Paper 2024/063

A Study of Soft Analytical Side-Channel Attacks on Secure Hash Algorithms

Julien Maillard, CEA LETI
Thomas Hiscock, CEA LETI
Maxime Lecomte, CEA LETI
Christophe Clavier, XLIM
Abstract

Hashing algorithms are one-way functions that are used in cryptographic protocols as Pseudo Random Functions (PRF), to assess data integrity or to create a Hash-based Message Authentication Code (HMAC). In many cryptographic constructions, secret data is processed with hashing functions. In these cases, recovering the input given to the hashing algorithm allows retrieving secret data. In this paper, we investigate the application of Soft Analytical Side-Channel Attacks (SASCA), based on a Belief Propagation (BP) framework, to recover the input of two popular hash function families: SHA-2 and SHA-3. Thanks to a simulation framework, we develop a comprehensive study of the attacker's recovery capacity depending on the hash function variant. Then, we demonstrate that an attacker can leverage prior knowledge on the hashing function input to increase the effectiveness of the attacks. As an example, in the context of a bootloader doing a hash-based integrity check on a secret firmware, we show that simple statistics on assembly code injected in BP improves input recovery. Finally, we study the security implications of SASCA on cryptosystems performing multiple invocations of hashing functions with inputs derived from the same secret data. We show that such constructions can be exploited efficiently by an attacker. We support such statements with experiments on SHA-256 based HMAC and on SHAKE-256 based PRF in Kyber's encryption routine. We also show that increasing Kyber's security parameters implies weaker security against the proposed SASCA targeting the shared key.

Metadata
Available format(s)
-- withdrawn --
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Side-Channel AttackSASCASHA-256SHA-3HMACKyber
Contact author(s)
julien maillard @ cea fr
thomas hiscock @ cea fr
maxime lecomte @ cea fr
christophe clavier @ xlim fr
History
2024-03-04: withdrawn
2024-01-16: received
See all versions
Short URL
https://ia.cr/2024/063
License
Creative Commons Attribution-ShareAlike
CC BY-SA
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.