## Cryptology ePrint Archive: Report 2016/1143

Ciphertext and Plaintext Leakage Reveals the Entire TDES Key

Yongbo Hu and Chen Zhang and Yeyang Zheng and Mathias Wagner

Abstract: SCA(Side-channel analysis) is a well-known method to recover the sensitive data stored in security products. Meanwhile numerous countermeasures for hardware implementation of cryptographic algorithms are proposed to protect the internal data against this attack fortunately. However, some designs are not aware that the protection of the plaintext and ciphertext is also crucial. In this work, we attack an implementation TDES(triple DES) by taking advantage of such leakages detected in a widely used commercial product which is based on the hardware platform that passed the EAL5+ certification. In particular, we guess entire DES keys to construct hypotheses for the intermediate outputs in a TDES calculation. The time cost for this approach is nearly $\frac{1}{2^{32}}$ of that by a brute force. Furthermore, if in addition leakage about the key becomes available, the attack costs become practical. That is, reducing the key entropy of every DES key to $2^{28}$ allows an enumeration of the entire TDES in 21.6 hours.

Category / Keywords: DES, SCA, DPA, block ciphers, Triple DES, smart cards

Date: received 9 Dec 2016, last revised 14 Dec 2016

Contact author: yongbo hu at nxp com

Available format(s): PDF | BibTeX Citation

Note: 1,Fix some typo issues 2,Add more details about the leakages and the cost evaluation

Short URL: ia.cr/2016/1143

[ Cryptology ePrint archive ]