Paper 2020/371

Single-Trace Attacks on Keccak

Matthias J. Kannwischer, Peter Pessl, and Robert Primas


Since its selection as the winner of the SHA-3 competition, Keccak, with all its variants, has found a large number of applications. It is, for instance, a common building block in schemes submitted to NIST's post-quantum cryptography project. In many of these applications, Keccak processes ephemeral secrets. In such a setting, side-channel adversaries are limited to a single observation, meaning that differential attacks are inherently prevented. If, however, such a single trace of Keccak can already be sufficient for key recovery has so far been unknown. In this paper, we change the above by presenting the first single-trace attack targeting Keccak. Our method is based on soft-analytical side-channel attacks and, thus, combines template matching with message passing in a graphical model of the attacked algorithm. As a straight-forward model of Keccak does not yield satisfactory results, we describe several optimizations for the modeling and the message-passing algorithm. Their combination allows attaining high attack performance in terms of both success rate as well as computational runtime. We evaluate our attack assuming generic software (microcontroller) targets and thus use simulations in the generic noisy Hamming-weight leakage model. Hence, we assume relatively modest profiling capabilities of the adversary. Nonetheless, the attack can reliably recover secrets in a large number of evaluated scenarios at realistic noise levels. Consequently, we demonstrate the need for countermeasures even in settings where DPA is not a threat.

Available format(s)
Publication info
Published by the IACR in TCHES 2020
Keccakside-channel attackspower analysissingle-trace attacksbelief propagationpost-quantum cryptography
Contact author(s)
matthias @ kannwischer eu
peter @ pessl cc
rprimas @ gmail com
2020-04-02: received
Short URL
Creative Commons Attribution


      author = {Matthias J.  Kannwischer and Peter Pessl and Robert Primas},
      title = {Single-Trace Attacks on Keccak},
      howpublished = {Cryptology ePrint Archive, Paper 2020/371},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.