Cryptology ePrint Archive: Report 2020/1202

Correlation Power Analysis and Higher-order Masking Implementation of WAGE

Yunsi Fei and Guang Gong and Cheng Gongye and Kalikinkar Mandal and Raghvendra Rohit and Tianhong Xu and Yunjie Yi and Nusa Zidaric

Abstract: WAGE is a hardware-oriented authenticated cipher, which has the smallest (unprotected) hardware cost (for 128-bit security level) among the round 2 candidates of the NIST lightweight cryptography (LWC) competition. In this work, we analyze the security of WAGE against the correlation power analysis (CPA) on ARM Cortex-M4F microcontroller. Our attack detects the secret key leakage from power consumption for up to 12 (out of 111) rounds of the WAGE permutation and requires 10,000 power traces to recover the 128-bit secret key. Motivated by the CPA attack and the low hardware cost of WAGE, we propose the first optimized masking scheme of WAGE in the t-strong non-interference (SNI) security model. We investigate different masking schemes for S-boxes by exploiting their internal structures and leveraging the state-of-the-art masking techniques.To practically demonstrate the effectiveness of masking, we perform the test vector leakage assessment on the 1-order masked WAGE. We evaluate the hardware performance of WAGE for 1, 2, and 3-order security and provide a comparison with other NIST LWC round 2 candidates.

Category / Keywords: secret-key cryptography / Authenticated encryption, WAGE, Side-channel attack, Correlation power analysis

Original Publication (in the same form): SAC 2020

Date: received 1 Oct 2020

Contact author: rsrohit at uwaterloo ca

Available format(s): PDF | BibTeX Citation

Version: 20201006:093618 (All versions of this report)

Short URL: ia.cr/2020/1202


[ Cryptology ePrint archive ]