Paper 2017/382

A General Degenerate Grouping Power Attack with Specific Application to SIMON and SPECK

Steven Cavanaugh

Abstract

A Degenerate Grouping Power Attack (DGPA) is a type of Partitioning Power Analysis (PPA) used to extract secret keys from the power sidechannel signal of an encryption algorithm running on a device along with some known and varying information such as the associated plaintext or ciphertext associated with each encryption. The DGPA is applied to SIMON and SPECK implementations on MSP430, PIC16F, and Spartan 6 platforms in this work. While keys are successfully recovered from unprotected implementations, guidance is given on a minimum number of rounds, $d$, to perform per clock cycle in FPGAs and ASICs as to mitigate against such attacks for a deployment dependent maximum quantity of data which is to be encrypted with a given key. On the Spartan 6, full key recovery of SIMON 64/128 $d\leq4$ and SPECK 64/128 $d\leq3$ is trivially achieved in seconds with no more than one million random plaintexts, requiring the use of larger $d$ for most implementations. The amount of work to recover a key as a function of the amount of collected data encrypted with that key is explored. To ensure security when performing most modes of block cipher operation with an algorithm having block size $2n$, a particular key should be used to perform no more than $2^n$ encryptions. A feasible key recovery requiring less than 80-bits of work and data from less than $2^{32}$ encryptions is excluded for SIMON 64/128 implementations having $d\geq 9$ and for SPECK 64/128 implementations having $d\geq5$. The DGPA attack method is demonstrated to succeed against a limited data set consisting of one power sample per device clock cycle against a specifically targeted instruction. This provides a basis for a low power field deployed power side channel signal capture hardware for embedded key recovery and exfiltration.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
SIMONSPECKFPGApower analysislightweight block cipher
Contact author(s)
stevencavanaugh @ iis-corp com
History
2017-05-04: received
Short URL
https://ia.cr/2017/382
License
Creative Commons Attribution-NonCommercial
CC BY-NC

BibTeX

@misc{cryptoeprint:2017/382,
      author = {Steven Cavanaugh},
      title = {A General Degenerate Grouping Power Attack with Specific Application to SIMON and SPECK},
      howpublished = {Cryptology ePrint Archive, Paper 2017/382},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/382}},
      url = {https://eprint.iacr.org/2017/382}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.