Extracting Side-Channel Leakage from Round Unrolled Implementations of Lightweight Ciphers

Abstract: Energy efficiency and security is a critical requirement for computing at edge nodes. Unrolled architectures for lightweight cryptographic algorithms have been shown to be energy-efficient, providing higher performance while meeting resource constraints. Hardware implementations of unrolled datapaths have also been shown to be resistant to side channel analysis (SCA) attacks due to a reduction in signal-to-noise ratio (SNR) and an increased complexity in the leakage model. This paper demonstrates optimal leaka… Show more

“…In [22], the authors successfully implemented DPA on unrolled PRINCE in the first round. In [23], the authors proposed an improved correlation frequency analysis (CFA) [24] attack, which makes it feasible to extract first-order side-channel leakages from combinational logic in the initial rounds of unrolled datapaths. In [25], the authors provided a method for selecting plaintexts for recovery of the key through side-channel analysis.…”

“…In [25], the authors proposed an extended attack with partially fixed input values to improve the SNR between the first and second rounds of the power traces, but the depth of the CPA attack is also limited to the second round. In [23], the authors proposed an improved CFA [24] attack, which makes it feasible to extract first-order side-channel leakages from combinational logic in the initial rounds of unrolled datapaths. In [26], the authors were able to deepen the attack by using the intermediate values of the first round (i.e., the difference in switching), which showed up as a side channel leakage during the processing of the inner round.…”

Side-Channel Attack of Lightweight Cryptography Based on MixColumn: Case Study of PRINCE

“…In [22], the authors successfully implemented DPA on unrolled PRINCE in the first round. In [23], the authors proposed an improved correlation frequency analysis (CFA) [24] attack, which makes it feasible to extract first-order side-channel leakages from combinational logic in the initial rounds of unrolled datapaths. In [25], the authors provided a method for selecting plaintexts for recovery of the key through side-channel analysis.…”

“…In [25], the authors proposed an extended attack with partially fixed input values to improve the SNR between the first and second rounds of the power traces, but the depth of the CPA attack is also limited to the second round. In [23], the authors proposed an improved CFA [24] attack, which makes it feasible to extract first-order side-channel leakages from combinational logic in the initial rounds of unrolled datapaths. In [26], the authors were able to deepen the attack by using the intermediate values of the first round (i.e., the difference in switching), which showed up as a side channel leakage during the processing of the inner round.…”

Side-Channel Attack of Lightweight Cryptography Based on MixColumn: Case Study of PRINCE