Paper 2021/463

Improving Recent Side-Channel Attacks Against the DES Key Schedule

Andreas Wiemers and Johannes Mittmann

Abstract

Recent publications consider side-channel attacks against the key schedule of the Data Encryption Standard (DES). These publications identify a leakage model depending on the XOR of register values in the DES key schedule. Building on this leakage model, we first revisit a discrete model which assumes that the Hamming distances between subsequent round keys leak without error. We analyze this model formally and provide theoretical explanations for observations made in previous works. Next we examine a continuous model which considers more points of interest and also takes noise into account. The model gives rise to an evaluation function for key candidates and an associated notion of key ranking. We develop an algorithm for enumerating key candidates up to a desired rank which is based on the Fincke–Pohst lattice point enumeration algorithm. We derive information-theoretic bounds and estimates for the remaining entropy and compare them with our experimental results. We apply our attack to side-channel measurements of a security controler. Using our enumeration algorithm we are able to significantly improve the results reported previously for the same measurement data.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Contact author(s)
alter ego2048 @ googlemail com
andreas wiemers @ bsi bund de
History
2021-04-12: received
Short URL
https://ia.cr/2021/463
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/463,
      author = {Andreas Wiemers and Johannes Mittmann},
      title = {Improving Recent Side-Channel Attacks Against the DES Key Schedule},
      howpublished = {Cryptology ePrint Archive, Paper 2021/463},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/463}},
      url = {https://eprint.iacr.org/2021/463}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.