protection of the plaintext and ciphertext is also crucial. In this work, we attack an implementation TDES(triple DES) by taking advantage of such leakages detected in a widely used commercial product which is based on the hardware platform that passed the EAL5+ certification. In particular, we guess entire DES keys to construct hypotheses for the intermediate outputs in a TDES calculation. The time cost for this approach is nearly $\frac{1}{2^{32}}$ of that by a brute force. Furthermore, if in addition leakage about the key becomes available, the attack costs become practical. That is, reducing the key entropy of every DES key to $2^{28}$ allows an enumeration of the entire TDES in 21.6 hours.

Note: 1,Fix some typo issues 2,Add more details about the leakages and the cost evaluation

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
DESSCADPAblock ciphersTriple DESsmart cards
Contact author(s)
yongbo hu @ nxp com
History
2016-12-14: received
Short URL
https://ia.cr/2016/1143
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/1143,
      author = {Yongbo Hu and Chen Zhang and Yeyang Zheng and Mathias Wagner},
      title = {Ciphertext and Plaintext Leakage Reveals the Entire TDES Key},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1143},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/1143}},
      url = {https://eprint.iacr.org/2016/1143}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.