Cryptology ePrint Archive: Report 2020/1554

DNFA: Differential No-Fault Analysis of Bit Permutation Based Ciphers Assisted by Side-Channel

Xiaolu Hou and Jakub Breier and Shivam Bhasin

Abstract: Physical security of NIST lightweight cryptography competition candidates is gaining importance as the standardization process progresses. Side-channel attacks (SCA) are a well-researched topic within the physical security of cryptographic implementations. It was shown that collisions in the intermediate values can be captured by side-channel measurements to reduce the complexity of the key retrieval to trivial numbers.

In this paper, we target a specific bit permutation vulnerability in the block cipher GIFT that allows the attacker to mount a key recovery attack. We present a novel SCA methodology called DCSCA - Differential Ciphertext SCA, which follows principles of differential fault analysis, but instead of the usage of faults, it utilizes SCA and statistical distribution of intermediate values. We simulate the attack on a publicly available bitslice implementation of GIFT, showing the practicality of the attack. We further show the application of the attack on GIFT-based AEAD schemes (GIFT-COFB, ESTATE, HYENA, and SUNDAE-GIFT) proposed for the NIST LWC competition. DCSCA can recover the master key with $2^{13.39}$ AEAD sessions, assuming 32 encryptions per session.

Category / Keywords: secret-key cryptography / side-channel attacks, bit permutations, GIFT, AEAD

Original Publication (in the same form): Design, Automation and Test in Europe Conference (DATE) - 2021

Date: received 12 Dec 2020, last revised 13 Dec 2020

Contact author: jbreier at jbreier com

Available format(s): PDF | BibTeX Citation

Version: 20201213:195935 (All versions of this report)

Short URL: ia.cr/2020/1554


[ Cryptology ePrint archive ]