Cryptology ePrint Archive: Report 2017/1166

SCADPA: Side-Channel Assisted Differential-Plaintext Attack on Bit Permutation Based Ciphers

Jakub Breier and Dirmanto Jap and Shivam Bhasin

Abstract: Bit permutations are a common choice for diffusion function in lightweight block ciphers, owing to their low implementation footprint. In this paper, we present a novel Side-Channel Assisted Differential-Plaintext Attack (SCADPA), exploiting specific vulnerabilities of bit permutations. SCADPA is a chosen-plaintext attack, knowledge of the ciphertext is not required. Unlike statistical methods, commonly used for distinguisher in standard power analysis, the proposed method is more differential in nature. The attack shows that diffusion layer can play a significant role in distinguishing the internal cipher state. We demonstrate how to practically exploit such vulnerability to extract the secret key. Results on microcontroller-based PRESENT-80 cipher lead to full key retrieval using as low as 17 encryptions. It is possible to automate the attack by using a thresholding method detailed in the paper. Several case studies are presented, using various attacker models and targeting different encryption modes (such as CTR and CBC). We provide a discussion on how to avoid such attack from the design point of view.

Category / Keywords: secret-key cryptography / side-channel analysis, differential plaintext attack

Original Publication (with minor differences): Accepted to DATE 2018

Date: received 30 Nov 2017, last revised 30 Nov 2017

Contact author: jbreier at ntu edu sg

Available format(s): PDF | BibTeX Citation

Version: 20171201:044436 (All versions of this report)

Short URL: ia.cr/2017/1166

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]