Investigating Profiled Side-Channel Attacks Against the DES Key Schedule

Johann Heyszl, Katja Miller, Florian Unterstein, Marc Schink, Alexander Wagner, Horst Gieser, Sven Freud, Tobias Damm, Dominik Klein, and Dennis Kügler

Abstract

Recent publications describe profiled side-channel attacks (SCAs) against the DES key-schedule of a “commercially available security controller”. They report a significant reduction of the average remaining entropy of cryptographic keys after the attack, with large, key-dependent variations and results as low as a few bits using only a single attack trace. Unfortunately, they leave important questions unanswered: Is the reported wide distribution of results plausible? Are the results device-specific or more general? What is the impact on the security of 3-key triple DES? In this contribution, we systematically answer those and several other questions. We also analyze two commercial security controllers reproducing reported results, while explaining details of algorithmic choices. We verified the overall reduction and large variations in single DES key security levels (49.4 bit mean and 0.9 % of keys < 40 bit) and observe a fraction of keys with exceptionally low security levels, called weak keys. A simplified simulation of device leakage shows that the distribution of security levels is predictable to some extend given a leakage model. We generalize results to other leakage models by attacking the hardware DES accelerator of a general purpose microcontroller. We conclude that weaker keys are mainly caused by switching noise, which is always present in template attacks on any key-schedule, regardless of the algorithm and implementation. Further, we describe a sound approach to estimate 3-key triple-DES security levels from empirical single DES results and find that the impact on the security of 3-key triple-DES is limited (96.1 bit mean and 0.24 % of key-triples < 80 bit).

Metadata
Available format(s)
Category
Implementation
Publication info
Preprint.
Keywords
DESSCAside-channel attacktemplates
Contact author(s)
Dominik Klein @ bsi bund de
History
2020-04-15: last of 2 revisions
2019-12-16: received
See all versions
Short URL
https://ia.cr/2019/1448
License

CC BY

BibTeX

@misc{cryptoeprint:2019/1448,
author = {Johann Heyszl and Katja Miller and Florian Unterstein and Marc Schink and Alexander Wagner and Horst Gieser and Sven Freud and Tobias Damm and Dominik Klein and Dennis Kügler},
title = {Investigating Profiled Side-Channel Attacks Against the DES Key Schedule},
howpublished = {Cryptology ePrint Archive, Paper 2019/1448},
year = {2019},
note = {\url{https://eprint.iacr.org/2019/1448}},
url = {https://eprint.iacr.org/2019/1448}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.