On the Bit-Based Division Property of S-boxes SCIENCE CHINA Information Sciences The DBlock family of block ciphers SCIENCE CHINA Information Sciences 58, 032105 (2015); Construction of MDS block diffusion matrices for block ciphers and hash functions SCIENCE CHINA Information Sciences 59, 099101 (2016); SQUARE attack on block ciphers with low algebraic degree SCIENCE CHINA Information Sciences 53, 1988 (2010); Optimal model search for hardware-trojan-based bit-level fault attacks on block ciphers SCIENCE CHINA Information Sciences 61, 039106 (2018);. RESEARCH PAPER. SCIENCE CHINA Information Sciences
The recent cryptanalysis on block ciphers has two major trends. Side channel analysis (SCA) has become a new threat to the hardware implementations of encryption algorithms. On the other hand, reverse engineering has been adopted to explore the unknown part of the encryption algorithms, which has become a new target of the cryptanalysis. Some drawbacks have been found in the existing methods of reverse engineering, which target on the special structures or utilize the flaws in the unknown parts. The major disadvantage is that the number of rounds to be analyzed is limited, and the complexity is high. The existing SCAs for reverse engineering depend on the leakage models in a large extent and mainly focus on the single component of the algorithms, whereas the other parts of the target algorithm are known. In this paper, we present a more general and feasible reverse analysis by combining the mathematical methods and the SCA methods. We use the strict avalanche criterion for the non-linear operations of block ciphers and apply the power analysis to reverse the structure parameters. We propose a new reverse analysis method to reduce the dependency on the leakage models, which can be combined with the structural cryptanalysis to reverse the internal parameters of the linear and non-linear operations. We finally achieve the reverse analysis on the unknown round function of block ciphers.The existing reverse engineering methods mainly include the mathematics-based reverse analyses [14-16] and SCA-based reverse analyses [17][18][19][20][21][22]. Invasive attack is another reverse analysis M. TANG ET AL.which reconfigures the logic circuits through different pairs of input and output. However, this method needs complicated requirements and advanced techniques, so they will not be discussed in this paper. Mathematics-based Reverse EngineeringIn EUROCRYPT 2001, Biryukov and Shamir proposed the structure analysis on the cipher with SASAS structure [14] and succeed in recovering the unknown parameters of SPN (Sbox Permutation Network) with three rounds. Considering its high complexity, the structure analysis recovers the parameters of the unknown S -box after building the relationship between the input and output of the S -box. Moreover, they tried to find the equality of the unknown linear operation through the collision and can recover the two and half rounds of block cipher with SPN structure. Biryukov improved their method in 2010 [23]. However, the complexity of the structure analysis was too high to the real algorithms with higher rounds. Borghoff utilized this method on the PRESENT-like Maya algorithm in 2011 [15] to recover the unknown S -box, whose size is only 4 4.Another type of mathematics-based reverse analysis is to recover the secret S -box in the C2 algorithm in CRYPTO 2009 [16]. This method utilized the design defaults of C2 where several subkeys or plaintexts do not go through the S -box.The existing mathematical reverse analyses have demonstrated the feasibility to recover the unknown parts in encryption a...
Side channel attacks (SCAs) on security software and hardware have become major concerns on computer and system security. The existing SCAs generally require the knowledge of the corresponding cryptographic algorithm and implementation adopted in the target; therefore, they are not fully suitable for practical applications. In this paper, we propose a novel SCA-polar differential power attack (polar DPA). We found that DPA peaks have different biases for different cryptographic algorithms and implementations. Based on these biases, we can successfully attack a block cipher, assuming that the cipher algorithm uses a secret key in its first round, without the knowledge of the cipher algorithm or implementation. Other rounds can be treated as a black box. We present a detailed theoretical analysis and experiment to demonstrate the correctness and efficiency of our scheme. Furthermore, our scheme has demonstrated an improvement over the leakage evaluation scheme due to Ichikawa et al. (CHES 2005). Our evaluation method can be used in electronic design automatic (EDA) flows and can help security circuit designers to understand the data leakage due to SCAs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.