Paper 2019/335
Examining the Practical Side Channel Resilience of ARX-boxes
Abstract
Implementations of ARX ciphers are hoped to have some intrinsic side channel resilience owing to the specific choice of cipher components: modular addition (A), rotation (R) and exclusive-or (X). Previous work has contributed to this understanding by developing theory regarding the side channel resilience of components (pioneered by the early works of Prouff) as well as some more recent practical investigations by Biryukov et al. that focused on lightweight cipher constructions. We add to this work by specifically studying ARX-boxes both mathematically as well as practically. Our results show that previous works' reliance on the simplistic assumption that intermediates independently leak (their Hamming weight) has led to the incorrect conclusion that the modular addition is necessarily the best target and that ARX constructions are therefore harder to attack in practice: we show that on an ARM M0, the best practical target is the exclusive or and attacks succeed with only tens of traces. In addition, we also provide results suggesting that the modular addition may also be a vulnerable target when partition based distinguishers are applied in side channel attacks.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published elsewhere. Minor revision. Malicious Software and Hardware in Internet of Things (MaL-IoT '19)
- Keywords
- ARXside channelcorrelation attack
- Contact author(s)
-
yanyansmajesty @ outlook com
m e oswald @ bham ac uk - History
- 2024-06-20: last of 2 revisions
- 2019-04-03: received
- See all versions
- Short URL
- https://ia.cr/2019/335
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/335,
author = {Yan Yan and Elisabeth Oswald},
title = {Examining the Practical Side Channel Resilience of {ARX}-boxes},
howpublished = {Cryptology {ePrint} Archive, Paper 2019/335},
year = {2019},
url = {https://eprint.iacr.org/2019/335}
}
